Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-0316 PoC — Multiple themes - Unauthenticated Arbitrary File Upload

Source
https://github.com/KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit
Associated Vulnerability
Title:Multiple themes - Unauthenticated Arbitrary File Upload (CVE-2022-0316)
Description:The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
Description
( Wordpress Exploit ) Wordpress Multiple themes - Unauthenticated Arbitrary File Upload
Readme

# Wordpress Multiple themes - Unauthenticated Arbitrary File Upload

[CVE-2022-0316](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0316) Unauthenticated Arbitrary File Upload in multiple themes from ChimpStudio and PixFill.

For more exploits and exclusive ones contact me on telegram [@KtN1990](https://t.me/KtN1990).

## Themes Effected

- westand
- footysquare
- aidreform
- statfort
- club-theme
- kingclub-theme
- spikes
- spikes-black
- soundblast
- bolster
- rocky-theme
- bolster-theme
- theme-deejay
- snapture
- onelife
- churchlife
- soccer-theme
- faith-theme
- statfort-new

## Usage

To run this exploit you need to have python 3 and websites list then execute

```bash
  python3 exploit.py -l list.txt -t 100
```


| Parameter | Type     | Description                |
| :-------- | :------- | :------------------------- |
| `-l` | `string` | **Required**. Your webistes list |
| `-t` | `int` | threads number ( 100 by default)|

## Contact

- [@KtN1990](https://t.me/KtN1990)


## More Exploits, Check Megatron!

![Logo](https://raw.githubusercontent.com/KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit/main/files/megatron.jpg)


- Provides an easy and efficient way to assess and exploit Wordpress security holes for mass purposes.
- 97+ Exploits, all types (RCE, LOOTS, AUTHBYPASS...).
- Customizable config.
- Monthly Free updates including more code opitmization, fixing bugs, adding more exploits plus 0days.
- Strong code base and custom threading and process model using a tasks management feature, getting reliable results is assured; no need to talk about speed since at KTN we use unconventional methods for concurrency.
- [Telegram Channel](https://t.me/megatron_ktn)



## Demo

[![IMAGE ALT TEXT HERE](https://i.ytimg.com/vi_webp/k6kRSlCIv4g/mqdefault.webp)](https://www.youtube.com/watch?v=k6kRSlCIv4g)

## License

[MIT](https://choosealicense.com/licenses/mit/)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →