English Version

WordPress WP Photo Album Plus Arbitrary Shortcode Execution

CVE-2024-10958

PoC code for unauthenticated arbitrary shortcode execution vulnerability in WordPress WP Photo Album Plus plugin.

Details

Affected Versions: <= 8.8.08.007
CVSS Score: 7.3 (High)
Vulnerability Type: Arbitrary Shortcode Execution

Vulnerability Description

The WP Photo Album Plus plugin allows unauthenticated users to execute arbitrary shortcodes due to a validation flaw in the getshortcodedrenderedfenodelay AJAX action.

Resources

Wordfence Threat Intel
WordPress Plugin Repository
Plugin Trac
Fix Commit

Installation

git clone https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit.git

cd CVE-2024-10958-WPPA-Exploit

pip install -r requirements.txt

Usage

python3 exploit.py -u http://target-site.com

Legal Disclaimer

This tool is for educational and research purposes only. It should only be used on systems where you have permission. The user is responsible for any unauthorized use.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

English Version

WordPress WP Photo Album Plus Arbitrary Shortcode Execution

CVE-2024-10958

Details

Vulnerability Description

Resources

Installation

Usage

Legal Disclaimer

Files

README.md

Latest commit

History

README.md

File metadata and controls

English Version

WordPress WP Photo Album Plus Arbitrary Shortcode Execution

CVE-2024-10958

Details

Vulnerability Description

Resources

Installation

Usage

Legal Disclaimer