CVE-2025-5815: An unauthenticated vulnerability in the WordPress Traffic Monitor plugin (≤ 3.2.2) allowing remote attackers to disable bot logging via an exposed AJAX action without requiring authentication.
# 📄 Nuclei Template for CVE-2025-5815
## 🚀 Overview
This repository features a Nuclei template specifically designed to detect an **Unauthenticated Bot Logging Disable Vulnerability (CVE-2025-5815)** in the **Traffic Monitor** WordPress plugin. This issue allows unauthenticated attackers to remotely disable bot logging via a vulnerable AJAX action.
## 🔍 Vulnerability Description
**CVE-2025-5815** arises from missing authentication and authorization checks on the `tfcm_set_bot_flags` AJAX action in the **Traffic Monitor plugin** for WordPress. This allows remote attackers to tamper with plugin settings, disabling bot logging without requiring login credentials — leading to evasion of activity monitoring on affected WordPress sites.
### 🛑 Affected Versions
- **Traffic Monitor Plugin**: Versions **up to and including 3.2.2**
### 📊 CVSS Score
- **Base Score**: 5.3 (Medium)
### 🏷️ CVSS Vector
- `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N`
## 📋 Template Details
This Nuclei template attempts to exploit the vulnerable AJAX endpoint by sending an unauthenticated request to `admin-ajax.php` with the `action=tfcm_set_bot_flags` parameter and checks for a success confirmation in the response body.
### 🛠️ Usage Instructions
To use this template with [Nuclei](https://nuclei.projectdiscovery.io/), make sure Nuclei is installed on your system. Then run the following command:
```bash
nuclei -t path/to/CVE-2025-5815.yaml -u <target_url>
```
Replace `path/to/CVE-2025-5815.yaml` with the actual path to your template file and `<target_url>` with the target website URL.
## 👤 Author
This template was developed by [RootHarpy](https://github.com/rootharpy). For inquiries, collaboration, or contributions, feel free to connect via GitHub.
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view