CVEs-PoC/2021/CVE-2021-44223.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.1 KiB

Raw Permalink Blame History

CVE-2021-44223

Description

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.

POC

Reference

https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/

Github

https://github.com/20142995/nuclei-templates
https://github.com/ARPSyndicate/cvemon
https://github.com/Afetter618/WordPress-PenTest
https://github.com/NeoOniX/5ATTACK
https://github.com/namhikelo/Symfonos1-Vulnhub-CEH
https://github.com/vavkamil/wp-update-confusion

1.1 KiB Raw Permalink Blame History

CVE-2021-44223

Description

POC

Reference

Github

1.1 KiB

Raw Permalink Blame History