CVE-2017-1002002
CRITICALWordPress Plugin Webapp-Builder v2.0 - Info Disclosure
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-1002002. PoCs published by The Martian.
AI-analyzed exploit summary This exploit targets multiple WordPress plugins vulnerable to unauthenticated file upload (CVE-2017-1002003). It uploads a PHP shell to the target server via a vulnerable endpoint and confirms execution by running a command.
Description
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
Exploits (1)
exploitdb
WORKING POC
by The Martian · pythonwebappsphp
https://www.exploit-db.com/exploits/41540
This exploit targets multiple WordPress plugins vulnerable to unauthenticated file upload (CVE-2017-1002003). It uploads a PHP shell to the target server via a vulnerable endpoint and confirms execution by running a command.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
WordPress Plugin wp2android-turn-wp-site-into-android-app v1.1.4 (and others listed)
No auth needed
Prerequisites:
Target must have one of the listed vulnerable plugins installed and accessible
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96906
Not Applicable x_refsource_misc
https://wordpress.org/plugins-wp/webapp-builder/
Exploit, Third Party Advisory x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=181
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/41540/
Scores
CVSS v3
9.8
EPSS
0.1264
EPSS Percentile
95.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
Invedion/webapp-builder
unspecified - 2.0
webapp-builder_project/webapp-builder
2.0
Published
Sep 14, 2017
Tracked Since
Feb 18, 2026