CVE-2026-1357

This repository contains a functional SQL injection exploit for CVE-2025-10042, targeting WordPress Quiz Maker plugin versions <= 6.7.0.56. The exploit uses time-based blind SQLi to extract admin credentials and hashes.

This repository contains a functional exploit for CVE-2026-1357, an unauthenticated RCE vulnerability in WPvivid Backup & Migration. The exploit chains a crypto fail-open bug with path traversal to upload a malicious file, demonstrating the vulnerability with post-exploitation capabilities.

This repository contains a functional exploit for CVE-2026-1357, targeting an unauthenticated arbitrary file upload vulnerability in WPvivid Backup & Migration plugin (≤ 0.9.123). The exploit leverages a cryptographic fail-open (null AES key) and path traversal to achieve remote code execution (RCE).

This repository contains a functional exploit for CVE-2026-1357, an unauthenticated arbitrary file upload vulnerability in WPvivid Backup & Migration plugin (versions <= 0.9.123). The exploit leverages a cryptographic fail-open flaw combined with path traversal to achieve remote code execution.

This repository contains a functional exploit for CVE-2026-1357, targeting a vulnerability in the WPvivid Backup plugin. The exploit leverages a null byte key decryption flaw and directory traversal to upload a malicious PHP webshell, achieving remote code execution (RCE).

This repository contains a functional exploit for CVE-2026-1357, targeting the WPvivid Backup & Migration plugin for WordPress. The exploit leverages improper error handling in RSA decryption and lack of path sanitization to achieve unauthenticated arbitrary file upload, leading to remote code execution.

This repository provides a detailed technical analysis of CVE-2026-1357, an unauthenticated RCE vulnerability in the WPvivid Backup & Migration WordPress plugin. It includes root cause analysis, patch details, and mitigation steps.

This repository provides a detailed technical analysis of CVE-2026-1357, an unauthenticated RCE vulnerability in the WPvivid Backup & Migration WordPress plugin. It includes root cause analysis, patch details, and mitigation steps.

This repository contains a functional exploit for CVE-2026-1357, targeting a vulnerability in WPvivid Backup Plugin. The exploit generates a malicious payload using AES encryption with a null key and sends it to the target, allowing arbitrary file write and potential remote code execution.

This repository contains a functional exploit for CVE-2026-1357, targeting a cryptographic failure and directory traversal in the WPvivid WordPress plugin to achieve unauthenticated RCE via file upload. The PoC includes a Docker-based lab environment and a Python script that crafts a malicious payload to bypass authentication and upload a PHP shell.

This repository contains a functional exploit PoC for CVE-2026-1357, targeting an unauthenticated RCE vulnerability in WPvivid Backup & Migration plugin versions ≤ 0.9.123. The exploit uploads a malicious payload via the 'send_to_site' action and achieves remote code execution through a webshell.