支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 0661dd5b25b46c53682349a4a62c89f5c63aa803

来源
https://github.com/Nxploited/CVE-2025-11749
关联漏洞
标题:WordPress plugin AI Engine 信息泄露漏洞 (CVE-2025-11749)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin AI Engine 3.1.3及之前版本存在信息泄露漏洞,该漏洞源于REST API端点/mcp/v1/暴露Bearer Token值,可能导致权限提升。
Description
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
介绍
# CVE-2025-11749
AI Engine &lt;= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
# ⚠️ AI Engine <= 3.1.3 — Unauthenticated Sensitive Information Exposure → Privilege Escalation

**GitHub:** [Nxploited](https://github.com/Nxploited)  
**Telegram:** [@KNxploited](https://t.me/KNxploited)  

---

**IMPORTANT NOTICE:**  
**Many unethical individuals attempt to profit from the code I create by reselling it or renaming scripts and claiming authorship. This project is free, exclusive, and officially released by Khaled Alenazi (Nxploited).**

---

## 🔎 Summary

The AI Engine plugin for WordPress (versions up to and including **3.1.3**) suffers from an information disclosure vulnerability allowing unauthenticated users to fetch internal bearer/session tokens through exposed REST API endpoints if certain plugin configurations are enabled. An attacker with such a token can escalate privileges, including the creation of administrator accounts, resulting in complete site compromise.

- **Affected Product:** AI Engine (WordPress plugin)  
- **Affected Versions:** ≤ 3.1.3  
- **Vulnerability:** Sensitive Information Exposure → Privilege Escalation  
- **CVE:** CVE-2025-11749  
- **CVSS v3:** 9.8 (Critical)

![Script demonstration](https://github.com/Nxploited/CVE-2025-11749/blob/main/1.png)

100

---

## 📋 Quick Reference

| Field           | Value                                            |
|-----------------|--------------------------------------------------|
| Vulnerability   | Unauthenticated Sensitive Information Exposure    |
| Product         | AI Engine (WordPress plugin)                     |
| Affected ver.   | ≤ 3.1.3                                          |
| CVE             | CVE-2025-11749                                   |
| CVSS (v3)       | 9.8 (Critical)                                   |
| Impact          | Privilege Escalation, Admin Account Creation     |

---

## ✨ Features

- **Fast multithreaded scanning of large target lists**
- **Auto extraction and logging of valid tokens per site**
- **Clear and organized output files for analysis**
- **Automated admin account creation & login verification**
- **Professional CLI prompts and stylish console output**

---

## 🚀 How To Use

**Script filename:** `CVE-2025-11749.py`  
**Requires:** Python 3.8+ (recommended 3.10+), [requests](https://pypi.org/project/requests/), [rich](https://pypi.org/project/rich/)

### 1. Prepare Your Environment

**Linux/macOS:**
```bash
python3 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip
pip install requests rich
```

**Windows (PowerShell):**
```powershell
python -m venv .venv
.\.venv\Scripts\Activate.ps1
python -m pip install --upgrade pip
pip install requests rich
```

---

### 2. Create Your Targets File

Create a file named `list.txt`  
- Add one website URL per line (with http:// or https://)

Example:
```
https://example1.com
http://example2.com
```

---

### 3. Run The Script

**Interactive (recommended):**
```bash
python CVE-2025-11749.py
```
- The script will prompt for the targets file name and thread count.

**Non-interactive (if you or your version supports CLI flags):**
```bash
python CVE-2025-11749.py --targets list.txt --threads 10
```

---

### 4. Review Output Files

- `tokens_only.txt` — Targets with a detected token  
- `success_results.txt` — Targets where privilege escalation worked  
- `created_admins.txt` — Details on successfully created admin accounts

Output is saved automatically in the working directory. Each output is formatted for clarity and post‑analysis.

---

## 💡 Notes

- Use on LEGAL targets only.
- For large lists, increase thread count as needed.
- For multi-run automation, break up list.txt into manageable chunks.

---

## 🛡️ Mitigation & Patch Guidance

1. **Update:** Upgrade AI Engine to the latest version.  
2. **Disable:** Remove settings that expose tokens to unauthenticated requests (e.g., "No-Auth URL").  
3. **Rotate:** Change all session tokens, nonces, credentials after patching.
4. **Restrict:** Use WAF/IP allowlist to control REST API access.
5. **Audit:** Monitor logs and review users for privilege abuse.

---

## 🧾 Legal Disclaimer

This project is distributed for educational and authorized assessment purposes only.  
Any usage against unauthorized systems is strictly prohibited.  
By using this script, you agree to comply with all laws and regulations.

---

**By: Khaled Alenazi (Nxploited)**  
**GitHub:** [Nxploited](https://github.com/Nxploited)  
**Telegram:** [@KNxploited](https://t.me/KNxploited)
文件快照

 [4.0K]  /data/pocs/0661dd5b25b46c53682349a4a62c89f5c63aa803
├── [ 32K]  1.png
├── [ 14K]  CVE-2025-11749.py
├── [1.5K]  LICENSE
├── [4.5K]  README.md
└── [  22]  requirements.txt

1 directory, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。