Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-50498 PoC — WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability

Source
https://github.com/p0et08/CVE-2024-50498
Associated Vulnerability
Title:WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability (CVE-2024-50498)
Description:Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.
Description
This is a exploit for CVE-2024-50498
Readme
# CVE-2024-50498
# Affected Version
  `WP Query Console <=1.0`
# Credit
  `https://github.com/RandomRobbieBF/CVE-2024-50498`
# Premise
## Query Type is WP_Query and WP Query Console executes some php functions 
![Vulnerabilities](./pictures/1.png)
# Usage
`python .\CVE-2024-50498.py 192.168.41.163 --query "id"`
![result](./pictures/2.png)
File Snapshot

 [4.0K]  /data/pocs/158ce36a17dc55f701718307ed970f10145b1f89
├── [2.5K]  CVE-2024-50498.py
├── [4.0K]  pictures
│   ├── [ 95K]  1.png
│   ├── [ 33K]  2.png
│   └── [   1]  README.md
├── [ 341]  README.md
└── [1.3M]  wp-query-console.zip

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →