CVE-2025-9209 PoC — WordPress plugin RestroPress 信息泄露漏洞

Source

https://github.com/Nxploited/CVE-2025-9209

Associated Vulnerability

Title:WordPress plugin RestroPress 信息泄露漏洞 (CVE-2025-9209)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin RestroPress 3.0.0版本至3.1.9.2版本存在信息泄露漏洞，该漏洞源于通过REST API端点暴露用户私有令牌和API数据，可能导致身份验证绕过。

Description

RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT

Readme

# 🍔 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2

## 🛡️ CVE-2025-9209.py — Mass Automatic Exploit & Extraction Tool

---

## ⚠️ Vulnerability Overview

**RestroPress – Online Food Ordering System** versions 3.0.0 to 3.1.9.2 are affected by an _Unauthenticated Information Exposure_ leading to _Authentication Bypass via Forged JWT_.

> The plugin exposes user private tokens and API key data, allowing unauthenticated attackers to forge JWT tokens, gaining full access to other users—including administrators.

- **CVE:** CVE-2025-9209
- **CVSS:** 9.8 (Critical)
- **Impact:** Full account takeover possible without prior authentication.

---

![Vulnerability illustration](https://github.com/Nxploited/CVE-2025-9209/blob/main/mass.png)

---

## 🚀 Script Features

- Ultra-fast site scanning (multi-threaded execution for large lists)
- Auto-detects and extracts all available private/public keys, tokens, and authentication info for every accessible account.
- Mass exploitation — identifies multiple vulnerable accounts per site.
- Reliable credential extraction — validates credentials during exploitation.
- Output to four structured files:
  - `exposures.txt` — Found exposures and credentials.
  - `tokens.txt` — JWT tokens extracted.
  - `exploited_sites.txt` — Sites with multiple exposed accounts.
  - `cookies.txt` — Session cookies from successful exploitation.
- Requires no authentication or elevated privileges.
- Resilient to network failures and blockages; recovers and retries transparently.
- Thread-safe file writing for consistent results.

---

## 🛠️ Usage

1. Place a list of target WordPress sites in a text file (one URL per line):
    ```
    targets.txt
    ```
    Example:
    ```
    https://example.com
    https://victim01.com
    ```

2. Run the script:
    ```bash
    python3 CVE-2025-9209.py
    ```

3. Follow prompts for thread count, verification, curl fallback, and request delay.

4. Review outputs in the generated text files (`exposures.txt`, `tokens.txt`, `exploited_sites.txt`, and `cookies.txt`).

---

## ✨ Author

**By: Nxploited ( Khaled Alenazi )**

---

## ⚖️ Disclaimer

- **This tool is provided for educational and authorized security testing only.**
- **Do not use against systems or data without explicit permission.**
- **The author assumes no responsibility for misuse or damage resulting from the use of this script.**

---

File Snapshot


 [4.0K]  /data/pocs/e2e82007fa1b39e177ac3c4782698578eff99417
├── [ 19K]  CVE-2025-9209.py
├── [1.5K]  LICENSE
├── [136K]  mass.png
├── [2.4K]  README.md
└── [  18]  requirements.txt

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!