Share
## https://sploitus.com/exploit?id=841F6A8D-D940-5578-98AB-AA14696BE1F1
# CVE-2023-51409 / 0-Click RCE Exploit

- Author: Joshua Provoste
- https://x.com/JoshuaProvoste/status/1858586463777989073

![CVE-2023-51409](CVE-2023-51409.PNG)

This repository contains a proof-of-concept exploit for CVE-2023-51409, an unauthenticated arbitrary file upload vulnerability in the AI Engine: ChatGPT Chatbot WordPress plugin, leading to remote command execution (RCE).

## What the script does

The script uploads a PHP payload through a vulnerable REST endpoint without authentication, deploys it into the WordPress uploads directory, detects the target operating system, and provides an interactive remote shell for command execution.

# Usage

```
python CVE-2023-51409.py --target http://target-wordpress-site
```

Once executed, the script automatically uploads the payload, validates accessibility, detects the OS, and drops into an interactive shell.

## Notes

- No authentication required (pre-auth / 0-click).
- Works against vulnerable plugin versions only.
- Intended for security research and controlled environments.