Skip to content

yohannslm/CVE-2025-54352

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2025-54352 PoC

Usage

Steps to install and test the WordPress PoC:

1. Install a fresh version of WordPress using Docker:

1.1 Start the MySQL database container:

docker run --name wp-db -e MYSQL_DATABASE=wp-db -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=rootpass -d mysql:5.7

1.2 Start the WordPress container linked to the DB

docker run --name wp-site --link wp-db:mysql \
  -e WORDPRESS_DB_HOST=wp-db \
  -e WORDPRESS_DB_NAME=wp-db \
  -e WORDPRESS_DB_USER=wpuser \
  -e WORDPRESS_DB_PASSWORD=password \
  -p 8080:80 -d wordpress

2. In the WordPress admin dashboard (http://localhost:8080):

  • Log in
  • Create a new draft or private post with the title "secret title"

3. Install the required Node.js dependency:

npm install node-fetch

4. Save the PoC:

As test.js for example.

5. Run the PoC:

node test.js http://localhost:8080/ secret

After around 10 seconds, you should see: "Done! the title is: secret title"

https://www.imperva.com/blog/beware-a-threat-actor-could-steal-the-titles-of-your-private-and-draft-wordpress-posts/

About

CVE-2025-54352 PoC

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published