CVE-2023-47873

CRITICAL NUCLEI

WEN Solutions WP Child Theme Generator <= 1.0.9 - Unrestricted Upload of File with Dangerous Type

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-47873. PoCs published by certuscyber. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for multiple WordPress plugin vulnerabilities, including SQL injection (CVE-2014-5182, CVE-2014-5185) and insecure deserialization (CVE-2020-29045). The PoCs include authentication, payload delivery, and data exfiltration logic.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.

Exploits (1)

github WORKING POC 3 stars

by certuscyber · pythonpoc

https://github.com/certuscyber/cve-pocs/tree/main/CVE-2023-47873

View Code ZIP pw:eip

The repository contains functional exploit code for multiple WordPress plugin vulnerabilities, including SQL injection (CVE-2014-5182, CVE-2014-5185) and insecure deserialization (CVE-2020-29045). The PoCs include authentication, payload delivery, and data exfiltration logic.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress YAWPP plugin <= 1.2, WordPress Quartz plugin <= 1.01.1

Auth required

Prerequisites: WordPress installation with vulnerable plugin · Valid credentials (contributor role or higher)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload

CRITICALVERIFIEDby cysamu,Crux

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve

Scores

CVSS v3 9.1

EPSS 0.0228

EPSS Percentile 80.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

WEN Solutions/WP Child Theme Generator < 1.0.9

wensolutions/wp_child_theme_generator < 1.1.3

Published Mar 26, 2024

Tracked Since Feb 18, 2026