CVE-2025-2005

This repository contains a working proof-of-concept exploit for CVE-2025-2005, an arbitrary file upload vulnerability in the WordPress Front-End Users Plugin <= 3.2.32. The exploit includes both manual HTTP request and Python script methods to upload a PHP web shell.

The repository contains detailed technical writeups for multiple CVEs, including command injection, XXE, SQLi, and RCE vulnerabilities. Each writeup provides vulnerability overviews, proof-of-concept examples, and mitigation recommendations.

This repository contains a functional exploit for CVE-2025-2005, targeting an arbitrary file upload vulnerability in the WordPress Front End Users plugin (versions up to 3.2.32). The exploit automates the discovery of registration forms and uploads a PHP shell to achieve remote code execution.

This repository contains a functional exploit for CVE-2025-2005, an arbitrary file upload vulnerability in the WordPress Front-End Users plugin (versions <= 3.2.32). The exploit allows unauthenticated attackers to upload a PHP web shell via a registration form, leading to remote code execution.

The repository contains functional exploit code for CVE-2025-2005, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.