CVE-2022-1609

This exploit leverages a backdoor in the Weblizar WordPress plugin to execute arbitrary system commands via a crafted POST request to the `/wp-json/am-member/license` endpoint. The script provides an interactive shell by injecting commands into the `blowf` parameter.

This is a functional exploit for CVE-2022-1609, targeting a WordPress Weblizar plugin backdoor. It leverages an arbitrary command execution vulnerability via the `/wp-json/am-member/license` endpoint by injecting commands into the `blowf` parameter.

This PoC demonstrates a remote command execution (RCE) vulnerability in WordPress Weblizar via a backdoor in the REST API endpoint. The exploit sends a crafted POST request to execute arbitrary system commands.

This exploit leverages a backdoor in the Weblizar plugin for WordPress (CVE-2022-1609) to achieve remote command execution via a crafted POST request to the `/wp-json/am-member/license` endpoint. The script sends arbitrary commands through the `blowf` parameter, which are executed on the target system.

This repository contains a functional exploit for CVE-2022-1609, a backdoor in the Weblizar WordPress plugin. The exploit sends a crafted POST request to the vulnerable API endpoint to achieve remote code execution (RCE).