CVE-2025-9519

HIGH LAB

Easy Timer <4.2.1 - Authenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-9519. PoCs published by Nimisha17.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2025-9519, demonstrating an RCE vulnerability in the Easy Timer WordPress plugin (v4.2.1). The exploit leverages a shortcode injection to execute arbitrary commands via the `filter` parameter.

Description

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server.

Exploits (1)

github WORKING POC 2 stars
by Nimisha17 · poc
https://github.com/Nimisha17/Poc-CVE-2025-9519

This repository provides a functional proof-of-concept for CVE-2025-9519, demonstrating an RCE vulnerability in the Easy Timer WordPress plugin (v4.2.1). The exploit leverages a shortcode injection to execute arbitrary commands via the `filter` parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Easy Timer WordPress Plugin v4.2.1
Auth required
Prerequisites: Docker Engine · Docker Compose · WordPress instance with Easy Timer plugin activated · Editor-level privileges
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.0084
EPSS Percentile 53.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull wordpress:php7.4-apache
docker pull wordpress:cli

Details

CWE
CWE-94
Status published
Products (1)
kleor/Easy Timer < 4.2.1
Published Sep 04, 2025
Tracked Since Feb 18, 2026