## https://sploitus.com/exploit?id=19FE4870-7A86-5AF7-9F42-1FAF5B57164F
# ๐ WordPress Royal Elementor Addons and Templates Exploit
Exploit for the unauthenticated file upload vulnerability in Royal Elementor Addons and Templates < 1.3.79.
## ๐ Description
The `Royal Elementor Addons and Templates` plugin for WordPress is vulnerable to an unauthenticated file upload vulnerability. This exploit leverages this vulnerability to upload malicious payloads to vulnerable WordPress installations.
Vulnerable versions: < 1.3.79
CVE-ID: CVE-2023-5360
WPVDB ID: [281518ffโ7816โ4007โb712โ63aed7828b34](https://wpscan.com/vulnerability/281518ffโ7816โ4007โb712โ63aed7828b34/)
CVSSv3.1: 10.0
## ๐ ๏ธ Installation
1. Clone the repository:
```bash
git clone https://github.com/Chocapikk/CVE-2023-5360.git
```
2. Navigate to the repository's directory:
```bash
cd CVE-2023-5360
```
3. Install the required dependencies:
```bash
pip install -r requirements.txt
```
## ๐ ๏ธ Usage
1. Use the following command to exploit a single URL:
```bash
python3.10 exploit.py -u <TARGET_URL> -v
```
Or use the following command to exploit a list of URLs:
```bash
python3.10 exploit.py -l <URL_LIST_FILE> -v
```
Optional arguments:
`-f, --file` : Use a custom PHP file to upload
`-o, --output`: Save vulnerable URLs to an output file
## ๐ฃ Disclaimer
๐ซ **Usage of this exploit without prior mutual consent is illegal.** It's the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
## โ ๏ธ Advisory
Ensure your WordPress installations are fully updated to safeguard against this vulnerability. Particularly, update the `Royal Elementor Addons and Templates` plugin to version 1.3.79 or later.
## ๐ Acknowledgements
Kudos to all researchers and developers working hard to protect the web!