CVE-2025-7441

This exploit leverages an arbitrary file upload vulnerability in the StoryChief WordPress plugin (CVE-2025-7441) by crafting a malicious JSON payload with a forged HMAC signature to upload a PHP backdoor via the plugin's webhook endpoint. The backdoor is then accessible in the WordPress uploads directory.

This repository contains a functional Python exploit for CVE-2025-7441, an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin. The exploit crafts a malicious JSON payload to trigger server-side file fetching and persistence in the WordPress uploads directory.

The repository contains functional exploit code for CVE-2025-7441, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.

This repository contains a functional Python exploit for CVE-2025-7441, targeting a WordPress webhook vulnerability. The exploit crafts a malicious payload to include a remote shell via the 'featured_image' field and sends it to the vulnerable endpoint.

This repository contains a functional Python exploit for CVE-2025-7441, an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin. The exploit crafts a malicious JSON payload with a remote file URL, computes an HMAC signature, and sends it to the vulnerable endpoint to trigger server-side file retrieval and storage.

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin (CVE-2025-7441). It leverages a forged HMAC due to an empty secret, allowing attackers to upload and execute malicious PHP code via the webhook endpoint.