Vulnerability Details CVE-2025-70129
If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments & anti spam-captcha functionalities enabled, including "capcha-letter", "capcha-word" and "capcha-token" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.2%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2025-70129
-
cpe:2.3:a:pluxml:pluxml:0.3.1
-
cpe:2.3:a:pluxml:pluxml:5.1.5
-
cpe:2.3:a:pluxml:pluxml:5.1.6
-
cpe:2.3:a:pluxml:pluxml:5.1.7
-
cpe:2.3:a:pluxml:pluxml:5.2
-
cpe:2.3:a:pluxml:pluxml:5.3
-
cpe:2.3:a:pluxml:pluxml:5.3.1
-
cpe:2.3:a:pluxml:pluxml:5.4
-
cpe:2.3:a:pluxml:pluxml:5.5
-
cpe:2.3:a:pluxml:pluxml:5.6
-
cpe:2.3:a:pluxml:pluxml:5.7
-
cpe:2.3:a:pluxml:pluxml:5.8
-
cpe:2.3:a:pluxml:pluxml:5.8.1
-
cpe:2.3:a:pluxml:pluxml:5.8.2
-
cpe:2.3:a:pluxml:pluxml:5.8.3
-
cpe:2.3:a:pluxml:pluxml:5.8.4
-
cpe:2.3:a:pluxml:pluxml:5.8.5
-
cpe:2.3:a:pluxml:pluxml:5.8.6
-
cpe:2.3:a:pluxml:pluxml:5.8.7
-
cpe:2.3:a:pluxml:pluxml:5.8.9