Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-2294 PoC — WordPress plugin Kubio AI Page Builder 路径遍历漏洞

Source
https://github.com/mrrivaldo/CVE-2025-2294
Associated Vulnerability
Title:WordPress plugin Kubio AI Page Builder 路径遍历漏洞 (CVE-2025-2294)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Kubio AI Page Builder 2.5.1及之前版本存在路径遍历漏洞,该漏洞源于kubio_hybrid_theme_load_template函数存在本地文件包含,可能导致未认证攻击者包含和执行任意文件。
Readme
# Kubio Page Builder LFI Exploit (CVE-2025-2294)

![Python](https://img.shields.io/badge/python-3.6%2B-blue)
![License](https://img.shields.io/badge/license-MIT-green)
![Vulnerability](https://img.shields.io/badge/CVE-2025--2294-critical)

Local File Inclusion (LFI) exploit for Kubio Page Builder WordPress plugin (versions ≤ 2.5.1).

## 📌 Description

This tool exploits an unauthenticated LFI vulnerability in Kubio Page Builder plugin (CVE-2025-2294), allowing attackers to read sensitive files on vulnerable WordPress installations.

## 🚀 Features

- Single target mode (`-u`)
- Bulk scanning from file (`-l`)
- Version detection
- Output results to file (`-o`)
- Automatic vulnerable version check
- Custom file path support

## 📦 Installation

```bash
git clone https://github.com/mrrivaldo/CVE-2025-2294.git
```

## 🛠 Usage

### Basic Single Target
```bash
python3 cve-2025-2294.py -u https://vulnerable-site.com
```

### Custom File Path
```bash
python3 cve-2025-2294.py -u https://vulnerable-site.com -f ../../wp-config.php
```

### Bulk Scan Mode
```bash
python3 cve-2025-2294.py -l targets.txt -o results.txt
```

### Help Menu
```bash
python3 cve-2025-2294.py --help
```

## ⚙ Options
| Option | Description |
|--------|-------------|
| `-u`, `--url` | Single target URL |
| `-l`, `--list` | File containing list of targets |
| `-f`, `--file` | File to read (default: `/etc/passwd`) |
| `-o`, `--output` | Save vulnerable targets to file |

## 📝 Example File Structure
`targets.txt`:
```
https://wordpress-site1.com
http://wordpress-site2.com
https://another-vulnerable-site.com
```

## ⚠ Legal Disclaimer
This tool is for **educational purposes only**. The developer is not responsible for any misuse. Always obtain proper authorization before testing any systems.
File Snapshot

 [4.0K]  /data/pocs/4826838083f8a5685c4eb54e84f55ff3b647f76f
├── [5.2K]  cve-2025-2994.py
└── [1.8K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.