CVE-2025-39401

CRITICAL

Mojoomla WPAMS <44.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-39401. PoCs published by Nxploited.

AI-analyzed exploit summary This is a functional exploit for CVE-2025-39401, targeting an arbitrary file upload vulnerability in the WordPress WPAMS plugin. It automates mass exploitation by uploading a shell, brute-forcing timestamp-based filenames, and verifying shell accessibility.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).

Exploits (1)

nomisec WORKING POC 4 stars
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-39401

This is a functional exploit for CVE-2025-39401, targeting an arbitrary file upload vulnerability in the WordPress WPAMS plugin. It automates mass exploitation by uploading a shell, brute-forcing timestamp-based filenames, and verifying shell accessibility.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress WPAMS Plugin <= 44.0
No auth needed
Prerequisites: Python 3.7+ · requests library · rich library · shell.php file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 10.0
EPSS 0.0046
EPSS Percentile 36.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
mojoomla/WPAMS < 44.0 (17-08-2023)
Published May 19, 2025
Tracked Since Feb 18, 2026