Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-18580 PoC — WordPress shortcodes-ultimate插件输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-18580.yaml
Associated Vulnerability
Title:WordPress shortcodes-ultimate插件输入验证错误漏洞 (CVE-2017-18580)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。shortcodes-ultimate是使用在其中的一个插件,它支持在页面上创建标签、按钮、滑块和响应式视频等。 WordPress shortcodes-ultimate插件5.0.1之前版本中存在安全漏洞。攻击者可利用该漏洞执行代码。
Description
Shortcodes Ultimate plugin before 5.0.1 for WordPress contains a remote code execution caused by a filter in meta, post, or user shortcode, letting remote attackers execute arbitrary code, exploit requires sending crafted shortcode data.
File Snapshot

 id: CVE-2017-18580

info:
  name: WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.