CVE-2024-9932

This PoC demonstrates an unauthenticated arbitrary file upload vulnerability in Wux Blog Editor for WordPress <= 3.0.0. The exploit leverages insufficient file type validation in the 'wuxbt_insertImageNew' function, allowing remote code execution via a crafted HTTP POST request.

This is a functional exploit for CVE-2024-9932, an unauthenticated arbitrary file upload vulnerability in the Wux Blog Editor WordPress plugin. It uploads a remote PHP payload via a vulnerable REST endpoint and provides an interactive shell for command execution.

This is a functional exploit for CVE-2024-9932, targeting an arbitrary file upload vulnerability in the Wux Blog Editor WordPress plugin (versions up to 3.0). The PoC checks the plugin version and exploits insufficient file type validation to upload a remote file to the server.

The repository contains functional exploit code for CVE-2024-9932, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.