Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-2011 PoC — Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter

Source
https://github.com/datagoboom/CVE-2025-2011
Associated Vulnerability
Title:Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter (CVE-2025-2011)
Description:The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Description
PoC for CVE-2025-2011 - SQLi in Depicter plugin <= 3.6.1
Readme
# CVE-2025-2011 - Depicter Plugin SQL Injection Vulnerability

**CVE Reference:** [CVE-2025-2011](https://www.tenable.com/cve/CVE-2025-2011)

This repository contains a proof-of-concept environment for testing the SQL injection vulnerability in Depicter Slider & Popup Builder plugin (versions < 3.6.2).

## Prerequisites

- Docker
- Docker Compose
- Python 3.x
- Required Python packages: `requests`, `colorama`

## Setup Instructions

1. **Start the Environment**
   ```bash
   docker-compose up -d
   ```

2. **Complete WordPress Installation**
   - Open your browser and navigate to `http://localhost:5555`
   - Follow the WordPress installation wizard:
     - Select your language
     - Set up your site title
     - Create an admin account
     - Complete the installation

3. **Install the Vulnerable Plugin**
   ```bash
   chmod +x install-plugin.sh
   ./install-plugin.sh
   ```
   This script will:
   - Install WP-CLI in the container
   - Download and install Depicter plugin v3.6.1
   - Activate the plugin

4. **Install Python Dependencies**
   ```bash
   pip install requests colorama
   ```

## Testing the Vulnerability

The PoC script (`poc.py`) can be used to test the vulnerability in different modes:

1. **Check if target is vulnerable**
   ```bash
   python poc.py -u http://localhost:5555
   ```

2. **Extract admin details**
   ```bash
   python poc.py -u http://localhost:5555 -m admin
   ```

3. **Execute custom SQL query**
   ```bash
   python poc.py -u http://localhost:5555 -m custom -q "SELECT VERSION()"
   ```

4. **Enable debug output**
   ```bash
   python poc.py -u http://localhost:5555 -d
   ```

## Environment Details

- WordPress: Latest version
- Depicter Plugin: v3.6.1 (vulnerable version)
- MySQL: 5.7
- PHP: Latest version (from WordPress image)

## Cleanup

To stop and remove the environment:
```bash
docker-compose down -v
```

## Disclaimer

This environment is provided for educational and testing purposes only. Do not use this against any systems without explicit permission.
File Snapshot

 [4.0K]  /data/pocs/5b1e6902025f443da08790ca2be537b683349757
├── [ 833]  docker-compose.yml
├── [2.7K]  install-plugin.sh
├── [8.8K]  poc.py
└── [2.0K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →