CVE-2024-27956 PoC — WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability

Source

Associated Vulnerability

Description

Perform with massive Wordpress SQLI 2 RCE

Readme

# Wordpress SQLI-2-RCE Exploit
- This Python script exploits CVE-2024-27956, a vulnerability in Wordpress that allows for SQL Injection leading to Remote Code Execution (RCE).

# Features
- Multi-threaded Exploitation: Utilizes concurrent threads to exploit multiple Wordpress instances simultaneously.
- Dynamic Payload Injection: Constructs SQL queries dynamically to inject malicious code into vulnerable Wordpress installations.
- Detailed Logging and Error Handling: Uses colorama and coloredlogs for enhanced console output with color-coded messages.

# Requirements
- Python 3.x
- Required Python packages (requests, argparse, colorama, coloredlogs, concurrent.futures)\

# Usage
- python exploit.py -f urls.txt [-t NUM_THREADS]
- -f, --file: File containing URLs/IPs of Wordpress instances, one per line.
- -t, --threads: Number of threads to use for concurrent requests (default: 5).

# Author
- Pari Malam

File Snapshot

 [4.0K]  /data/pocs/1ea6c6634f4231c064db10844dd5c6f4db4401c9
├── [8.2K]  CVE-2024-27956.py
├── [ 916]  README.md
└── [1.0M]  wp-automatic.zip

0 directories, 3 files

Remarks