CVE-2022-1329

This is a functional exploit for CVE-2022-1329, targeting a broken access control vulnerability in WordPress Elementor versions 3.6.0-3.6.2. It allows authenticated users to upload and execute arbitrary PHP files by exploiting the `elementor_upload_and_install_pro` AJAX action.

This is a functional exploit for CVE-2022-1329, targeting a broken access control vulnerability in Elementor WordPress plugin versions 3.6.0-3.6.2. It allows authenticated users to upload and execute arbitrary PHP files via a crafted ZIP archive.

This repository contains a Python-based PoC for CVE-2022-1329, an authenticated RCE vulnerability in WordPress Elementor versions 3.6.0-3.6.2. The exploit leverages broken access control to upload and execute a malicious ZIP file containing a PHP payload via the Elementor plugin's AJAX handler.

This repository provides a detailed writeup and instructions for exploiting CVE-2022-1329 in WordPress 6.1.1 with Elementor 3.6.1, followed by privilege escalation using Dirty Pipe (CVE-2022-0847) on Ubuntu 20.04 with Kernel 5.9.12. It includes setup, exploitation steps, and privilege escalation guidance.

This is a functional exploit for CVE-2022-1329, targeting a vulnerability in the Elementor WordPress plugin (versions 3.6.0-3.6.2) that allows authenticated users to upload and execute arbitrary PHP files via a flawed AJAX handler. The PoC includes authentication, nonce retrieval, and payload upload steps but does not include an actual payload.

This repository provides a detailed writeup and references for CVE-2022-1329, a vulnerability in the Elementor Website Builder plugin for WordPress. The vulnerability allows unauthorized execution of AJAX actions due to a missing capability check, potentially leading to remote code execution.

This Metasploit module exploits an authenticated file upload vulnerability in WordPress Elementor plugin (CVE-2022-1329), allowing RCE by uploading a malicious PHP file disguised as an Elementor Pro plugin. It requires valid credentials and leverages a nonce for CSRF protection bypass.