CVE-2025-5394

This repository contains a functional exploit for CVE-2025-5394, targeting the WP Alone theme ≤ 7.8.3. The exploit uploads a malicious plugin ZIP via an unauthenticated AJAX endpoint, achieving remote code execution (RCE) through a PHP web shell.

The repository contains a functional Python exploit for CVE-2025-5394, which allows unauthenticated arbitrary plugin upload in the Alone WordPress theme. The exploit automates the upload of a malicious ZIP file (disguised as a plugin) to achieve remote code execution.

This repository contains a functional exploit for CVE-2025-5394, an unauthenticated arbitrary file upload vulnerability in the WordPress Alone Theme <= 7.8.3. The exploit leverages an unprotected AJAX endpoint to install and activate a malicious plugin from a remote URL, leading to remote code execution (RCE).

This repository contains a functional exploit for CVE-2025-5394, which targets a missing authorization vulnerability in the Alone WordPress theme (versions <= 7.8.3). The exploit allows unauthenticated arbitrary file upload via plugin installation, leading to remote code execution (RCE).

The repository contains functional exploit code for CVE-2025-5394, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable endpoint, confirming the exploit's effectiveness.