CVE-2024-50498

The repository contains functional exploit code for multiple CVEs, including CVE-2026-22812, which demonstrates remote command execution (RCE) via crafted HTTP requests to vulnerable endpoints. The code includes proper error handling, multi-threading, and session management to exploit the vulnerability.

This PoC demonstrates an unauthenticated Remote Code Execution (RCE) vulnerability in the WP Query Console WordPress plugin (versions <= 1.0). The exploit sends a crafted POST request to the `/wp-json/wqc/v1/query` endpoint with a malicious `queryArgs` parameter containing PHP code (e.g., `phpinfo()`), which is executed on the server.

This is a functional exploit for CVE-2024-50498, targeting an unauthenticated code injection vulnerability in the LUBUS WP Query Console WordPress plugin. It uploads a PHP web shell via a crafted POST request to a vulnerable REST endpoint and provides an interactive remote shell.

This PoC exploits a command injection vulnerability in WP Query Console <=1.0 by sending a crafted JSON payload to the `/wp-json/wqc/v1/query` endpoint, allowing arbitrary command execution via the `system()` PHP function.

This repository contains a functional exploit for CVE-2024-50498, targeting a WordPress plugin vulnerability where the `queryArgs` parameter is passed to `eval()`, allowing arbitrary PHP code execution. The exploit constructs a payload to execute system commands while maintaining the expected return type.

This PoC exploits a code injection vulnerability in LUBUS WP Query Console (version 1.0) by sending a malicious payload to the `/wp-json/wqc/v1/query` endpoint, resulting in a reverse shell. The script first checks for the vulnerable plugin version before executing the exploit.

The repository contains functional exploit code for CVE-2024-50498, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload malicious files to a vulnerable target.