POC详情: 8dd6e60ee1a7832e2bd5850156a1073ed7a88467

来源
https://github.com/Professor6T9/CVE-2025-3515
关联漏洞
标题: WordPress plugin Drag and Drop Multiple File Upload for Contact Form 代码问题漏洞 (CVE-2025-3515)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 1.3.8.9及之前版本存在代码问题漏洞,该漏洞源于文件类型验证不足,可能导致未经验证攻击者上传.phar等危险文件类
描述
CVE‑2025‑3515 — Drag and Drop Multiple File Upload for Contact Form 7
介绍
# CVE-2025-3515
CVE‑2025‑3515 — Drag and Drop Multiple File Upload for Contact Form 7

- **Description:** Arbitrary file uploads via `drag‑and‑drop‑multiple‑file‑upload-contact‑form‑7` ≤1.3.8.9 allow upload of `.phar` files, leading to remote code execution in Apache+mod_php :contentReference[oaicite:29]{index=29}.  
- **CVSS (v3.1):** 8.1 (High) :contentReference[oaicite:30]{index=30}  
- **Patch:** Updated to ≥1.3.9.0 :contentReference[oaicite:31]{index=31}  
- **References:**
  - NVD: CVE‑2025‑3515 :contentReference[oaicite:32]{index=32}  
  - Wiz, feedly, GitHub advisory, Wordfence, WordPress Trac links above

The tool coded in python version 3 use checker for detect the existing plugin then use the exploit 
Telegram: https://t.me/Professor6T9
Team Telegram: https://t.me/TeamAnonForce6T9
文件快照

 [4.0K]  /data/pocs/8dd6e60ee1a7832e2bd5850156a1073ed7a88467
├── [2.3K]  checker.py
├── [2.3K]  exploit.py
└── [ 831]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。