CVE-2024-31210 PoC — WordPress 安全漏洞

Source

https://github.com/Abo5/CVE-2024-31210

Associated Vulnerability

Title:WordPress 安全漏洞 (CVE-2024-31210)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress存在安全漏洞，该漏洞源于允许攻击者绕过插件安装程序上传PHP文件。受影响的产品和版本：WordPress 6.4.3之前版本，6.3.3之前版本，6.2.4之前版本，6.1.5之前版本，6.0.7之前版本，5.9.9之前版本，5.8.9之前版本，5.7.11之前版本，5.6.13之前版本，5.5.14之前版本，5.4.15之前版本，5.3.17之前版

Description

This Ruby script checks if a given WordPress site is vulnerable to CVE-2024-31210, which allows administrator-level users on single-site installations and Super Admin-level users on Multisite installations to execute arbitrary PHP code via the plugin upload mechanism.

Readme

# CVE-2024-31210
---

## WordPress Vulnerability Checker

This Ruby script checks if a given WordPress site is vulnerable to CVE-2024-31210, which allows administrator-level users on single-site installations and Super Admin-level users on Multisite installations to execute arbitrary PHP code via the plugin upload mechanism.

### Features
- Prompts the user to input the URL of the WordPress site to check.
- Sends an HTTP GET request to the specified URL.
- Analyzes the server's response to determine if the site is vulnerable.

### Usage
1. Clone the repository or download the script file.
2. Run the script using Ruby:
   ```sh
   ruby CVE-2024-31210.rb
   ```
3. Enter the URL of the WordPress site when prompted.

---

File Snapshot


 [4.0K]  /data/pocs/a435abcd33108b7d89c355b2e5efbe39cebb519f
├── [ 764]  CVE-2024-31210.rb
└── [ 727]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!