CVE-2024-27956

This repository contains a functional exploit for CVE-2024-27956, targeting the WP Automatic WordPress plugin. The exploit automates the creation of an admin account and executes a reverse shell via SQL injection and file upload.

This PoC exploits CVE-2024-27956, a SQL injection vulnerability in the ValvePress Automatic plugin for WordPress. It creates an admin user via unsanitized input in the 'q' parameter, leading to potential RCE through WordPress admin privileges.

This repository contains a functional Python exploit for CVE-2024-27956, targeting a WordPress SQL injection vulnerability in the 'wp-automatic' plugin. The exploit automates the creation of an admin user via SQLi, enabling RCE by leveraging the injected credentials.

This Python script exploits CVE-2024-27956, a SQL injection vulnerability in WordPress leading to RCE by creating an admin user. It uses multi-threading for concurrent exploitation and includes detailed logging.

This repository contains a Python-based scanner for detecting CVE-2024-27956, a vulnerability that appears to involve SQL injection via a time-based payload. The tool includes functionality for scanning single or multiple URLs, sending Telegram notifications, and logging results.

This PoC exploits CVE-2024-27956, a SQL injection vulnerability in the ValvePress Automatic WordPress plugin. It creates an administrator user via SQL injection, which can lead to remote code execution.

This PoC demonstrates a SQL injection vulnerability in the WP Automatic WordPress plugin. The exploit leverages a time-based blind SQLi via the `q` parameter in `csv.php`, bypassing authentication with `auth=%00`.

This is a functional exploit for CVE-2024-27956, targeting an unauthenticated SQL injection vulnerability in the WP Automatic WordPress plugin. It automates the creation of an admin user by injecting SQL queries to manipulate the WordPress database.

The repository contains heavily obfuscated Python code with no clear exploit logic or meaningful comments. The structure suggests potential deception or a placeholder rather than a functional PoC for CVE-2024-27956.

This PoC exploits CVE-2024-27956, a SQL injection vulnerability in the WP Automatic WordPress plugin. It tests for vulnerability and, if successful, creates an admin user by injecting SQL queries.

This PoC exploits CVE-2024-27956 in the WordPress WP Automatic plugin by injecting SQL queries to create an admin user, then uploading a reverse shell via the plugin editor. It demonstrates a full chain from SQL injection to remote code execution.

This repository provides a YAML-based PoC rule for fscan to detect and exploit CVE-2024-27956, a WordPress Automatic SQL injection vulnerability. It includes instructions for integrating the rule into fscan and notes that exploitation may create a new user if the vulnerability exists.

This Python script exploits CVE-2024-27956, a WordPress SQL injection vulnerability in the WP Automatic plugin, leading to RCE by creating an admin user. It automates the exploitation process with multi-threading support.

This PoC exploits CVE-2024-27956, a SQL injection vulnerability in the ValvePress Automatic WordPress plugin, to create an administrator user and grant it privileges, potentially leading to RCE. The exploit sends crafted SQL queries via the 'q' parameter to manipulate the WordPress database.

This exploit leverages SQL injection in Valve Press (CVE-2024-27956) to create an admin user in WordPress. It sends crafted POST requests to `/wp-content/plugins/wp-automatic/inc/csv.php` to insert a new user and grant administrator privileges.

This repository contains a functional exploit for CVE-2024-27956, which targets a SQL injection vulnerability in the WP Automatic WordPress plugin. The exploit creates an admin user by injecting SQL queries into the plugin's CSV import functionality.

The repository contains only a README.md file with the CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.

This exploit targets CVE-2024-27956 in the WordPress plugin 'wp-automatic' by injecting SQL queries to create an administrator user. It leverages a vulnerability in the CSV import functionality to execute arbitrary SQL commands.

This repository contains a functional exploit for CVE-2024-27956, which targets a SQL injection vulnerability in the Valve Press plugin for WordPress. The exploit creates an admin user by injecting SQL queries into the vulnerable endpoint.

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin (versions < 3.92.1) to create an admin account and achieve remote code execution (RCE) via plugin upload.