Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-9061 PoC — WordPress plugin The WP Popup Builder 代码注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9061.yaml
Associated Vulnerability
Title:WordPress plugin The WP Popup Builder 代码注入漏洞 (CVE-2024-9061)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin The WP Popup Builder 1.3.5版本及之前版本存在代码注入漏洞,该漏洞源于通过 wp_ajax_nopriv_shortcode_Api_Add 函数可以执行任意代码。
Description
The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
File Snapshot

 id: CVE-2024-9061

info:
  name: WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.