Share
## https://sploitus.com/exploit?id=5B67BBAC-60F0-5BD3-A2BF-A180527CEA00
# CVE-2025-6440 โ WordPress WooCommerce Dynamic Pricing & Discounts Plugin
## Overview
This repository contains a Python proof-of-concept (PoC) script for testing an **unauthenticated file upload vulnerability** affecting the WordPress WooCommerce Dynamic Pricing & Discounts plugin.
> โ ๏ธ This project is intended strictly for **authorized security testing**, **research**, and **educational purposes** only.
---
## Vulnerability Information
* **CVE ID:** CVE-2025-6440
* **Affected Component:** WordPress WooCommerce Dynamic Pricing & Discounts Plugin
* **Issue Type:** Unauthenticated File Upload
* **Impact:** Remote Code Execution (RCE)
* **Attack Vector:** Remote / Unauthenticated
The vulnerability allows attackers to upload arbitrary files through an exposed AJAX endpoint without authentication.
---
## Features
* Batch target processing from file input
* Multi-threaded execution
* Automatic upload verification
* Success and failure logging
* Simple CLI usage
---
## Requirements
* Python 3.8+
* `requests` library
Install dependencies:
```bash
pip install requests
```
---
## Files
| File | Description |
| -------------------- | --------------------------- |
| `CVE-2025-6440.py` | Main PoC script |
| `CVE-2025-6440.yaml` | YAML configuration/template |
| `success` | Successful upload results |
| `failed` | Failed upload attempts |
---
## Usage
Create a text file containing target URLs:
```txt
https://example.com
https://target-site.com
```
Run the script:
```bash
python3 CVE-2025-6440.py targets.txt
```
Run with custom thread count:
```bash
python3 CVE-2025-6440.py targets.txt --threads 10
```
---
## Output
### Successful Targets
Successful uploads are stored in:
```txt
success
```
### Failed Targets
Failed attempts are stored in:
```txt
failed
```
---
## How It Works
The script:
1. Reads a list of WordPress targets
2. Sends a crafted POST request to:
```txt
/wp-admin/admin-ajax.php
```
3. Uses the vulnerable AJAX action:
```txt
wcdp_save_canvas_design_ajax
```
4. Uploads a test PHP payload
5. Verifies whether the uploaded file is publicly accessible
---
## Disclaimer
This repository is provided for:
* Security research
* Educational purposes
* Authorized penetration testing
* Defensive security validation
Do not use this project against systems you do not own or have explicit permission to test.
The author assumes no liability and is not responsible for misuse or damage caused by this project.
---
## Legal Notice
Unauthorized exploitation of systems may violate local, national, and international laws.
Always obtain proper authorization before conducting security assessments.
---
## Mitigation Recommendations
Website administrators should:
* Update the vulnerable plugin immediately
* Restrict access to sensitive AJAX endpoints
* Disable arbitrary file uploads
* Monitor `/wp-content/uploads/` for suspicious files
* Deploy a Web Application Firewall (WAF)
* Enable server-side upload validation
---
## Educational Purpose Statement
This proof-of-concept was created to help:
* Security researchers
* Penetration testers
* Blue teams
* WordPress administrators
understand and validate the impact of insecure file upload vulnerabilities.
---
## Reference
* WordPress Security Advisories
* CVE Database
* OWASP File Upload Security Guidelines
---
## Author
Security Research / Educational Project