{"id":22799893,"url":"https://github.com/chocapikk/cve-2023-5360","last_synced_at":"2026-03-12T23:31:08.878Z","repository":{"id":205020256,"uuid":"713201054","full_name":"Chocapikk/CVE-2023-5360","owner":"Chocapikk","description":"Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (\u003c 1.3.79). CVE-ID: CVE-2023-5360.","archived":false,"fork":false,"pushed_at":"2023-11-02T17:57:55.000Z","size":7,"stargazers_count":9,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-20T17:16:44.686Z","etag":null,"topics":["cve-2023-5360","exploit","hacking","infosec","open-source","penetration-testing","python","remote-code-execution","royal-elementor-addons","vulnerability","web-security","wordpress"],"latest_commit_sha":null,"homepage":"https://wpscan.com/blog/unauthenticated-file-upload-vulnerability-addressed-in-royal-elementor-addons-and-templates-1-3-79/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chocapikk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-02T03:15:44.000Z","updated_at":"2025-04-07T15:29:40.000Z","dependencies_parsed_at":null,"dependency_job_id":"83330987-08ff-4048-b253-d959df9b616c","html_url":"https://github.com/Chocapikk/CVE-2023-5360","commit_stats":null,"previous_names":["chocapikk/cve-2023-5360"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Chocapikk/CVE-2023-5360","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-5360","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-5360/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-5360/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-5360/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chocapikk","download_url":"https://codeload.github.com/Chocapikk/CVE-2023-5360/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-5360/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30449016,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T21:31:01.033Z","status":"ssl_error","status_checked_at":"2026-03-12T21:30:43.161Z","response_time":114,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2023-5360","exploit","hacking","infosec","open-source","penetration-testing","python","remote-code-execution","royal-elementor-addons","vulnerability","web-security","wordpress"],"created_at":"2024-12-12T07:10:10.616Z","updated_at":"2026-03-12T23:31:08.842Z","avatar_url":"https://github.com/Chocapikk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🚀 WordPress Royal Elementor Addons and Templates Exploit\n\nExploit for the unauthenticated file upload vulnerability in Royal Elementor Addons and Templates \u003c 1.3.79.\n\n## 📌 Description\n\nThe `Royal Elementor Addons and Templates` plugin for WordPress is vulnerable to an unauthenticated file upload vulnerability. This exploit leverages this vulnerability to upload malicious payloads to vulnerable WordPress installations.\n\nVulnerable versions: \u003c 1.3.79  \nCVE-ID: CVE-2023-5360  \nWPVDB ID: [281518ff‑7816‑4007‑b712‑63aed7828b34](https://wpscan.com/vulnerability/281518ff‑7816‑4007‑b712‑63aed7828b34/)  \nCVSSv3.1: 10.0\n\n## 🛠️ Installation\n\n1. Clone the repository:\n    ```bash\n    git clone https://github.com/Chocapikk/CVE-2023-5360.git\n    ```\n\n2. Navigate to the repository's directory:\n    ```bash\n    cd CVE-2023-5360\n    ```\n\n3. Install the required dependencies:\n    ```bash\n    pip install -r requirements.txt\n    ```\n\n## 🛠️ Usage\n\n1. Use the following command to exploit a single URL:\n    ```bash\n    python3.10 exploit.py -u \u003cTARGET_URL\u003e -v\n    ```\n   Or use the following command to exploit a list of URLs:\n    ```bash\n    python3.10 exploit.py -l \u003cURL_LIST_FILE\u003e -v\n    ```\n\nOptional arguments:  \n`-f, --file` : Use a custom PHP file to upload  \n`-o, --output`: Save vulnerable URLs to an output file  \n`-t, --threads`: Specify the number of threads to use (default is 200)  \n`-T, --timeout`: Specify the request timeout in seconds (default is 10)\n\n## 📣 Disclaimer\n\n🚫 **Usage of this exploit without prior mutual consent is illegal.** It's the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.\n\n## ⚠️ Advisory\n\nEnsure your WordPress installations are fully updated to safeguard against this vulnerability. Particularly, update the `Royal Elementor Addons and Templates` plugin to version 1.3.79 or later.\n\n## 🙏 Acknowledgements\n\nKudos to all researchers and developers working hard to protect the web!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2023-5360","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchocapikk%2Fcve-2023-5360","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2023-5360/lists"}