CVE-2020-25213

This repository contains a functional exploit for CVE-2020-25213, an unauthenticated arbitrary file upload vulnerability in the WP File Manager WordPress plugin (versions < 6.9). The exploit script checks for the vulnerable endpoint and allows uploading a local file to achieve remote code execution.

This is a functional Python exploit for CVE-2020-25213, targeting an unauthenticated arbitrary file upload vulnerability in the WordPress File Manager plugin (versions 6.0-6.9). It uploads a PHP shell via the elFinder connector and executes arbitrary commands.

This Python script exploits CVE-2020-25213, a vulnerability in the WP File Manager plugin for WordPress, allowing arbitrary file upload and execution. It checks for vulnerability status and uploads a specified file to the target server.

WPKiller is a WordPress security scanner designed to identify vulnerabilities in WordPress sites and plugins. It does not contain exploit code but rather scans for potential issues.

The repository appears to be a stub or incomplete PoC for CVE-2020-25213, containing only standard WordPress and Composer files without any exploit code. No offensive techniques or vulnerability-specific payloads are present.

This is a minimal PHP-based remote command execution (RCE) PoC for CVE-2020-25213, leveraging a vulnerable parameter to execute arbitrary system commands. The exploit is trivial and directly exposes a system call via a GET parameter.

This is a functional exploit for CVE-2020-25213, targeting an unauthenticated arbitrary file upload vulnerability in WordPress Plugin WP-FileManager versions 6.0 to 6.8. It leverages the exposed connector.minimal.php endpoint to upload files, leading to remote code execution.

This exploit targets an unauthenticated arbitrary file upload vulnerability in WP File Manager plugin versions 6.0-6.9, allowing remote code execution via a malicious PHP shell upload. The PoC uploads a shell.php file and executes arbitrary commands through HTTP requests.

This Metasploit module exploits CVE-2020-25213, an unauthenticated remote code execution vulnerability in the WordPress File Manager plugin (versions 6.0-6.8). It leverages the elFinder connector to upload or create a malicious PHP file, then executes it to achieve RCE.