.. / CVE-2020-25213

Exploit for WordPress File Manager Plugin - Remote Code Execution (CVE-2020-25213)

Description:

The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.

Nuclei Template

View the template here CVE-2020-25213.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-25213.yaml

References:

http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html
https://nvd.nist.gov/vuln/detail/CVE-2020-25213
https://github.com/w4fz5uck5/wp-file-manager-0day
http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html
https://plugins.trac.wordpress.org/changeset/2373068

.. / CVE-2020-25213 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress File Manager Plugin - Remote Code Execution (CVE-2020-25213)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-25213