CVE-2025-54352 PoC

Usage

Steps to install and test the WordPress PoC:

1. Install a fresh version of WordPress using Docker:

1.1 Start the MySQL database container:

docker run --name wp-db -e MYSQL_DATABASE=wp-db -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=rootpass -d mysql:5.7

1.2 Start the WordPress container linked to the DB

docker run --name wp-site --link wp-db:mysql \
  -e WORDPRESS_DB_HOST=wp-db \
  -e WORDPRESS_DB_NAME=wp-db \
  -e WORDPRESS_DB_USER=wpuser \
  -e WORDPRESS_DB_PASSWORD=password \
  -p 8080:80 -d wordpress

2. In the WordPress admin dashboard (http://localhost:8080):

Log in
Create a new draft or private post with the title "secret title"

3. Install the required Node.js dependency:

npm install node-fetch

4. Save the PoC:

As test.js for example.

5. Run the PoC:

node test.js http://localhost:8080/ secret

After around 10 seconds, you should see: "Done! the title is: secret title"

https://www.imperva.com/blog/beware-a-threat-actor-could-steal-the-titles-of-your-private-and-draft-wordpress-posts/

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
test.js		test.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2025-54352 PoC

Usage

1. Install a fresh version of WordPress using Docker:

2. In the WordPress admin dashboard (http://localhost:8080):

3. Install the required Node.js dependency:

4. Save the PoC:

5. Run the PoC:

About

Uh oh!

Releases

Packages

Languages

yohannslm/CVE-2025-54352

Folders and files

Latest commit

History

Repository files navigation

CVE-2025-54352 PoC

Usage

1. Install a fresh version of WordPress using Docker:

2. In the WordPress admin dashboard (http://localhost:8080):

3. Install the required Node.js dependency:

4. Save the PoC:

5. Run the PoC:

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages