CVE-2021-24499

This exploit leverages an unauthenticated file upload vulnerability in WordPress Theme Workreap 2.2.2 to achieve remote code execution. It uploads a malicious PHP file via the 'workreap_award_temp_file_uploader' action and executes arbitrary commands.

This repository contains a functional exploit for CVE-2021-24499, which allows unauthenticated file upload leading to remote code execution in the Workreap WordPress theme. The exploit leverages two AJAX actions that lack nonce checks to upload a malicious PHP shell.

This repository contains a functional exploit for CVE-2021-24499, an unauthenticated arbitrary file upload vulnerability in the Workreap WordPress theme. The exploit leverages the `workreap_award_temp_file_uploader` AJAX action to upload a PHP shell, leading to remote code execution.

This repository contains a functional exploit for CVE-2021-24499, an unauthenticated file upload vulnerability in the Workreap WordPress theme. The exploit leverages the `workreap_award_temp_file_uploader` AJAX action to upload a malicious PHP file (`abe.php`) to the target server, leading to remote code execution.

This repository provides a functional exploit PoC for CVE-2021-24499, a vulnerability in the Akismet plugin for WordPress. It includes Docker configurations to set up both vulnerable and patched environments, allowing researchers to test the exploit in a controlled setting.

The repository contains a functional exploit for CVE-2021-24499, targeting an unauthenticated file upload vulnerability in the Workreap WordPress theme. The exploit uploads a malicious PHP shell via the `workreap_award_temp_file_uploader` AJAX action, leading to remote code execution.