NOMISEC-mansoorr123/wp-file-manager-CVE-2020-25213

NOMISEC WORKING POC
Exploit for CVE-2020-25213 - WordPress File Manager Unauthenticated Remote Code Execution
AI Analysis

This repository contains a functional exploit for CVE-2020-25213, an unauthenticated arbitrary file upload vulnerability in the WP File Manager WordPress plugin (versions < 6.9). The exploit script checks for the vulnerable endpoint and allows uploading a local file to achieve remote code execution.

Attack Type
RCE
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type remote
Files 5
Stars 58
Forks 25
Last Push Oct 12, 2020
Authors
mansoorr123 Mansoor R (@time4ster)
Vulnerability
CVE-2020-25213
WordPress File Manager Unauthenticated Remote Code Execution
CRITICAL KEV
CVSS 10.0