Exploit for Improper Restriction of XML External Entity Reference in Wordpress CVE-2021-29447

Name: Exploit for Improper Restriction of XML External Entity Reference in Wordpress CVE-2021-29447
Rating: 5 (351 reviews)

2022-11-11 | CVSS 4.0

## https://sploitus.com/exploit?id=45352FEC-A992-55E6-9734-084D0705532D
# WordPress CVE-2021-29447 exploit

Exploit WordPress Media Library XML authenticated External Entity Injection (XXE) to exfiltrate files.

Patched in WordPress 5.7.1.

Required valid WordPress credentials to interact with Media Library.

## Usage

```
python3 wordpress-cve-2021-29447.py -l http://LOCAL_IP:PORT -r http://WORDPRESS_URL -u USERNAME -p PASSWORD
```

Script will ask for file path and return requested file.

## Credit

Inspired by [David Utón (M3n0sD0n4ld) ExploitDB](https://www.exploit-db.com/exploits/50304) script.

## Disclaimer

Usage of this for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.

## License

This script is released under the [MIT License](https://opensource.org/licenses/MIT).