Share
## https://sploitus.com/exploit?id=AA092609-6849-53C6-AAC6-04FF12B5FD7E
# πŸ“Œ CVE-2025-34085 β€” Simple File List WordPress Plugin RCE πŸ“Œ

### πŸ“‚ Overview

* **CVE ID:** CVE-2025-34085
* **Severity:** Critical (CVSS 10.0)
* **Type:** Unauthenticated Remote Code Execution (RCE)
* **Affected Plugin:** Simple File List (WordPress)
* **Affected Versions:** All versions **prior to 4.2.3**

---

### πŸ” Vulnerability Description

The plugin allows users to upload files, but due to **improper validation after file renaming**, an attacker can:

1. Upload a fake image file (e.g., `.png`) containing PHP code.
2. Rename the file to `.php` using a vulnerable script.
3. Execute the file remotely, gaining full code execution on the server.

No authentication is required β€” this can be exploited by **any remote user**.

---

### ⚠️ Exploitation

* **Public exploits** (PoCs, scripts, tools) have already been released.
* **Mass scanning** for this vulnerability is ongoing.
* Attackers can fully compromise a WordPress installation β€” upload web shells, backdoors, steal data, or pivot into internal networks.

---

### βš™οΈ Usage

```json
sudo python3 CVE-2025-34085.py -u https://10.10.10.10/ --cmd id
```


--- 

### πŸ› οΈ Configuration

Edit the following values in the script as needed:

```json
COMMAND = "id"                      # Shell command to execute
EXPECTED_SUBSTRING = "uid="         # String to verify successful command execution
THREADS = 20                        # Number of concurrent threads
```


---


### ❗ Status

* Although the CVE was **rejected** as a duplicate of a prior issue (CVE-2020-36847), the vulnerability is **real**, **exploitable**, and **actively patched** in version 4.2.3.
* The rejection does **not** mean the flaw is invalid β€” only that it was already tracked under a different ID.

---

### βœ… Mitigation Steps

1. **Update** the Simple File List plugin to version **4.2.3 or later**.
2. If you’re unable to update:

   * **Disable or delete** the plugin temporarily.
   * **Block access** to the `ee-upload-engine.php` and `ee-file-engine.php` scripts.
   * Use a **Web Application Firewall (WAF)** to monitor and block malicious requests.
3. Check logs for suspicious file uploads and renaming activity.

---

### 🧠 Summary Table

| Field             | Detail                       |
| ----------------- | ---------------------------- |
| CVE               | CVE-2025-34085               |
| Plugin            | Simple File List (WordPress) |
| Affected Versions | < 4.2.3                      |
| Exploit Type      | Remote Code Execution        |
| Auth Required?    | No (Unauthenticated)         |
| Fix Available?    | Yes, in version 4.2.3        |
| Public Exploit?   | Yes                          |

---

### ⚠️ Disclaimer

This tool is for educational and authorized testing only. Use at your own risk. Unauthorized access to systems is illegal...