## https://sploitus.com/exploit?id=236C3334-CF38-5100-98AA-1DF6189FF3D2
# CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner
> **Authorized Use Only** โ This tool is provided for authorized penetration testing, security research, and vulnerability assessment only. Ensure you have explicit permission before scanning or exploiting any target.
---
## Overview
A fast, automated mass scanner and exploit framework for **CVE-2026-10795** targeting the **UpdraftPlus** WordPress plugin. It identifies vulnerable instances, extracts privileged credentials, and maps accessible administrative interfaces across large target sets.
## Features
- **Mass scanning** of target lists with concurrent workers
- **Auto-exploitation** of CVE-2026-10795 with minimal configuration
- **Credential & role extraction** โ dumps admin, file-manager, and uploader accounts
- **Clean output** organized into dedicated result files
- **Lightweight** โ pure Python 3, no heavy dependencies
## Usage
```bash
python3 CVE-2026-10795-mass.py targets.txt
```
### Input
| File | Description |
|------|-------------|
| `targets.txt` | List of target URLs (one per line) |
### Output
| File | Description |
|------|-------------|
| `admins.txt` | Discovered administrator accounts |
| `filemanagers.txt` | Discovered file-manager / high-privilege accounts |
| `uploaders.txt` | Discovered accounts with upload/media privileges |
## Installation
```bash
git clone https://github.com/your-repo/CVE-2026-10795-mass.git
cd CVE-2026-10795-mass
pip3 install -r requirements.txt
```
## Disclaimer
This project is intended for **authorized security testing** and **research purposes only**.
Unauthorized access to computer systems is illegal. The authors assume no liability for misuse.
## Contact
- **Telegram:** [@WebshellSR](https://t.me/WebshellSR)
- **Website:** [@Webshell.Store](https://webshell.store/)
---
*Happy hacking โ stay in scope, stay authorized.*