Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-52375 PoC — WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability

Source
https://github.com/Nxploited/CVE-2024-52375
Associated Vulnerability
Title:WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability (CVE-2024-52375)
Description:Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5.
Description
WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability
Readme

# WordPress Datasets Manager <= 1.5 - Arbitrary File Upload (CVE-2024-52375)

> 💥 Exploit by: Nxploit (Khaled Alenazi)  
> 📅 CVE Published: November 14, 2024  
> 🧠 CVSS Score: **10.0 (Critical)**  
> 🛠 CWE-434: Unrestricted Upload of File with Dangerous Type

---

## 📌 Description

A critical vulnerability was discovered in the **Datasets Manager by Arttia Creative** WordPress plugin, affecting all versions **up to and including 1.5**.

The plugin fails to properly validate file types during the upload process, allowing an unauthenticated attacker to upload arbitrary files — including PHP shells — and achieve **Remote Code Execution (RCE)**.

---

## 🧠 CVE Details

- **CVE ID:** CVE-2024-52375  
- **Plugin Affected:** Datasets Manager by Arttia Creative  
- **Affected Versions:** <= 1.5  
- **Vulnerability Type:** Arbitrary File Upload (Unauthenticated)  
- **CWE:** [CWE-434](https://cwe.mitre.org/data/definitions/434.html) - Unrestricted Upload of File with Dangerous Type  
- **CVSS v3.1:** `AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`  
- **Severity:** 🔴 CRITICAL (10.0)

---

## ⚙️ Requirements

- Python 3.x
- `requests` library:
  ```bash
  pip install requests
  ```

---

## 🚀 Usage

```bash

usage: CVE-2024-52375.py [-h] -u URL

Exploit for WordPress Datasets Manager <= 1.5 - Arbitrary File Upload | By: Nxploit | Khaled Alenazi

options:
  -h, --help     show this help message and exit
  -u, --url URL  Full target URL (e.g. http://target.com/wordpress)

```

> Replace the URL with the full path to the target WordPress installation.

---

## ✅ Expected Output

If successful, the script will:

1. Extract the public `_wpnonce` from the frontend.
2. Upload a PHP shell named `nxploit.php`.
3. Check if the shell is accessible and display its URL:

```
[+] Shell available at:
    http://target.com/wordpress/wp-content/uploads/2025/03/nxploit.php
```

You can then execute commands like:

```
http://target.com/wordpress/wp-content/uploads/2025/03/nxploit.php?cmd=id
```

---

## 🔒 Notes

- The exploit checks the plugin version automatically via `readme.txt`.
- Only versions `<= 1.5` are vulnerable.
- No authentication is required.

---


---

## 📢 Disclaimer

This tool is provided for **educational and authorized testing purposes only**.  
Using it against systems you do not own or have permission to test is **illegal**.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →