Advanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost
<img src="https://raw.githubusercontent.com/issamjr/CVE-2025-26909-Scanner/refs/heads/main/file_00000000bc8c622f812f7390bb5235c7.png" />
# CVE-2025-26909 Vulnerability Scanner
A Python-based scanner and proof-of-concept script for detecting CVE-2025-26909 in WordPress plugin "Hide My WP Ghost" by Issam Junior.
## 🔍 Vulnerability Overview
**CVE-2025-26909** is a critical Local File Inclusion (LFI) vulnerability found in versions <= 5.4.01 of the "Hide My WP Ghost" plugin. This flaw allows attackers to read arbitrary files on the server by abusing improperly validated file path inputs.
## 💥 Impact
Attackers may exploit this flaw to:
- View sensitive files such as `/etc/passwd`, `wp-config.php`.
- Execute remote PHP code using LFI chains if combined with other misconfigurations.
## 🛡️ Mitigation
- Update the plugin to version **5.4.02 or newer**.
- Disable the “Change Paths” feature if it is not needed.
- Apply file inclusion filtering and file access hardening (AppArmor, chroot, etc).
## 🚀 Usage
### 1. Clone the tool
```bash
git clone https://github.com/issamjr/CVE-2025-26909-Scanner.git
cd CVE-2025-26909-Scanner
```
### 2. Install dependencies
```bash
pip install -r requirements.txt
```
### 3. Run the scanner
```bash
python3 scanner.py http://example.com/
```
## 📁 Output Format
- `[+]` Vulnerable
- `[-]` Not Vulnerable
- `[*]` Checking
- `[!]` Errors
## 👨💻 Author
- Issam Junior
- Telegram: [@issamiso](https://t.me/issamiso)
- GitHub: [issamjr](https://github.com/issamjr)
[4.0K] /data/pocs/7b1280af0ae8100dddda41c1fc7ea94bbcbfa03c
├── [2.1M] file_00000000bc8c622f812f7390bb5235c7.png
├── [1.5K] README.md
├── [ 17] requirements.txt
└── [2.4K] scanner.py
0 directories, 4 files