## https://sploitus.com/exploit?id=AA092609-6849-53C6-AAC6-04FF12B5FD7E
# π CVE-2025-34085 β Simple File List WordPress Plugin RCE π
### π Overview
* **CVE ID:** CVE-2025-34085
* **Severity:** Critical (CVSS 10.0)
* **Type:** Unauthenticated Remote Code Execution (RCE)
* **Affected Plugin:** Simple File List (WordPress)
* **Affected Versions:** All versions **prior to 4.2.3**
---
### π Vulnerability Description
The plugin allows users to upload files, but due to **improper validation after file renaming**, an attacker can:
1. Upload a fake image file (e.g., `.png`) containing PHP code.
2. Rename the file to `.php` using a vulnerable script.
3. Execute the file remotely, gaining full code execution on the server.
No authentication is required β this can be exploited by **any remote user**.
---
### β οΈ Exploitation
* **Public exploits** (PoCs, scripts, tools) have already been released.
* **Mass scanning** for this vulnerability is ongoing.
* Attackers can fully compromise a WordPress installation β upload web shells, backdoors, steal data, or pivot into internal networks.
---
### βοΈ Usage
```json
sudo python3 CVE-2025-34085.py -u https://10.10.10.10/ --cmd id
```
---
### π οΈ Configuration
Edit the following values in the script as needed:
```json
COMMAND = "id" # Shell command to execute
EXPECTED_SUBSTRING = "uid=" # String to verify successful command execution
THREADS = 20 # Number of concurrent threads
```
---
### β Status
* Although the CVE was **rejected** as a duplicate of a prior issue (CVE-2020-36847), the vulnerability is **real**, **exploitable**, and **actively patched** in version 4.2.3.
* The rejection does **not** mean the flaw is invalid β only that it was already tracked under a different ID.
---
### β Mitigation Steps
1. **Update** the Simple File List plugin to version **4.2.3 or later**.
2. If youβre unable to update:
* **Disable or delete** the plugin temporarily.
* **Block access** to the `ee-upload-engine.php` and `ee-file-engine.php` scripts.
* Use a **Web Application Firewall (WAF)** to monitor and block malicious requests.
3. Check logs for suspicious file uploads and renaming activity.
---
### π§ Summary Table
| Field | Detail |
| ----------------- | ---------------------------- |
| CVE | CVE-2025-34085 |
| Plugin | Simple File List (WordPress) |
| Affected Versions | < 4.2.3 |
| Exploit Type | Remote Code Execution |
| Auth Required? | No (Unauthenticated) |
| Fix Available? | Yes, in version 4.2.3 |
| Public Exploit? | Yes |
---
### β οΈ Disclaimer
This tool is for educational and authorized testing only. Use at your own risk. Unauthorized access to systems is illegal...