Exploit for CVE-2025-5287

Name: Exploit for CVE-2025-5287
Rating: 5 (192 reviews)
2025-06-16 | CVSS 7.5
## https://sploitus.com/exploit?id=080BA440-D2E1-54D1-BCF5-4AA7BB37BFE7
# CVE-2025-5287 PoC

Unauthenticated SQL Injection exploit for **WordPress Likes and Dislikes Plugin ≤ 1.0.0**

---

## 📖 Description

This Python script is a proof-of-concept (PoC) exploit for **CVE-2025-5287**, targeting a vulnerability in the **WordPress Likes and Dislikes Plugin ≤ 1.0.0**.  
The vulnerability allows unauthenticated attackers to perform time-based blind SQL injection via the `post` parameter in the `my_likes_dislikes_action` AJAX action, potentially leading to sensitive data exposure or further exploitation.

---

## 📌 Usage

### ▶️ Requirements:
- Python 3
- `requests` library

Install required libraries:

```bash
pip install requests
```

---

**Arguments:**
- `--url` / `-u` : Target WordPress site URL (with HTTP/HTTPS)
- `--sleep` / `-s` : Sleep time (seconds) for detecting SQL delay (default: 5)

---

### ▶️ Run the Exploit:

```bash
python3 CVE-2025-5287-poc.py --url http://target.com
```

Or with a custom sleep time:

```bash
python3 CVE-2025-5287-poc.py --url http://target.com --sleep 7
```

---

## 🔍 Finding Targets

You can use **Fofa** to discover potentially vulnerable WordPress installations running the plugin.

**Fofa Dork:**

```text
body="/wp-admin/admin-ajax.php"
```

Or to narrow down plugin-specific references:

```text
body="my_likes_dislikes_action"
```

Search on: [https://fofa.info](https://fofa.info)

---

## 👨‍💻 Author

**Md Shoriful Islam (RootHarpy)**

---

## 📜 Disclaimer

This tool is created for educational and authorized penetration testing purposes only. Unauthorized use of this tool against systems without explicit permission is illegal.