Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-1609 PoC — The School Management < 9.9.7 - Unauthenticated RCE via REST api

Source
https://github.com/tuxsyscall/cve-2022-1609-exploit
Associated Vulnerability
Title:The School Management < 9.9.7 - Unauthenticated RCE via REST api (CVE-2022-1609)
Description:The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
Description
Exploit for CVE-2022-1609 WordPress Weblizar Backdoor.
Readme
# cve-2022-1609-exploit
Exploit for CVE-2022-1609 WordPress Weblizar Backdoor.
File Snapshot

 [4.0K]  /data/pocs/f2942ee3c192b7d64e242ae80ee9bc3bbcbd18b0
├── [1.7K]  cve-2022-1609.py
├── [1.0K]  LICENSE
└── [  79]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →