CVE-2024-8856

This exploit demonstrates an arbitrary file upload vulnerability in the WordPress Backup and Staging plugin (≤ 1.21.16), allowing unauthenticated attackers to upload a PHP shell via the upload.php endpoint, leading to remote code execution.

The PoC demonstrates an arbitrary file upload vulnerability in the WP Time Capsule WordPress plugin, allowing unauthenticated attackers to upload and potentially execute malicious PHP files. The exploit leverages insufficient file validation in the plugin's upload endpoint.

This repository contains a Python-based scanner for detecting vulnerable versions of the WordPress WP Time Capsule plugin (CVE-2024-8856). It checks for versions below 1.22.22 by fetching the readme.txt file and uses multithreading for efficiency.

This repository contains a functional PoC for CVE-2024-8856, demonstrating unauthenticated RCE via file upload in the WP Time Capsule WordPress plugin. The scanner and RCE scripts confirm vulnerability by uploading PHP payloads and executing system commands.

This Metasploit module exploits an arbitrary file upload vulnerability in the WordPress WP Time Capsule plugin (versions <= 1.22.21) by bypassing extension validation to upload a malicious PHP file, achieving remote code execution (RCE).