## https://sploitus.com/exploit?id=CD4E8CEE-8C9B-51D6-AB6E-F3E780470040
# ๐ Nuclei Template for CVE-2025-14172
## ๐ Overview
This repository features a Nuclei template specifically designed to detect a **Missing Authorization Vulnerability (CVE-2025-14172)** in the **WP Page Permalink Extension** WordPress plugin. This issue allows authenticated attackers to remotely flush the site's rewrite rules via a vulnerable AJAX action.
## ๐ Vulnerability Description
**CVE-2025-14172** arises from missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to the `wp_ajax_cwpp_trigger_flush_rewrite_rules` AJAX action in the **WP Page Permalink Extension** plugin for WordPress. This allows authenticated attackers, with subscriber-level access and above, to flush the site's rewrite rules, which can lead to performance degradation or SEO disruption on affected WordPress sites.
### ๐ Affected Versions
- **WP Page Permalink Extension Plugin**: Versions **up to and including 1.5.4**
### ๐ CVSS Score
- **Base Score**: 6.5 (Medium)
### ๐ท๏ธ CVSS Vector
- `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L`
## ๐ Template Details
This Nuclei template attempts to detect the vulnerability by sending an authenticated request to `admin-ajax.php` with the `action=cwpp_trigger_flush_rewrite_rules` parameter and checks for the specific response status or success confirmation.
### ๐ ๏ธ Usage Instructions
To use this template with [Nuclei](https://nuclei.projectdiscovery.io/), make sure Nuclei is installed on your system. Then run the following command:
```bash
nuclei -t path/to/CVE-2025-14172.yaml -u
```
Replace `path/to/CVE-2025-14172.yaml` with the actual path to your template file and `` with the target website URL.
## ๐ค Author
This template was developed by [RootHarpy](https://github.com/rootharpy). For inquiries, collaboration, or contributions, feel free to connect via GitHub.