CVE-2025-53580

CRITICAL

Simple Business Directory Pro - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-53580. PoCs published by Nxploited.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-53580, targeting a WordPress vulnerability. The script automates username enumeration and password reset attacks, leveraging multiple techniques to identify and exploit vulnerable endpoints.

Description

Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.

Exploits (1)

nomisec WORKING POC

by Nxploited · poc

https://github.com/Nxploited/CVE-2025-53580

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2025-53580, targeting a WordPress vulnerability. The script automates username enumeration and password reset attacks, leveraging multiple techniques to identify and exploit vulnerable endpoints.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WordPress (specific version not explicitly stated)

No auth needed

Prerequisites: target URL · network access to the WordPress site

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-plugin-15-6-9-privilege-escalation-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-plugin-15-6-9-privilege-escalation-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-266

Status published

Products (1)

quantumcloud/Simple Business Directory Pro < 15.6.9

Published Aug 20, 2025

Tracked Since Feb 18, 2026