CVE-2024-6536 PoC — WordPress plugin Zephyr Project Manager 安全漏洞

Source

https://github.com/apena-ba/CVE-2024-6536

Associated Vulnerability

Title:WordPress plugin Zephyr Project Manager 安全漏洞 (CVE-2024-6536)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Zephyr Project Manager 3.3.99 版本之前存在安全漏洞，该漏洞源于在将某些用户输入数据回显至页面之前没有对其进行清理或转义。

Readme

## Description

This script is a PoC for CVE-2024-6536, where a XSS is possible in the Zephyr Project Manager plugin for Wordpress. It requires authentication and privileges as a project manager administrator.

## Usage

```python3 CVE-2024-6536.py -u <USERNAME> -p <PASSWORD> -w <url>```

Example: ```python3 CVE-2024-6536.py -u user -p user -w http://localhost/wordpress```

## Links
- https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6536

File Snapshot


 [4.0K]  /data/pocs/f9edd4eab9c8c16c81a4a28941e56c0d8133444e
├── [3.5K]  CVE-2024-6536.py
└── [ 518]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!