CVE-2021-25032

CRITICAL EXPLOITED NUCLEI

PublishPress Capabilities <2.3.1 - CSRF

Title source: llm

Exploitation Summary

CVE-2021-25032 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including RandomRobbieBF. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2021-25032, which allows unauthenticated attackers to update arbitrary WordPress blog options via a missing authorization check in the PublishPress Capabilities plugin. The exploit demonstrates enabling user registration with administrator privileges and includes a remediation function to reset the settings.

Description

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · client-side

https://github.com/RandomRobbieBF/CVE-2021-25032

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2021-25032, which allows unauthenticated attackers to update arbitrary WordPress blog options via a missing authorization check in the PublishPress Capabilities plugin. The exploit demonstrates enabling user registration with administrator privileges and includes a remediation function to reset the settings.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PublishPress Capabilities plugin for WordPress (versions 2.2 - 2.3.1)

No auth needed

Prerequisites: Target must have the vulnerable PublishPress Capabilities plugin installed and activated · WordPress site must be accessible

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

PublishPress Capabilities < 2.3.1 - Missing Authorization

CRITICALVERIFIEDby ritikchaddha

FOFA: body="/wp-content/plugins/capability-manager-enhanced"

References (2)

Core 2

Core References

Patch, Third Party Advisory

https://plugins.trac.wordpress.org/changeset/2640161

Exploit, Third Party Advisory

https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727

Scores

CVSS v3 9.8

EPSS 0.0674

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-12-06

CWE

CWE-352 CWE-862

Status published

Products (1)

publishpress/capabilities < 2.3.1 (2 CPE variants)

Published Jan 10, 2022

Tracked Since Feb 18, 2026