CVE-2025-9286 PoC — Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user

Source

https://github.com/Nxploited/CVE-2025-9286

Associated Vulnerability

Title:Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password (CVE-2025-9286)
Description:The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.

Description

Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation

Readme

# CVE-2025-9286
Appy Pie Connect for WooCommerce &lt;= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation
# ⚠️ Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password

## 📝 Description

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the `reset_user_password()` REST handler in all versions up to, and including, 1.1.2.  
This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, thereby gaining administrative access.

- **CVE:** CVE-2025-9286  
- **CVSS:** 9.8 (Critical)

---

## 💻 Exploit Script

The following exploit can be used to leverage CVE-2025-9286 against WordPress sites running the vulnerable plugin version.

**Script Name:** `CVE-2025-9286.py`

### ⚙️ Usage

```bash
python CVE-2025-9286.py -u http://nxploit.ddev.site/ -id 1
```

### 🟢 Sample Output (Successful Exploitation)

```
[+] Checking plugin version: http://nxploit.ddev.site/wp-content/plugins/appy-pie-connect-for-woocommerce/readme.txt
[!] Vulnerable plugin detected (1.1.2). Attempting exploitation...
[*] Please wait, attempting to change password...
[+] Exploit successful! Password has been reset.
[*] New password: Nxploited
[+] Vulnerability exploited and password changed successfully.
```

---

## 📬 Contact & Community

- 📨 **Telegram:** [@Kxploit](https://t.me/Kxploit)
- 📡 **Telegram Channel:** [@KNxploited](https://t.me/KNxploited)

---

## ⚠️ Disclaimer

This exploit is for **educational and authorized penetration testing** purposes only.  
Unauthorized use against systems without explicit permission is illegal.  
The author is not responsible for any misuse or damage caused by this tool.

---

***By: Khaled Alenazi (Nxploited)***

File Snapshot


 [4.0K]  /data/pocs/f3ff884376c5dd9d0aab655f8fd7322c23ca4d34
├── [4.4K]  CVE-2025-9286.py
├── [1.5K]  LICENSE
├── [1.9K]  README.md
└── [  18]  requirements.txt

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!