Exploit for CVE-2025-2539

Name: Exploit for CVE-2025-2539
Rating: 5 (231 reviews)
2025-06-04 | CVSS 7.5
## https://sploitus.com/exploit?id=71CF9F0B-FC6C-5B26-BBF6-BDCA899E82FD
# CVE-2025-2539 PoC

Unauthenticated Arbitrary File Read exploit for **WordPress File Away Plugin ≤ 3.9.9.0.1**

---

## 📖 Description

This Python script is a proof-of-concept (PoC) exploit for **CVE-2025-2539**, targeting a vulnerability in the **WordPress File Away Plugin ≤ 3.9.9.0.1**.  
The vulnerability allows unauthenticated attackers to read arbitrary files from the server via an exposed plugin endpoint without proper authorization checks.

---

## 📌 Usage

### ▶️ Requirements:
- Python 3
- `requests` library

Install required libraries:

```bash
pip install requests
```

---

**Arguments:**
- `--target` / `-t` : Target WordPress site URL (with HTTP/HTTPS)
- `--file` / `-f`   : File path you want to read from the target server (e.g. `wp-config.php`)

---


### ▶️ Run the Exploit:

```bash
python3 CVE-2025-2539.py --target http://target.com --file wp-config.php
```

---

## 🔍 Finding Targets

You can use **Fofa** to discover potentially vulnerable targets.

**Fofa Dork:**

```text
body="/wp-content/plugins/file-away/"
```

Search on: [https://fofa.info](https://fofa.info)

---

## 👨‍💻 Author

**Md Shoriful Islam (RootHarpy)**

---

## 📜 Disclaimer

This tool is created for educational and authorized penetration testing purposes only.  
Unauthorized use of this tool against systems without explicit permission is illegal.