mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 15:15:46 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2020-10564
Description
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.
POC
Reference
- https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report/
- https://wpvulndb.com/vulnerabilities/10132
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ChoiSG/vwp
- https://github.com/HycCodeQL/wordpress
- https://github.com/Irdinaaaa/pentest
- https://github.com/PaulBorie/kubernetes-security
- https://github.com/beardcodes/wordpress
- https://github.com/ehsandeep/wordpress-application
- https://github.com/vavkamil/dvwp