CVE-2024-0844 PoC — WordPress plugin Popup More Popups, Lightboxes, and more popup modules 安全漏洞

Source

https://github.com/0x9567b/CVE-2024-0844

Associated Vulnerability

Title:WordPress plugin Popup More Popups, Lightboxes, and more popup modules 安全漏洞 (CVE-2024-0844)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Popup More Popups, Lightboxes, and more popup modules 存在安全漏洞，该漏洞源于通过 ycfChangeElementData() 函数可以进行本地文件包含。

Description

Path traversal in the popup-more WordPress plugin

Readme

# Popup-more  < 2.2.0 CVE-2024-0844
Path traversal in the popup-more WordPress plugin.

### Description
Vulnerable file location : /popup-more/classes/Ajax.php <br>
Link : https://wordpress.org/plugins/popup-more/#description <br>
Version : - < **2.2.0** <br>
Parameter: formKey <br>
Status: patched <br>

https://github.com/advisories/GHSA-wxfh-8hrr-vfjw

### Code snippet: 

```php
require_once YPM_POPUP_CLASSES.'form/'.esc_attr($key).'Form.php';
```

### Proof of concept:
![lfi_poc (1)](https://github.com/0x9567b/popup-more/assets/72038577/eddd0850-0fb8-4672-893f-5fed5f540193)

File Snapshot


 [4.0K]  /data/pocs/bb4ac0f60dbc99d52caac0c0fe1e9fff40f8f727
└── [ 584]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!