CVE-2025-2294

This exploit targets a Local File Inclusion (LFI) vulnerability in the Kubio AI Page Builder WordPress plugin (CVE-2025-2294). It checks for vulnerable versions and exploits the LFI via path traversal in the `__kubio-site-edit-iframe-classic-template` parameter.

The repository contains a functional exploit PoC for CVE-2025-2294, demonstrating command execution via a crafted request to the target endpoint. The script includes multi-threading, URL normalization, and session handling to verify vulnerability.

This repository contains functional exploit PoCs for multiple CVEs, including a JavaScript injection vulnerability (AIKIDO-2026-10165) and a path traversal vulnerability (CVE-2014-3744). The PoCs demonstrate both vulnerable and protected scenarios using the Aikido Zen Firewall.

This is a functional exploit for CVE-2025-2294, targeting an unauthenticated Local File Inclusion (LFI) vulnerability in the Kubio AI Page Builder WordPress plugin (versions <= 2.5.1). The script fetches the plugin's readme.txt to verify vulnerability, then exploits the LFI to read arbitrary files (default: /etc/passwd).

This repository contains a functional Python-based exploit for CVE-2025-2294, an unauthenticated Local File Inclusion (LFI) vulnerability in Kubio AI Page Builder for WordPress versions up to 2.5.1. The exploit checks for vulnerability by fetching the plugin's readme.txt and then constructs a malicious URL to read arbitrary files from the server.

This is a functional exploit for CVE-2025-2294, targeting a Local File Inclusion (LFI) vulnerability in the Kubio AI Page Builder plugin for WordPress. The script automates the detection of LFI by attempting to read /etc/passwd and nginx access logs via path traversal.

The repository contains functional exploit code for CVE-2025-2294, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the vulnerability by uploading a shell to a vulnerable endpoint.

The repository contains a detailed writeup and a Python scanner for CVE-2025-2294, a critical Local File Inclusion (LFI) vulnerability in the Kubio AI Page Builder WordPress plugin. The scanner checks for the presence of the vulnerability by attempting to read /etc/passwd via path traversal.

This repository contains a functional Python exploit for CVE-2025-2294, an unauthenticated Local File Inclusion (LFI) vulnerability in WordPress Kubio AI Page Builder ≤ 2.5.1. The script sends crafted HTTP requests to include arbitrary files (e.g., /etc/passwd) and supports single/multi-target scanning.

This repository contains a functional Python-based exploit for CVE-2025-2294, an unauthenticated Local File Inclusion (LFI) vulnerability in the Kubio AI Page Builder WordPress plugin. The exploit automates the detection and exploitation of the vulnerability by testing for the presence of sensitive files like /etc/passwd.

This repository contains a scanner for CVE-2025-2294, which checks for Local File Inclusion (LFI) vulnerabilities in a target system. The scanner uses a list of payloads to test for LFI and checks the response for patterns indicative of a successful exploit.

This is a functional exploit for CVE-2025-2294, targeting an unauthenticated Local File Inclusion (LFI) vulnerability in the Kubio AI Page Builder WordPress plugin (versions <= 2.5.1). The script checks for vulnerability by fetching the plugin's readme.txt, then exploits the LFI to read arbitrary files (default: /etc/passwd).

This is a functional Python-based exploit for CVE-2025-2294, targeting an unauthenticated Local File Inclusion (LFI) vulnerability in the Kubio Page Builder WordPress plugin (versions ≤ 2.5.1). The script includes version detection, single/batch target processing, and custom file path support.