Share
## https://sploitus.com/exploit?id=19FE4870-7A86-5AF7-9F42-1FAF5B57164F
# ๐Ÿš€ WordPress Royal Elementor Addons and Templates Exploit

Exploit for the unauthenticated file upload vulnerability in Royal Elementor Addons and Templates < 1.3.79.

## ๐Ÿ“Œ Description

The `Royal Elementor Addons and Templates` plugin for WordPress is vulnerable to an unauthenticated file upload vulnerability. This exploit leverages this vulnerability to upload malicious payloads to vulnerable WordPress installations.

Vulnerable versions: < 1.3.79  
CVE-ID: CVE-2023-5360  
WPVDB ID: [281518ffโ€‘7816โ€‘4007โ€‘b712โ€‘63aed7828b34](https://wpscan.com/vulnerability/281518ffโ€‘7816โ€‘4007โ€‘b712โ€‘63aed7828b34/)  
CVSSv3.1: 10.0

## ๐Ÿ› ๏ธ Installation

1. Clone the repository:
    ```bash
    git clone https://github.com/Chocapikk/CVE-2023-5360.git
    ```

2. Navigate to the repository's directory:
    ```bash
    cd CVE-2023-5360
    ```

3. Install the required dependencies:
    ```bash
    pip install -r requirements.txt
    ```

## ๐Ÿ› ๏ธ Usage

1. Use the following command to exploit a single URL:
    ```bash
    python3.10 exploit.py -u <TARGET_URL> -v
    ```
   Or use the following command to exploit a list of URLs:
    ```bash
    python3.10 exploit.py -l <URL_LIST_FILE> -v
    ```

Optional arguments:  
`-f, --file` : Use a custom PHP file to upload  
`-o, --output`: Save vulnerable URLs to an output file

## ๐Ÿ“ฃ Disclaimer

๐Ÿšซ **Usage of this exploit without prior mutual consent is illegal.** It's the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

## โš ๏ธ Advisory

Ensure your WordPress installations are fully updated to safeguard against this vulnerability. Particularly, update the `Royal Elementor Addons and Templates` plugin to version 1.3.79 or later.

## ๐Ÿ™ Acknowledgements

Kudos to all researchers and developers working hard to protect the web!