Share
## https://sploitus.com/exploit?id=CD4E8CEE-8C9B-51D6-AB6E-F3E780470040
# ๐Ÿ“„ Nuclei Template for CVE-2025-14172

## ๐Ÿš€ Overview

This repository features a Nuclei template specifically designed to detect a **Missing Authorization Vulnerability (CVE-2025-14172)** in the **WP Page Permalink Extension** WordPress plugin. This issue allows authenticated attackers to remotely flush the site's rewrite rules via a vulnerable AJAX action.

## ๐Ÿ” Vulnerability Description

**CVE-2025-14172** arises from missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to the `wp_ajax_cwpp_trigger_flush_rewrite_rules` AJAX action in the **WP Page Permalink Extension** plugin for WordPress. This allows authenticated attackers, with subscriber-level access and above, to flush the site's rewrite rules, which can lead to performance degradation or SEO disruption on affected WordPress sites.

### ๐Ÿ›‘ Affected Versions

- **WP Page Permalink Extension Plugin**: Versions **up to and including 1.5.4**

### ๐Ÿ“Š CVSS Score

- **Base Score**: 6.5 (Medium)

### ๐Ÿท๏ธ CVSS Vector

- `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L`

## ๐Ÿ“‹ Template Details

This Nuclei template attempts to detect the vulnerability by sending an authenticated request to `admin-ajax.php` with the `action=cwpp_trigger_flush_rewrite_rules` parameter and checks for the specific response status or success confirmation.

### ๐Ÿ› ๏ธ Usage Instructions

To use this template with [Nuclei](https://nuclei.projectdiscovery.io/), make sure Nuclei is installed on your system. Then run the following command:

```bash
nuclei -t path/to/CVE-2025-14172.yaml -u 
```

Replace `path/to/CVE-2025-14172.yaml` with the actual path to your template file and `` with the target website URL.

## ๐Ÿ‘ค Author

This template was developed by [RootHarpy](https://github.com/rootharpy). For inquiries, collaboration, or contributions, feel free to connect via GitHub.