CVE-2025-29009

CRITICAL

Webkul Medical Prescription Attachment Plugin <1.2.3 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-29009. PoCs published by Nxploited, jsecx88, joshs-code.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-29009, targeting a file upload vulnerability in a WordPress plugin. The script automates the process of extracting nonces, uploading a shell, and verifying its execution.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through <= 1.2.3.

Exploits (3)

nomisec WORKING POC
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-29009

This repository contains a functional exploit for CVE-2025-29009, targeting a file upload vulnerability in a WordPress plugin. The script automates the process of extracting nonces, uploading a shell, and verifying its execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress plugin (likely related to WooCommerce Prescription Attachment)
No auth needed
Prerequisites: target URLs list · local shell file · unique shell signature
devstral-2 · analyzed Apr 18, 2026 Full analysis →
github WORKING POC
by jsecx88 · pythonpoc
https://github.com/jsecx88/CVE-2025-29009-POC

The repository contains a functional exploit for CVE-2025-29009, demonstrating an unauthenticated arbitrary file upload vulnerability in the Medical Prescription Attachment Plugin for WooCommerce. The exploit uploads a PHP shell by bypassing file type restrictions via a crafted multipart request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3
No auth needed
Prerequisites: Target URL with vulnerable plugin installed
devstral-2 · analyzed May 01, 2026 Full analysis →
github WORKING POC
by joshs-code · pythonpoc
https://github.com/joshs-code/CVE-2025-29009-POC

This repository contains a functional exploit for CVE-2025-29009, an unauthenticated arbitrary file upload vulnerability in the Medical Prescription Attachment Plugin for WooCommerce. The exploit uploads a PHP shell by bypassing file type restrictions via a crafted multipart request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3
No auth needed
Prerequisites: Target must have the vulnerable plugin installed · WP-AJAX endpoint must be accessible
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 10.0
EPSS 0.0018
EPSS Percentile 39.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
Webkul/Medical Prescription Attachment Plugin for WooCommerce < 1.2.3
Published Jul 16, 2025
Tracked Since Feb 18, 2026