Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-5057 PoC — WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability

Source
https://github.com/enter0x13/poc-CVE-2024-5057
Associated Vulnerability
Title:WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability (CVE-2024-5057)
Description:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
Description
Let's try to inject, because it's CVE-2024-5057
Readme
# About

CVE-2024-5057

Let's try to inject and get the creds.


```bash
cd cve-2024-5057
./configure
make
make install
```

The expoit is installed as `/usr/local/bin/cve-2024-5057`.

So

```bash
cve-2024-5057 https://wp.example.com
```

where `https://wp.example.com` is a target Wordpress site.

# Result output

If the site is not vulnerable:

```text
The  site is not vulnerable
```

If the injection succeeded:

```text
username: Admin
password: Secret
```

returning username and password of the WP site admin.

--

**Happy hacking**
File Snapshot

 [4.0K]  /data/pocs/48ed10efd47e4ef02c0c4641f3b2bc3402eef5bb
├── [ 460]  CMakeLists.txt
├── [1.2M]  configure
├── [ 11K]  exploit.c
├── [ 764]  pwnkernel.c
└── [ 543]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →