CVE-2025-28915 PoC — WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability

Source

https://github.com/Pei4AN/CVE-2025-28915

Associated Vulnerability

Title:WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability (CVE-2025-28915)
Description:Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects ThemeEgg ToolKit: from n/a through <= 1.2.9.

Readme

# CVE-2025-28915
## 漏洞描述：
WordPress是一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。

WordPress  ThemeEgg ToolKit 1.2.9及之前版本存在代码问题漏洞，该漏洞源于允许上传危险类型文件，可能导致上传Web Shell。

## 环境搭建：
``` docker pull wordpress ```

历史插件：https://github.com/themeegg/themeegg-toolkit/releases/tag/1.2.4

安装插件：http://URL/wp-admin/plugin-install.php
![image](https://github.com/user-attachments/assets/03559b12-8b58-4c1f-a005-e24c094808c3)


## 漏洞复现
根据项目https://github.com/Nxploited/CVE-2025-28915 的优化

```pip install requests beautifulsoup4```

```python -u  http://127.0.0.1 -un  username -p password```

URL最后不携带"/"
![image](https://github.com/user-attachments/assets/12dfc07e-db6d-4a3b-a54e-5bc5dcb0e3f6)

![image](https://github.com/user-attachments/assets/4e25a3d1-1498-491a-905e-bfb0f3ca5920)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →