An Open-source EXPLOIT for The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
This repository contains a Python script designed to check for and exploit the WordPress vulnerability CVE-2023-5360 in websites using the Royal Elementor Addons plugin. The exploit involves uploading a PHP shell to the target website.
- Asynchronously checks a list of WordPress sites for the CVE-2023-5360 vulnerability.
- Attempts to exploit the vulnerability by uploading a PHP shell.
- Provides detailed logging for each checked and exploited site.
- Includes an ASCII art banner for a professional touch.
- Python 3.x
- Colorama library (
pip install colorama)
Clone the repository:
git clone https://github.com/Pushkarup/CVE-2023-5360.gitInstall dependencies:
pip install -r requirements.txt1)Prepare a list of target WordPress sites in a text file (e.g., "urls.txt"). 2)Run the exploit:
python CVE-2023-5360.pyFollow the prompts to enter the URL list file name and the number of threads for concurrent checking.
- exploit.log: Contains detailed logs of the exploit process.
- active-plugin.txt: Lists the URLs with the Royal Elementor Addons plugin.
- exploited.txt: Lists the URLs successfully exploited.
This exploit script is intended for educational purposes only. Use it responsibly, and ensure you have the necessary permissions before testing on websites you do not own.
This project is licensed under the MIT License - see the LICENSE file for details.
- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP
- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a
- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a