CVE-2024-51793

CRITICAL

Webful Creations Computer Repair Shop <3.8115 - RCE

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2024-51793. PoCs published by JoshuaProvoste, KTN1990, Nxploited.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2024-51793, an unauthenticated arbitrary file upload vulnerability in a WordPress plugin leading to remote command execution (RCE). The exploit uploads a PHP payload via a vulnerable admin-ajax.php action and provides an interactive shell.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.

Exploits (5)

nomisec WORKING POC 1 stars

by JoshuaProvoste · poc

https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-51793

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2024-51793, an unauthenticated arbitrary file upload vulnerability in a WordPress plugin leading to remote command execution (RCE). The exploit uploads a PHP payload via a vulnerable admin-ajax.php action and provides an interactive shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress plugin (version 3.8115 or vulnerable versions)

No auth needed

Prerequisites: Vulnerable WordPress plugin installed · Access to the target's admin-ajax.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by KTN1990 · poc

https://github.com/KTN1990/CVE-2024-51793

View Code ZIP pw:eip

This is a Python-based exploit for CVE-2024-51793, targeting an unauthenticated arbitrary file upload vulnerability in the WordPress Computer Repair Shop plugin (versions <= 3.8115). It uploads a PHP shell to vulnerable sites and logs successful exploits.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Computer Repair Shop plugin <= 3.8115

No auth needed

Prerequisites: List of target URLs · Python 3 · requests library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-51793

View Code ZIP pw:eip

This is a functional exploit for CVE-2024-51793, targeting an arbitrary file upload vulnerability in the WordPress RepairBuddy plugin (versions <= 3.8115). It uploads a PHP shell to the vulnerable server via a multipart form data request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress RepairBuddy plugin <= 3.8115

No auth needed

Prerequisites: Target URL with vulnerable plugin installed · Network access to the target

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-51793

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-51793, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: target URL · malicious file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by 0axz-tools · poc

https://github.com/0axz-tools/CVE-2024-51793

View Code ZIP pw:eip

This is a functional exploit for CVE-2024-51793, targeting an unauthenticated arbitrary file upload vulnerability in the Computer Repair Shop WordPress Plugin. It includes vulnerability checking, webshell upload, and verification capabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Computer Repair Shop WordPress Plugin < 3.8116

No auth needed

Prerequisites: Target running vulnerable WordPress plugin · Network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/computer-repair-shop/vulnerability/wordpress-repairbuddy-plugin-3-8115-arbitrary-file-upload-vulnerability?_s_id=cve

Various Sources

https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-51793

Third Party Advisory

https://patchstack.com/database/vulnerability/computer-repair-shop/wordpress-repairbuddy-plugin-3-8115-arbitrary-file-upload-vulnerability?_s_id=cve

Scores

CVSS v3 10.0

EPSS 0.0179

EPSS Percentile 75.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

Ateeq Rafeeq/RepairBuddy < 3.8115

webfulcreations/computer_repair_shop < 3.8115

Published Nov 11, 2024

Tracked Since Feb 18, 2026