漏洞平台

POC详情： 0d795501c8f0deb958fa7364407362c2c6f0aa72

来源

https://github.com/Nxploited/CVE-2025-26892

关联漏洞

标题： WordPress plugin Celestial Aura 代码问题漏洞 (CVE-2025-26892)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Celestial Aura 2.2及之前版本存在代码问题漏洞，该漏洞源于无限制上传危险类型文件，可能导致使用恶意文件。

描述

 WordPress Celestial Aura Theme <= 2.2 is vulnerable to Arbitrary File Upload

介绍


# CVE-2025-26892 – WordPress Celestial Aura Theme <= 2.2 Arbitrary File Upload (Authenticated)

## 📄 Description

An **Unrestricted File Upload** vulnerability exists in the WordPress **Celestial Aura** theme (developed by *dkszone*) up to version **2.2**.  
A low-privileged authenticated user can upload arbitrary PHP files through the theme's admin panel, potentially leading to **Remote Code Execution (RCE)**.

- Affected theme: `Celestial Aura`
- Affected versions: ≤ 2.2
- Vulnerable file: `wp-admin/admin.php?page=CA-settings`
- Exploitable by: Any authenticated user (subscriber and above)
- No nonce, file type, or extension validation

## 🛡️ CVSS Score

**Patchstack CNA Rating:**
- **Base Score:** 9.9 (CRITICAL)
- **Vector:** `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`

## 🚀 Usage

```
usage: CVE-2025-26892.py [-h] --url URL --username USERNAME --password PASSWORD

CVE-2025-26892 | WordPress Celestial Aura Theme <= 2.2 Arbitrary File Upload (Authenticated)

options:
  -h, --help            Show this help message and exit
  --url, -u URL         Target WordPress site (e.g., http://127.0.0.1/wordpress)
  --username, -un       WordPress username (any authenticated user)
  --password, -p        WordPress password
```

The script logs in with the provided credentials, uploads a malicious PHP shell (`nxploit.php`) via the vulnerable theme settings, and prints the direct URL to the uploaded shell.

## ✅ Successful Exploit Output

```
[+] Exploit sent successfully.

[+] Form Fields Sent:
  - CA_hdrimage: yes
  ...
  - CA_save: Save changes

[+] Shell Location:
http://target-site/wp-content/uploads/nxploit.php

Exploit By: Khaled_alenazi (Nxploited)
```

## ⚠️ Disclaimer

This project is for **educational and authorized penetration testing** purposes only.  
Any misuse of this tool is not the responsibility of the author.

文件快照


 [4.0K]  /data/pocs/0d795501c8f0deb958fa7364407362c2c6f0aa72
├── [2.7K]  CVE-2025-26892.py
├── [1.1K]  LICENSE
└── [1.8K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。