CVE-2024-6366 PoC — WordPress plugin User Profile Builder 安全漏洞

Source

Associated Vulnerability

Description

User Profile Builder <= 3.11.7 - Unauthenticated Media Upload

Readme

# CVE-2024-6366-PoC
User Profile Builder <= 3.11.7 - Unauthenticated Media Upload

# Description
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

## Usage:

```
usage: CVE-2024-6366.py [-h] -u URL

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation,
 allowing unauthenticated users to upload media files via the async upload functionality of WP.

options:
  -h, --help         show this help message and exit
  -u URL, --url URL  The target URL (e.g., http://example.com)
```

### result

```
Extracted URL from the response:
http:\/\/192.168.100.74:888\/wordpress\/wp-content\/uploads\/2025\/02\/Nxploit-8.png
```

### Disclaimer
This script is intended for educational purposes and authorized security assessments only. Misuse of this script may result in legal consequences. Always obtain proper authorization before testing on any system.

File Snapshot

 [4.0K]  /data/pocs/786d2a98257314e9f0c293c332b4e03ffbc6e719
├── [3.3K]  CVE-2024-6366.py
├── [ 36K]  Nxploit.jpg
└── [1.0K]  README.md

0 directories, 3 files

Remarks