Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-25213 PoC — wordpress 代码问题漏洞

Source
https://github.com/kakamband/WPKiller
Associated Vulnerability
Title:wordpress 代码问题漏洞 (CVE-2020-25213)
Description:The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
Description
CVE-2020-25213 Wordpress File Manager 6.7 Plugin 0day exploit
Readme
# WPKiller v1.0 ✔

Wordpress Security Scanner, WPKiller Allows you to search for vulnerabilities on the Wordpress site as well as scan Plugins and find Exploit customized versions and Plugins

## Installation

How to install this tool?

```bash
$ git clone https://github.com/Dark-Grizzly/WPKiller
$ cd WPKiller
$ chmod +x wpkiller.py
$ pip install -r requirements.txt
$ python wpkiller.py
```
File Snapshot

 [4.0K]  /data/pocs/f800989947d869ff7c5eeb5ef4773401fc650d2e
├── [ 396]  README.md
└── [   1]  WPKiller.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →