漏洞平台

POC详情： b544798cb04b30873f618a06b08886cb940a0c68

来源

https://github.com/RootHarpy/CVE-2025-5815-Nuclei-Template

关联漏洞

标题： WordPress plugin Traffic Monitor 安全漏洞 (CVE-2025-5815)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Traffic Monitor 3.2.2及之前版本存在安全漏洞，该漏洞源于缺少能力检查，可能导致禁用机器人日志记录。

描述

CVE-2025-5815: An unauthenticated vulnerability in the WordPress Traffic Monitor plugin (≤ 3.2.2) allowing remote attackers to disable bot logging via an exposed AJAX action without requiring authentication.

介绍


# 📄 Nuclei Template for CVE-2025-5815

## 🚀 Overview

This repository features a Nuclei template specifically designed to detect an **Unauthenticated Bot Logging Disable Vulnerability (CVE-2025-5815)** in the **Traffic Monitor** WordPress plugin. This issue allows unauthenticated attackers to remotely disable bot logging via a vulnerable AJAX action.

## 🔍 Vulnerability Description

**CVE-2025-5815** arises from missing authentication and authorization checks on the `tfcm_set_bot_flags` AJAX action in the **Traffic Monitor plugin** for WordPress. This allows remote attackers to tamper with plugin settings, disabling bot logging without requiring login credentials — leading to evasion of activity monitoring on affected WordPress sites.

### 🛑 Affected Versions

- **Traffic Monitor Plugin**: Versions **up to and including 3.2.2**

### 📊 CVSS Score

- **Base Score**: 5.3 (Medium)

### 🏷️ CVSS Vector

- `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N`

## 📋 Template Details

This Nuclei template attempts to exploit the vulnerable AJAX endpoint by sending an unauthenticated request to `admin-ajax.php` with the `action=tfcm_set_bot_flags` parameter and checks for a success confirmation in the response body.

### 🛠️ Usage Instructions

To use this template with [Nuclei](https://nuclei.projectdiscovery.io/), make sure Nuclei is installed on your system. Then run the following command:

```bash
nuclei -t path/to/CVE-2025-5815.yaml -u <target_url>
```

Replace `path/to/CVE-2025-5815.yaml` with the actual path to your template file and `<target_url>` with the target website URL.

## 👤 Author

This template was developed by [RootHarpy](https://github.com/rootharpy). For inquiries, collaboration, or contributions, feel free to connect via GitHub.

文件快照


 [4.0K]  /data/pocs/b544798cb04b30873f618a06b08886cb940a0c68
├── [1021]  CVE-2025-5815.yaml
└── [1.8K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。