关联漏洞
Description
CVE-2025-10720 PoC
介绍
## Description
This proof of concept (PoC) describes a Cross-Site Request Forgery (CSRF) vulnerability found in the **Contest Gallery – Upload, Vote & Sell with PayPal and Stripe v. 26.1.2** plugin. The issue allows an attacker to trick an authenticated user into executing a crafted request that unintentionally deletes a gallery item without their consent, leading to unauthorized content loss and affecting data integrity.
## Details
- **Vulnerability Type**: Cross-Site Request Forgery (CSRF)
- **Affected Plugin**: 
## Impact
An attacker could trigger unintended operations, specifically the deletion of gallery items—without the user’s awareness or explicit permission. Successful exploitation may lead to unauthorized content removal and poses a risk to data integrity within the system.
## References
- [WPScan](https://wpscan.com/vulnerability/09aad613-162c-41f3-bf91-80fe733771f9/])
文件快照
[4.0K] /data/pocs/24c3b30cd5a091719fa0f3472a8965eee30dc01f
├── [4.4K] CSRF in Content Gallery Plugin.md
├── [1.0K] exploit.html
├── [4.0K] images
│ ├── [788K] check.png
│ ├── [1005K] edit-options.png
│ ├── [652K] exploit.png
│ ├── [459K] gallery-creation.png
│ ├── [139K] no-entries.png
│ ├── [1.7M] payload-creation.png
│ ├── [540K] plugin-activated.png
│ ├── [820K] request.png
│ ├── [257K] seubscriber-access.png
│ ├── [495K] trash-button.png
│ ├── [301K] upload-image.png
│ └── [213K] users.png
└── [1.0K] README.md
2 directories, 15 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。