CVE-2025-5815

MEDIUM

WordPress Traffic Monitor <3.2.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-5815. PoCs published by RootHarpy.

AI-analyzed exploit summary This repository contains a Nuclei template designed to detect CVE-2025-5815, an unauthenticated bot logging disable vulnerability in the Traffic Monitor WordPress plugin. The template sends an unauthenticated request to the vulnerable AJAX endpoint to check for the presence of the vulnerability.

Description

The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.

Exploits (1)

nomisec SCANNER
by RootHarpy · poc
https://github.com/RootHarpy/CVE-2025-5815-Nuclei-Template

This repository contains a Nuclei template designed to detect CVE-2025-5815, an unauthenticated bot logging disable vulnerability in the Traffic Monitor WordPress plugin. The template sends an unauthenticated request to the vulnerable AJAX endpoint to check for the presence of the vulnerability.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Traffic Monitor WordPress plugin (versions up to and including 3.2.2)
No auth needed
Prerequisites: Target must have the Traffic Monitor WordPress plugin installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0039
EPSS Percentile 30.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
dmitriamartin/Traffic Monitor < 3.2.2
Published Jun 13, 2025
Tracked Since Feb 18, 2026