Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-5932 PoC — GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execut

Source
https://github.com/autom4il/CVE-2024-5932
Associated Vulnerability
Title:GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution (CVE-2024-5932)
Description:The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
Description
PoC for CVE-2024-5932.
Readme
# PoC for CVE-2024-5932

Credit goes to:
- https://github.com/EQSTLab/CVE-2024-5932
- https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932/

---

This PoC is provided for educational purposes only. I do not take any
responsibility for the improper use of this code, especially in relation to any
vulnerabilities (CVE) it may help exploit or mitigate.

It is your responsibility to use this code ethically and legally. Please ensure
that you have the proper authorization and permission before using this code
in any environment. By using this code, you agree to take full responsibility
for any consequences resulting from its use. The author is not liable for
any damage, loss, or legal ramifications that may arise from the misuse or
unintended consequences of using this code.
File Snapshot

 [4.0K]  /data/pocs/e2e8015c82edcc2a3d317f98ac8cd169bb6f3403
├── [3.1K]  CVE-2024-5932.py
└── [ 806]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →