CVE-2025-5287

This repository contains a functional Python script that exploits a time-based SQL injection vulnerability (CVE-2025-5287) in a WordPress plugin. The script uses threaded requests to test multiple URLs for susceptibility to the SQLi by measuring delays from injected SLEEP functions.

This repository provides a detailed technical analysis of CVE-2025-5287, an unauthenticated SQL injection vulnerability in the WordPress Likes and Dislikes Plugin ≤ 1.0.0. It includes SQLMap commands, manual payloads, and evidence of exploitation via time-based blind SQLi.

This repository contains a functional Python script that exploits CVE-2025-5287, an unauthenticated time-based blind SQL injection vulnerability in the WordPress Likes and Dislikes Plugin ≤ 1.0.0. The exploit targets the `post` parameter in the `my_likes_dislikes_action` AJAX action.

The repository provides a functional SQL injection PoC for CVE-2025-5287, targeting the 'Likes and Dislikes Plugin' for WordPress. It includes a sqlmap command demonstrating unauthenticated SQLi via the 'post' parameter, with payloads for boolean-based and time-based blind injection.

The repository contains functional exploit code for CVE-2025-5287, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.