# ๐Ÿš€ WordPress Royal Elementor Addons and Templates Exploit

Exploit for the unauthenticated file upload vulnerability in Royal Elementor Addons and Templates < 1.3.79.

## ๐Ÿ“Œ Description

The `Royal Elementor Addons and Templates` plugin for WordPress is vulnerable to an unauthenticated file upload vulnerability. This exploit leverages this vulnerability to upload malicious payloads to vulnerable WordPress installations.

Vulnerable versions: < 1.3.79  
CVE-ID: CVE-2023-5360  
WPVDB ID: [281518ffโ€‘7816โ€‘4007โ€‘b712โ€‘63aed7828b34](โ€‘7816โ€‘4007โ€‘b712โ€‘63aed7828b34/)  
CVSSv3.1: 10.0

## ๐Ÿ› ๏ธ Installation

1. Clone the repository:
    git clone

2. Navigate to the repository's directory:
    cd CVE-2023-5360

3. Install the required dependencies:
    pip install -r requirements.txt

## ๐Ÿ› ๏ธ Usage

1. Use the following command to exploit a single URL:
    python3.10 -u <TARGET_URL> -v
   Or use the following command to exploit a list of URLs:
    python3.10 -l <URL_LIST_FILE> -v

Optional arguments:  
`-f, --file` : Use a custom PHP file to upload  
`-o, --output`: Save vulnerable URLs to an output file

## ๐Ÿ“ฃ Disclaimer

๐Ÿšซ **Usage of this exploit without prior mutual consent is illegal.** It's the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

## โš ๏ธ Advisory

Ensure your WordPress installations are fully updated to safeguard against this vulnerability. Particularly, update the `Royal Elementor Addons and Templates` plugin to version 1.3.79 or later.

## ๐Ÿ™ Acknowledgements

Kudos to all researchers and developers working hard to protect the web!