目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2025-30567 PoC — WordPress plugin WP01 路径遍历漏洞

来源
https://github.com/KaxuFF/CVE-2025-30567-PoC
关联漏洞
标题:WordPress plugin WP01 路径遍历漏洞 (CVE-2025-30567)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP01 2.6.2及之前版本存在路径遍历漏洞,该漏洞源于路径遍历。
Description
CVE-2025-30567 - WordPress WP01 < Path traversal
介绍
# CVE-2025-30567 - WordPress WP01 Path Traversal Exploit

![CVE-2025-30567](https://img.shields.io/badge/CVE-2025--30567-red) ![WordPress](https://img.shields.io/badge/WordPress-4.0%2B-blue)

## Overview

Welcome to the CVE-2025-30567 Proof of Concept (PoC) repository. This project demonstrates a path traversal vulnerability in WordPress WP01. The vulnerability allows attackers to access files outside the intended directory structure. This can lead to sensitive data exposure and potentially compromise the integrity of the application.

## Table of Contents

- [Description](#description)
- [Vulnerability Details](#vulnerability-details)
- [Installation](#installation)
- [Usage](#usage)
- [Contributing](#contributing)
- [License](#license)
- [Links](#links)

## Description

CVE-2025-30567 targets the WordPress WP01 plugin. This vulnerability stems from improper input validation, which enables attackers to manipulate file paths. The PoC provided here allows you to test the vulnerability in a controlled environment. Understanding this exploit can help developers patch their applications and secure their systems against potential attacks.

## Vulnerability Details

- **CVE ID:** CVE-2025-30567
- **Affected Software:** WordPress WP01
- **Type:** Path Traversal
- **Severity:** High

### Impact

An attacker can exploit this vulnerability to read arbitrary files on the server. This can lead to:

- Exposure of sensitive information (e.g., configuration files, user data)
- Further exploitation of the server
- Potential data breaches

### Affected Versions

This vulnerability affects all versions of WordPress WP01 prior to the patch release. Users should upgrade to the latest version to mitigate this risk.

## Installation

To set up the PoC, follow these steps:

1. Clone the repository:
   ```bash
   git clone https://github.com/KaxuFF/CVE-2025-30567-PoC.git
   ```

2. Navigate to the project directory:
   ```bash
   cd CVE-2025-30567-PoC
   ```

3. Ensure you have the necessary dependencies installed. You may need to install specific libraries or tools based on your environment.

4. Download the exploit file from the [Releases section](https://github.com/KaxuFF/CVE-2025-30567-PoC/releases). This file needs to be downloaded and executed to test the vulnerability.

## Usage

Once you have the exploit file, follow these steps to use it:

1. Ensure your WordPress WP01 installation is running.
2. Execute the downloaded exploit file:
   ```bash
   ./exploit-file-name
   ```

3. Observe the output. If the vulnerability is present, you will see the contents of sensitive files displayed in the console.

### Example Command

Here is an example command to execute the exploit:

```bash
./exploit-file-name --target http://your-wordpress-site.com
```

Replace `http://your-wordpress-site.com` with the URL of your WordPress installation.

## Contributing

Contributions are welcome! If you would like to help improve this project, please follow these steps:

1. Fork the repository.
2. Create a new branch:
   ```bash
   git checkout -b feature/YourFeature
   ```

3. Make your changes and commit them:
   ```bash
   git commit -m "Add your message here"
   ```

4. Push to the branch:
   ```bash
   git push origin feature/YourFeature
   ```

5. Create a pull request.

Please ensure that your contributions adhere to the coding standards and best practices.

## License

This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.

## Links

For more information, visit the [Releases section](https://github.com/KaxuFF/CVE-2025-30567-PoC/releases) to download the exploit file and access the latest updates. 

Feel free to explore the various topics related to this repository:

- [codeb0ss](https://github.com/topics/codeb0ss)
- [cve-2025](https://github.com/topics/cve-2025)
- [cve-2025-30567](https://github.com/topics/cve-2025-30567)
- [cve-2025-30567-exp](https://github.com/topics/cve-2025-30567-exp)
- [cve-2025-30567-poc](https://github.com/topics/cve-2025-30567-poc)
- [cve-2025-30567-wordpress](https://github.com/topics/cve-2025-30567-wordpress)
- [cves](https://github.com/topics/cves)
- [exploits](https://github.com/topics/exploits)
- [uncodeboss](https://github.com/topics/uncodeboss)
- [wordpress](https://github.com/topics/wordpress)

Thank you for your interest in CVE-2025-30567!
文件快照

 [4.0K]  /data/pocs/dbd98ffa281a1da0d10e797185a5b02dccddd024
├── [ 19K]  CVE-2025-30567.py
├── [4.0K]  pytransform
│   ├── [   1]  @
│   ├── [ 11K]  __init__.py
│   ├── [ 15K]  __init__.pyc
│   ├── [ 220]  license.lic
│   ├── [699K]  _pytransform.dll
│   └── [ 476]  pytransform.key
└── [4.3K]  README.md

1 directory, 8 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →