CVE-2024-13346 PoC — WordPress plugin Avada | Website Builder For WordPress & WooCommerce 代码注入漏洞

Source

https://github.com/tausifzaman/CVE-2024-13346

Associated Vulnerability

Title:WordPress plugin Avada | Website Builder For WordPress & WooCommerce 代码注入漏洞 (CVE-2024-13346)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Avada | Website Builder For WordPress & WooCommerce 7.11.13版本及之前版本存在代码注入漏洞，该漏洞源于允许用户在运行do_shortcode之前执行未正确验证值的操作，

Description

Avada Theme < 7.11.14 - Unauthenticated Arbitrary Shortcode Execution CVE-2024-13346 exploit script

Readme

# CVE-2024-13346
Avada Theme &lt; 7.11.14 - Unauthenticated Arbitrary Shortcode Execution CVE-2024-13346 exploit script
![Description](https://raw.githubusercontent.com/tausifzaman/CVE-2024-13346/refs/heads/main/image.jpg)
## Installation Code
```
git clone https://github.com/tausifzaman/CVE-2024-13346.git
```
```
cd CVE-2024-13346
```
```
pip install -r requirements.txt
```
```
python3 exploit.py
```

File Snapshot


 [4.0K]  /data/pocs/3ac36ae01048ef36c56dd01454e31ff45f61b3b0
├── [5.9K]  exploit.py
├── [197K]  image.jpg
├── [ 34K]  LICENSE
├── [ 406]  README.md
└── [  32]  requirements.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!