Share
## https://sploitus.com/exploit?id=C1F0C6AE-3E9F-5D65-90F4-8A01538561C7
# CVE-2026-3891
Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload
# ๐Ÿ’ฃ Pix for WooCommerce  If protocol is missing โ†’ script auto-adds `http://`

---

### 2๏ธโƒฃ Add Your Shell

Put your shell file in same directory:

```
shell.php
```

---

### 3๏ธโƒฃ Run Exploit

```bash
python3 CVE-2026-3891.py
```

---

### 4๏ธโƒฃ Interactive Inputs

The script will ask:

- Targets file (default: `list.txt`)
- Threads (default: `8`)
- Shell filename (e.g. `shell.php`)

---

## โšก Exploitation Flow

1. ๐ŸŽฏ Target loaded  
2. ๐Ÿ”‘ Nonce requested  
3. ๐Ÿ“ค Shell upload  
4. ๐Ÿ’ฅ File uploaded twice  
5. ๐Ÿ”— Shell path generated automatically  

---

## ๐Ÿ“‚ Shell Location

```
/wp-content/plugins/payment-gateway-pix-for-woocommerce/Includes/files/certs_c6/.php
```

---

## ๐Ÿ“ค Output

### โœ” Success

- Displays formatted result
- Shows:
  - Target
  - Shell path
  - Full URL

### โŒ Failure

```
FAIL http://target.com (reason)
```

---

### ๐Ÿ“„ Saved Results

```
shells.txt
```

---

## ๐Ÿ“Š Live Progress

```
Progress 5/20 OK:3 FAIL:2
```

---

## โš ๏ธ Disclaimer

This project is provided **for educational and authorized security testing only**.

- Do NOT use on systems without permission  
- Unauthorized access is illegal  
- The author is NOT responsible for misuse  

---

## ๐Ÿ‘ค Author

**Nxploited**

- ๐Ÿ‘จโ€๐Ÿ’ป Khaled Alenazi  
- ๐Ÿ“ฌ Telegram: @Kxploit  
- ๐Ÿ“ข Channel: https://t.me/KNxploited