CVE-2025-6440

This repository contains a functional Python exploit for CVE-2025-6440, targeting an unauthenticated arbitrary file upload vulnerability in the WC Designer Pro WordPress plugin, leading to remote code execution (RCE). The exploit includes detailed technical documentation, a multi-threaded scanner, and a working PoC that uploads a PHP shell via a vulnerable AJAX endpoint.

This PoC exploits an unauthenticated arbitrary file upload vulnerability in WooCommerce Designer Pro <= 1.9.26 via the 'wcdp_save_canvas_design_ajax' function, allowing attackers to upload malicious files (e.g., PHP shells) for potential remote code execution.

This repository contains a Python-based exploit for CVE-2025-6440, targeting an unauthenticated arbitrary file upload vulnerability in the WC Designer Pro WordPress plugin, leading to remote code execution (RCE). The exploit automates detection, validation, and payload delivery via a multipart form upload to a vulnerable AJAX endpoint.

This is a Python-based exploit for CVE-2025-6440, targeting a WordPress plugin vulnerability to upload a shell. It includes multi-threading, rich console output, and checks for specific conditions to determine vulnerability.

The repository contains a functional Python exploit for CVE-2025-6440, demonstrating an unauthenticated arbitrary file upload vulnerability in the WooCommerce Designer Pro plugin via the `wcdp_save_canvas_design_ajax` AJAX endpoint. The exploit uploads a file and verifies its accessibility, confirming the vulnerability.

This repository contains a functional Python exploit for CVE-2025-6440, an unauthenticated file upload vulnerability in the WordPress WooCommerce Dynamic Pricing & Discounts Plugin. The exploit uploads a PHP payload to vulnerable WordPress sites via the 'wcdp_save_canvas_design_ajax' AJAX endpoint and verifies the upload location.

This repository contains a functional exploit for CVE-2025-6440, targeting a vulnerability in the WC Designer Pro WordPress plugin. The exploit uploads a malicious PHP shell via an unauthenticated file upload vulnerability in the plugin's AJAX endpoint.

This is a functional exploit for CVE-2025-6440 targeting WC Designer Pro, demonstrating unauthenticated remote code execution via file upload through the 'wcdp_save_canvas_design_ajax' action. The script includes vulnerability checks and payload delivery mechanisms.

The repository contains only a README.md file with minimal information about CVE-2025-6440, indicating it is a placeholder or early-stage project. No actual exploit code or technical details are provided.

The repository contains functional exploit code for CVE-2025-6440, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

This repository contains a functional Python exploit for CVE-2025-6440, an unauthenticated arbitrary file upload vulnerability in WooCommerce Designer Pro <= 1.9.26. The exploit leverages the 'wcdp_save_canvas_design_ajax' AJAX action to upload arbitrary files, potentially leading to remote code execution.