CVE-2025-9209

CRITICAL NUCLEI

RestroPress 3.0.0-3.1.9.2 - Unauthenticated Authentication Bypass via REST API

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-9209. PoCs published by Boshe99, Nxploited. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2025-9209, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the exploit by uploading a malicious file via an unauthenticated endpoint.

Description

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated attackers to forge JWT tokens for other users, including administrators, and authenticate as them.

Exploits (2)

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-9209

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-9209, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the exploit by uploading a malicious file via an unauthenticated endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: target URL · malicious file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

github WORKING POC

by Nxploited · pythonpoc

https://github.com/Nxploited/CVE-2025-9209

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2025-9209, targeting a WordPress vulnerability. The script automates the extraction of sensitive user metadata (e.g., API keys, tokens) and verifies credentials via REST API endpoints.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WordPress (specific plugin/version not explicitly stated)

No auth needed

Prerequisites: Target WordPress site with vulnerable plugin · Network access to the target

MITRE ATT&CK

T1592 - Gather Victim Host Information T1110 - Brute Force

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

RestroPress 3.0.0-3.2.1 - Authentication Bypass

CRITICALVERIFIEDby 0x_Akoko

Shodan: http.html:"/wp-content/plugins/restropress/"

FOFA: body="/wp-content/plugins/restropress/"

References (2)

Core 2

Core References

Product

https://wordpress.org/plugins/restropress/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/359833dd-de3c-48ea-8eef-06588a590da2?source=cve

Scores

CVSS v3 9.8

EPSS 0.0962

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

magnigenie/RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2

Published Oct 03, 2025

Tracked Since Feb 18, 2026