.. / CVE-2023-0159

Exploit for WordPress Plugin Extensive VC Addons < 1.9.1 - Unauthenticated Remote Code Execution (CVE-2023-0159)

Description:

The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2023-0159.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-0159.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-0159
https://wordpress.org/plugins/extensive-vc-addon/
https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809/