CVE-2020-25213CISA KEV: Actively Exploited

WordPress File Manager Plugin Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.

Public Exploits & PoCs8 found

PoC: wp-file-manager-CVE-2020-25213

https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8

48

PoC: WPKiller

CVE-2020-25213 Wordpress File Manager 6.7 Plugin 0day exploit

1

PoC: wp-file-manager-exploit-CVE-2020-25213-with-Zerologon

Exploit Windows server 2019 vulnerable to Zerologon with Garble, Chisel, wp-file-manager vulnerability (have video demo)

PoC: wordpress-rce-vapt-cve-2020-25213

Educational cybersecurity project demonstrating exploitation and mitigation of CVE-2020-25213 (WordPress File Manager Plugin RCE). Includes malware simulation, VAPT analysis, and security patch implementation in a controlled lab environment.

PoC: Python-CVE-2020-25213

Python Interactive Exploit for WP File Manager Vulnerability. The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension.

PoC: Python-exploit-CVE-2020-25213

Python exploit for RCE in Wordpress

PoC: CVE-2020-25213-wordpress-wp-file-manager-fileupload

WordPress的文件管理器插件(wp-file-manager)6.9版本之前存在安全漏洞,该漏洞允许远程攻击者上传和执行任意PHP代码。

PoC: Wordpress-CVE-2020-25213

Will write a python script for exploiting this vulnerability

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free