CVE-2025-9209 PoC — RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypas

Source

https://github.com/Nxploited/CVE-2025-9209

Associated Vulnerability

Title:RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT (CVE-2025-9209)
Description:The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated attackers to forge JWT tokens for other users, including administrators, and authenticate as them.

Description

RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT

Readme

# 🍔 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2

## 🛡️ CVE-2025-9209.py — Mass Automatic Exploit & Extraction Tool

---

## ⚠️ Vulnerability Overview

**RestroPress – Online Food Ordering System** versions 3.0.0 to 3.1.9.2 are affected by an _Unauthenticated Information Exposure_ leading to _Authentication Bypass via Forged JWT_.

> The plugin exposes user private tokens and API key data, allowing unauthenticated attackers to forge JWT tokens, gaining full access to other users—including administrators.

- **CVE:** CVE-2025-9209
- **CVSS:** 9.8 (Critical)
- **Impact:** Full account takeover possible without prior authentication.

---

![Vulnerability illustration](https://github.com/Nxploited/CVE-2025-9209/blob/main/mass.png)

---

## 🚀 Script Features

- Ultra-fast site scanning (multi-threaded execution for large lists)
- Auto-detects and extracts all available private/public keys, tokens, and authentication info for every accessible account.
- Mass exploitation — identifies multiple vulnerable accounts per site.
- Reliable credential extraction — validates credentials during exploitation.
- Output to four structured files:
  - `exposures.txt` — Found exposures and credentials.
  - `tokens.txt` — JWT tokens extracted.
  - `exploited_sites.txt` — Sites with multiple exposed accounts.
  - `cookies.txt` — Session cookies from successful exploitation.
- Requires no authentication or elevated privileges.
- Resilient to network failures and blockages; recovers and retries transparently.
- Thread-safe file writing for consistent results.

---

## 🛠️ Usage

1. Place a list of target WordPress sites in a text file (one URL per line):
    ```
    targets.txt
    ```
    Example:
    ```
    https://example.com
    https://victim01.com
    ```

2. Run the script:
    ```bash
    python3 CVE-2025-9209.py
    ```

3. Follow prompts for thread count, verification, curl fallback, and request delay.

4. Review outputs in the generated text files (`exposures.txt`, `tokens.txt`, `exploited_sites.txt`, and `cookies.txt`).

---

## ✨ Author

**By: Nxploited ( Khaled Alenazi )**

---

## ⚖️ Disclaimer

- **This tool is provided for educational and authorized security testing only.**
- **Do not use against systems or data without explicit permission.**
- **The author assumes no responsibility for misuse or damage resulting from the use of this script.**

---

File Snapshot


 [4.0K]  /data/pocs/e2e82007fa1b39e177ac3c4782698578eff99417
├── [ 19K]  CVE-2025-9209.py
├── [1.5K]  LICENSE
├── [136K]  mass.png
├── [2.4K]  README.md
└── [  18]  requirements.txt

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!