CVE-2025-13801 PoC — WordPress plugin Yoco Payments 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-13801.yaml

Associated Vulnerability

Title:WordPress plugin Yoco Payments 路径遍历漏洞 (CVE-2025-13801)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Yoco Payments 3.8.8及之前版本存在路径遍历漏洞，该漏洞源于file参数存在路径遍历，可能导致任意文件读取。

Description

Yoco Payments WordPress plugin <= 3.8.8 contains a path traversal caused by improper validation of the file parameter, letting unauthenticated attackers read arbitrary files on the server.

File Snapshot


 id: CVE-2025-13801

info:
  name: Yoco Payments <= 3.8.8 - Path Traversal
  author: 0x_Akoko
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!