# 🚀 WordPress Royal Elementor Addons and Templates Exploit
Exploit for the unauthenticated file upload vulnerability in Royal Elementor Addons and Templates < 1.3.79.
## 📌 Description
The `Royal Elementor Addons and Templates` plugin for WordPress is vulnerable to an unauthenticated file upload vulnerability. This exploit leverages this vulnerability to upload malicious payloads to vulnerable WordPress installations.
Vulnerable versions: < 1.3.79
WPVDB ID: [281518ff‑7816‑4007‑b712‑63aed7828b34](https://wpscan.com/vulnerability/281518ff‑7816‑4007‑b712‑63aed7828b34/)
## 🛠️ Installation
1. Clone the repository:
git clone https://github.com/Chocapikk/CVE-2023-5360.git
2. Navigate to the repository's directory:
3. Install the required dependencies:
pip install -r requirements.txt
## 🛠️ Usage
1. Use the following command to exploit a single URL:
python3.10 exploit.py -u <TARGET_URL> -v
Or use the following command to exploit a list of URLs:
python3.10 exploit.py -l <URL_LIST_FILE> -v
`-f, --file` : Use a custom PHP file to upload
`-o, --output`: Save vulnerable URLs to an output file
## 📣 Disclaimer
🚫 **Usage of this exploit without prior mutual consent is illegal.** It's the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
## ⚠️ Advisory
Ensure your WordPress installations are fully updated to safeguard against this vulnerability. Particularly, update the `Royal Elementor Addons and Templates` plugin to version 1.3.79 or later.
## 🙏 Acknowledgements
Kudos to all researchers and developers working hard to protect the web!