Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-2539 PoC — File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read

Source
https://github.com/RootHarpy/CVE-2025-2539
Associated Vulnerability
Title:File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read (CVE-2025-2539)
Description:The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.
Description
Unauthenticated Arbitrary File Read exploit for WordPress File Away Plugin ≤ 3.9.9.0.1
Readme


# CVE-2025-2539 PoC

Unauthenticated Arbitrary File Read exploit for **WordPress File Away Plugin ≤ 3.9.9.0.1**

---

## 📖 Description

This Python script is a proof-of-concept (PoC) exploit for **CVE-2025-2539**, targeting a vulnerability in the **WordPress File Away Plugin ≤ 3.9.9.0.1**.  
The vulnerability allows unauthenticated attackers to read arbitrary files from the server via an exposed plugin endpoint without proper authorization checks.

---

## 📌 Usage

### ▶️ Requirements:
- Python 3
- `requests` library

Install required libraries:

```bash
pip install requests
```

---

**Arguments:**
- `--target` / `-t` : Target WordPress site URL (with HTTP/HTTPS)
- `--file` / `-f`   : File path you want to read from the target server (e.g. `wp-config.php`)

---


### ▶️ Run the Exploit:

```bash
python3 CVE-2025-2539.py --target http://target.com --file wp-config.php
```

---

## 🔍 Finding Targets

You can use **Fofa** to discover potentially vulnerable targets.

**Fofa Dork:**

```text
body="/wp-content/plugins/file-away/"
```

Search on: [https://fofa.info](https://fofa.info)

---

## 👨‍💻 Author

**Md Shoriful Islam (RootHarpy)**

---

## 📜 Disclaimer

This tool is created for educational and authorized penetration testing purposes only.  
Unauthorized use of this tool against systems without explicit permission is illegal.
File Snapshot

 [4.0K]  /data/pocs/3817a89db6410526e1c7aa4c0ad24d49155f1131
├── [2.3K]  CVE-2025-2539.py
└── [1.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →