https://github.com/chocapikk/cve-2023-5360

Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: CVE-2023-5360.
https://github.com/chocapikk/cve-2023-5360

cve-2023-5360 exploit hacking infosec open-source penetration-testing python remote-code-execution royal-elementor-addons vulnerability web-security wordpress

Last synced: about 1 month ago
JSON representation

Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: CVE-2023-5360.

• Host: GitHub
• URL: https://github.com/chocapikk/cve-2023-5360
• Owner: Chocapikk
• Created: 2023-11-02T03:15:44.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2023-11-02T17:57:55.000Z (over 1 year ago)
• Last Synced: 2025-04-13T17:07:37.938Z (about 1 month ago)
• Topics: cve-2023-5360, exploit, hacking, infosec, open-source, penetration-testing, python, remote-code-execution, royal-elementor-addons, vulnerability, web-security, wordpress
• Language: Python
• Homepage: https://wpscan.com/blog/unauthenticated-file-upload-vulnerability-addressed-in-royal-elementor-addons-and-templates-1-3-79/
• Size: 6.84 KB
• Stars: 9
• Watchers: 2
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# 🚀 WordPress Royal Elementor Addons and Templates Exploit

Exploit for the unauthenticated file upload vulnerability in Royal Elementor Addons and Templates < 1.3.79.

## 📌 Description

The `Royal Elementor Addons and Templates` plugin for WordPress is vulnerable to an unauthenticated file upload vulnerability. This exploit leverages this vulnerability to upload malicious payloads to vulnerable WordPress installations.

Vulnerable versions: < 1.3.79  

CVE-ID: CVE-2023-5360  

WPVDB ID: [281518ff‑7816‑4007‑b712‑63aed7828b34](https://wpscan.com/vulnerability/281518ff‑7816‑4007‑b712‑63aed7828b34/)  

CVSSv3.1: 10.0

## 🛠️ Installation

1. Clone the repository:

    ```bash

    git clone https://github.com/Chocapikk/CVE-2023-5360.git

    ```

2. Navigate to the repository's directory:

    ```bash

    cd CVE-2023-5360

    ```

3. Install the required dependencies:

    ```bash

    pip install -r requirements.txt

    ```

## 🛠️ Usage

1. Use the following command to exploit a single URL:

    ```bash

    python3.10 exploit.py -u  -v

    ```

   Or use the following command to exploit a list of URLs:

    ```bash

    python3.10 exploit.py -l  -v

    ```

Optional arguments:  

`-f, --file` : Use a custom PHP file to upload  

`-o, --output`: Save vulnerable URLs to an output file  

`-t, --threads`: Specify the number of threads to use (default is 200)  

`-T, --timeout`: Specify the request timeout in seconds (default is 10)

## 📣 Disclaimer

🚫 **Usage of this exploit without prior mutual consent is illegal.** It's the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

## ⚠️ Advisory

Ensure your WordPress installations are fully updated to safeguard against this vulnerability. Particularly, update the `Royal Elementor Addons and Templates` plugin to version 1.3.79 or later.

## 🙏 Acknowledgements

Kudos to all researchers and developers working hard to protect the web!