English Version

WordPress WP Photo Album Plus Arbitrary Shortcode Execution

CVE-2024-10958

PoC code for unauthenticated arbitrary shortcode execution vulnerability in WordPress WP Photo Album Plus plugin.

Details

Affected Versions: <= 8.8.08.007
CVSS Score: 7.3 (High)
Vulnerability Type: Arbitrary Shortcode Execution

Vulnerability Description

The WP Photo Album Plus plugin allows unauthenticated users to execute arbitrary shortcodes due to a validation flaw in the getshortcodedrenderedfenodelay AJAX action.

Resources

Installation

git clone https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit.git

cd CVE-2024-10958-WPPA-Exploit

pip install -r requirements.txt

Usage

python3 exploit.py -u http://target-site.com

Legal Disclaimer

This tool is for educational and research purposes only. It should only be used on systems where you have permission. The user is responsible for any unauthorized use.

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
README.md		README.md
exploit.py		exploit.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

English Version

WordPress WP Photo Album Plus Arbitrary Shortcode Execution

CVE-2024-10958

Details

Vulnerability Description

Resources

Installation

Usage

Legal Disclaimer

About

Releases

Packages

Languages

offsitedark/CVE-2024-10958-WPPA-Exploit

Folders and files

Latest commit

History

Repository files navigation

English Version

WordPress WP Photo Album Plus Arbitrary Shortcode Execution

CVE-2024-10958

Details

Vulnerability Description

Resources

Installation

Usage

Legal Disclaimer

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages