Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0757 PoC — Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Source
https://github.com/hunThubSpace/CVE-2024-0757-Exploit
Associated Vulnerability
Title:Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE (CVE-2024-0757)
Description:The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files
Description
A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)
Readme
# CVE-2024-0757 (Exploit)
## Description
The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible.

> [!IMPORTANT]
> CVSS:	**8.8 (High)** [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]  
> Software Type:	**Plugin**  
> Software Slug:	**insert-or-embed-articulate-content-into-wordpress**  
> Affected Version:	**<= 4.3000000023**  

## Exploit
1. Clone the exploit
``` bash
  git clone https://github.com/hunThubSpace/CVE-2024-0757-Exploit.git && cd CVE-2024-0757-Exploit
```
2. Install requirements
``` bash
  pip install -r requirements.txt
```
3. Run exploit
``` bash
  python3 exploit.py
```
4. Browse to given url and click on **Go to shell page**
5. You have a shell :)

## PoC video
https://github.com/hunThubSpace/CVE-2024-0757-Exploit/assets/49031710/6855e8c4-a00b-469d-bcec-7b2252352ee4
File Snapshot

 [4.0K]  /data/pocs/0c2a2d6404520fc67b9157a02018b876aa38eadb
├── [2.7K]  exploit.py
├── [4.6K]  files.zip
├── [1.1K]  README.md
└── [  26]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →