Share
## https://sploitus.com/exploit?id=8FF2484F-1FFF-5A2F-B4AC-240B63068217
# CVE-2026-3891-Pix-for-WooCommerce-Plugin-Exploit

## ๐Ÿ›ก๏ธ Description

**CVE-2026-3891** is a critical **Unauthenticated Arbitrary File
Upload** vulnerability found in the **Pix for WooCommerce** WordPress
plugin in versions **up to and including 1.5.0**.

The vulnerability exists in the
`lkn_pix_for_woocommerce_c6_save_settings` functionality due to missing
authorization controls and insufficient file type validation. The
exploit automates the process of obtaining a valid nonce and
demonstrating the unrestricted upload of a PHP file to a web-accessible
directory.

By leveraging this vulnerability, an unauthenticated attacker may be
able to:

-   **Upload Arbitrary Files** without authenticating to WordPress.
-   **Upload Files with Dangerous Extensions** due to insufficient file
    type validation.
-   **Access Uploaded Files** directly through a web-accessible plugin
    directory.
-   **Achieve Remote Code Execution (RCE)** when uploaded PHP files are
    executed by the affected web server.

------------------------------------------------------------------------

## ๐Ÿš€ Features

-   **Unauthenticated Exploitation Flow**: Does not require valid
    WordPress user credentials.
-   **Automatic Nonce Retrieval**: Obtains and extracts the required
    nonce automatically.
-   **Automated File Upload**: Sends the required multipart upload
    request to the vulnerable AJAX handler.
-   **Direct URL Generation**: Displays the final URL of the uploaded
    proof-of-concept file.
-   **Clean CLI Output**: Provides a simple and colorized command-line
    interface.

------------------------------------------------------------------------

## ๐Ÿ› ๏ธ Installation & Requirements

1.  **Requirement**: Install Python 3.
2.  **Install Requests**:

``` bash
pip install requests
```

3.  **Clone/Download**: Save the `CVE-2026-3891.py` file on your system.

------------------------------------------------------------------------

## ๐Ÿ’ป Usage

``` bash
python CVE-2026-3891.py
```

Enter the target WordPress URL when prompted:

``` text
[?] Enter target URL: http://localhost/wordpress
```

Example:

``` text
[*] Requesting nonce...
[+] Nonce obtained: **********
[*] Uploading woocommerce.php...

[+] File uploaded successfully!
[+] URL: http://target/wp-content/plugins/payment-gateway-pix-for-woocommerce/Includes/files/certs_c6/woocommerce.php
```

![image](https://raw.githubusercontent.com/m4sh-wacker/CVE-2026-3891-Pix-for-WooCommerce-Plugin-Exploit/refs/heads/main/image.png)

------------------------------------------------------------------------

## โš ๏ธ Disclaimer

This project is intended for **educational purposes and authorized
security testing only**. Do not use this exploit against systems without
explicit permission.

## ๐Ÿ‘ค Author

**m4sh_wacker**