CVE-2018-15877

HIGH LAB

Plainview Activity Monitor < 20180826 - OS Command Injection

Title source: rule

Description

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Lydéric Lefebvre · htmlwebappsphp
https://www.exploit-db.com/exploits/45274
exploitdb WORKING POC
by Beren Kuday GÖRÜN · pythonwebappsphp
https://www.exploit-db.com/exploits/50110
nomisec WORKING POC 1 stars
by Cinnamon1212 · poc
https://github.com/Cinnamon1212/CVE-2018-15877-RCE
nomisec WORKING POC
by cved-sources · poc
https://github.com/cved-sources/cve-2018-15877
github WORKING POC
by qq431169079 · htmlpoc
https://github.com/qq431169079/CVE/tree/master/CVE-2018-15877
metasploit WORKING POC EXCELLENT
by LydA(c)ric LEFEBVRE, Leo LE BOUTER · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_plainview_activity_monitor_rce.rb

References (4)

Scores

CVSS v3 8.8
EPSS 0.8032
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull cved/base-wordpress
+1 more repos

Details

CWE
CWE-78
Status published
Products (1)
plainview_activity_monitor_project/plainview_activity_monitor < 20180826
Published Aug 26, 2018
Tracked Since Feb 18, 2026