CVE-2020-25213

This exploit targets an unauthenticated arbitrary file upload vulnerability in WP File Manager plugin versions 6.0-6.9, allowing remote code execution via a malicious PHP shell upload. The PoC uploads a shell.php file and executes arbitrary commands through HTTP requests.

This is a functional exploit for CVE-2020-25213, targeting an unauthenticated arbitrary file upload vulnerability in WordPress Plugin WP-FileManager versions 6.0 to 6.8. It leverages the exposed connector.minimal.php endpoint to upload files, leading to remote code execution.

This repository contains a functional exploit for CVE-2020-25213, an unauthenticated arbitrary file upload vulnerability in the WP File Manager WordPress plugin (versions < 6.9). The exploit script checks for the vulnerable endpoint and allows uploading a local file to achieve remote code execution.

This is a functional Python exploit for CVE-2020-25213, targeting an unauthenticated arbitrary file upload vulnerability in the WordPress File Manager plugin (versions 6.0-6.9). It uploads a PHP shell via the elFinder connector and executes arbitrary commands.

This Python script exploits CVE-2020-25213, a vulnerability in the WP File Manager plugin for WordPress, allowing arbitrary file upload and execution. It checks for vulnerability status and uploads a specified file to the target server.

WPKiller is a WordPress security scanner designed to identify vulnerabilities in WordPress sites and plugins. It does not contain exploit code but rather scans for potential issues.

This repository contains a functional Python exploit for CVE-2020-25213, which targets an unauthenticated arbitrary file upload vulnerability in the WordPress File Manager plugin (versions 6.0-6.9). The exploit uploads a PHP shell via the vulnerable elFinder connector and executes arbitrary commands.

This repository provides a detailed technical writeup of the WordPress File Manager Plugin RCE (CVE-2020-25213), including attack chain analysis, lab environment setup, and mitigation strategies. It does not contain functional exploit code but offers in-depth research and VAPT methodology.

This is a minimal PHP-based remote command execution (RCE) PoC for CVE-2020-25213, leveraging a vulnerable parameter to execute arbitrary system commands. The exploit is trivial and directly exposes a system call via a GET parameter.

The repository appears to be a stub or incomplete PoC for CVE-2020-25213, containing only standard WordPress and Composer files without any exploit code. No offensive techniques or vulnerability-specific payloads are present.

This Metasploit module exploits CVE-2020-25213, an unauthenticated remote code execution vulnerability in the WordPress File Manager plugin (versions 6.0-6.8). It leverages the elFinder connector to upload or create a malicious PHP file, then executes it to achieve RCE.