漏洞平台

POC详情： e726b17c619cb89bbd0a7e75c3f472a87f3d657c

来源

https://github.com/realbotnet/CVE-2024-8277

关联漏洞

标题： WordPress plugin WooCommerce Photo Reviews Premium 安全漏洞 (CVE-2024-8277)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WooCommerce Photo Reviews Premium 1.3.13.2版本及之前版本存在安全漏洞，该漏洞源于没有正确验证login函数中使用的用户状态，也没有正确验证用户的身份。

描述

CVE-2024-8277 - 0Day Auto Exploit Authentication Bypass in WooCommerce Photo Reviews Plugin

介绍

<h1 align="left">CVE-2024-8277 - Authentication Bypass in WooCommerce Photo Reviews by <a href="https://t.me/bl4ckhatx" target="_blank">
  @bl4ckhatx
  </a></h1>

### 

<h3 align="left">This is just a teaser. The full exploit’s for sale. Want to compromise thousands of sites? Hit me up. <a href="https://t.me/bl4ckhatx" target="_blank">
  @bl4ckhatx
  </a></h3>

### 

<div align="center">
  <img   src="exploit.jpg"  />
</div>

### 

<h2 align="left">🎯 CVE-2024-8277: WooCommerce Exploit - Contact: <a href="https://t.me/bl4ckhatx" target="_blank">
  @bl4ckhatx
  </a></h2>

### 

<p align="left">A critical authentication bypass vulnerability in WooCommerce Photo Reviews Premium, affecting all versions ≤ 1.3.13.2. Exploit the login function to impersonate administrators, gaining full control of WordPress sites. Fast, silent, and efficient.</p>

### 

<h2 align="left">Overview - CVE-2024-8277</h2>

### 

<p align="left">This repository contains an exploit for CVE-2024-8277, which affects the WooCommerce Photo Reviews Premium plugin for WordPress. The exploit takes advantage of an authentication bypass due to improper validation in the login function. Attackers can impersonate any user, including administrators, who dismissed an admin notice in the last 30 days. This makes it easy for unauthorized access to be gained on vulnerable websites.</p>

### 

<h3 align="left">For more details or to secure a customized exploit kit, reach out on Telegram: <a href="https://t.me/bl4ckhatx" target="_blank">
  @bl4ckhatx
  </a></h3>

### 

<div align="left">
  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg" width="52" height="40" alt="telegram logo"  />
  </a>
</div>

###

文件快照


 [4.0K]  /data/pocs/e726b17c619cb89bbd0a7e75c3f472a87f3d657c
├── [ 21K]  exploit.jpg
└── [1.8K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。