CVE-2025-12539

CRITICAL

WordPress TNC Toolbox: Web Performance <1.4.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-12539. PoCs published by Nxploited, Boshe99.

AI-analyzed exploit summary This PoC exploits CVE-2025-12539, an unauthenticated sensitive information exposure vulnerability in TNC Toolbox: Web Performance <= 1.4.2. It fetches version details and sensitive configuration files (cPanel credentials, server hostname) via direct path traversal.

Description

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment.

Exploits (2)

nomisec WORKING POC 6 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2025-12539

View Code ZIP pw:eip

This PoC exploits CVE-2025-12539, an unauthenticated sensitive information exposure vulnerability in TNC Toolbox: Web Performance <= 1.4.2. It fetches version details and sensitive configuration files (cPanel credentials, server hostname) via direct path traversal.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TNC Toolbox: Web Performance <= 1.4.2

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and accessible

MITRE ATT&CK

T1592 - Gather Victim Host Information T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github SCANNER

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-12539

View Code ZIP pw:eip

The script scans for CVE-2025-12539 by checking the version of the TNC Toolbox plugin and attempting to fetch sensitive configuration files. It does not exploit the vulnerability but confirms exposure by retrieving sensitive data.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TNC Toolbox: Web Performance <= 1.4.2

No auth needed

Prerequisites: WordPress site with TNC Toolbox plugin installed

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/The-Network-Crew/TNC-Toolbox-for-WordPress/commit/31bb3040b22c84e2d6dfd3210fe0ad045ff4ddf6

View Patch ZIP pw:eip

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/2eaa5a5c-c11f-40d0-be69-c3ec8029a819?source=cve

Scores

CVSS v3 10.0

EPSS 0.0093

EPSS Percentile 55.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-922

Status published

Products (1)

leopardhost/TNC Toolbox: Web Performance < 1.4.2

Published Nov 11, 2025

Tracked Since Feb 18, 2026