Share
## https://sploitus.com/exploit?id=FA44D784-15BC-5798-8AE5-653B696F6F87
```
โโโโโโโโโโ โโโโโโโโโโโ โโโโโโโ โโโโโโโ โโโโโโโ โโโโโโโ
โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโ โโโ โโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โโโ โโโโ โโโโโโโโโโ โโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโ
โโโโโโโโ โโโโโโโ โโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโ โโโโโ โโโโโโโโ โโโโโโโโ โโโโโโโ โโโโโโโโ โโโโโโโ
```
# CVE-2026-1555 โ WebStack WordPress Theme RCE
**WordPress WebStack Theme โ Unauthenticated Remote Code Execution**
> **For educational and authorized penetration testing only.**
---
## ๐ Overview
**CVE-2026-1555** is a critical vulnerability affecting the **WebStack WordPress Theme** that allows unauthenticated attackers to perform **arbitrary file upload** leading to **Remote Code Execution (RCE)** on the target server.
This toolkit (`FriendsExploit`) automates the discovery and exploitation of vulnerable targets using a clean **PyQt5 GUI** with integrated dork scanning.
```
Target Surface โ WordPress sites running WebStack theme
Vuln Type โ Unauthenticated Arbitrary File Upload โ RCE
CVSS Score โ 9.8 (Critical)
Auth Required โ None
Payload โ ms.php (Multi-feature PHP Webshell)
```
---
## ๐ Project Structure
```
CVE-2026-1555-Linux/
โ
โโโ CVE-2026-1555.py # Main exploit tool (PyQt5 GUI)
โโโ ms.php # PHP webshell payload
โโโ Dork.txt # Fofa/Shodan dork for target discovery
โโโ requirements.txt # Python dependencies
โโโ README.md # You are here
```
---
## โ๏ธ Requirements
| Requirement | Version |
|-------------|---------|
| Python | 3.8+ |
| PyQt5 | โฅ 5.15.0 |
| requests | โฅ 2.31.0 |
| urllib3 | โฅ 2.0.0 |
| OS | Linux (Debian/Ubuntu/Kali recommended) |
---
## ๐ Setup & Installation
### Step 1 โ Clone the Repository
```bash
git clone https://github.com/YOUR_USERNAME/CVE-2026-1555-Linux.git
cd CVE-2026-1555-Linux
```
### Step 2 โ Create Virtual Environment *(recommended)*
```bash
python3 -m venv venv
source venv/bin/activate
```
### Step 3 โ Install Dependencies
```bash
pip install -r requirements.txt
```
> **Kali / Debian users** โ if PyQt5 fails via pip, install system-wide first:
> ```bash
> sudo apt install python3-pyqt5 -y
> ```
### Step 4 โ Run the Tool
```bash
python3 CVE-2026-1555.py
```
The GUI will launch. Load targets manually or use the built-in dork scanner.
---
## ๐ Webshell โ `ms.php`
After successful exploitation, the tool uploads `ms.php` to the target.
### Access
```
https://target.com/wp-content/themes/WebStack/ms.php
```
**Default password:** `fr13nds2026`
### Webshell Features
| Module | Description |
|--------|-------------|
| ๐ฅ๏ธ **SYSINFO** | PHP version, OS, current user, safe mode status, server vars |
| ๐ป **TERMINAL** | Full command execution with live output โ supports 6 exec methods |
| ๐ **FILES** | Read / Write / Edit / Delete / Download any file on the server |
| ๐ค **UPLOAD** | Upload files to any path or fetch remote files via `wget`/`curl` |
| ๐ **REVSHELL** | One-click reverse shell fire + prebuilt bash/python3/perl/nc/php shells |
| ๐๏ธ **DB SCAN** | Auto-detect `wp-config.php`, dump DB credentials, manual MySQL runner |
### Reverse Shell Setup
On your machine start a listener:
```bash
nc -lvnp 4444
```
In the webshell `REVSHELL` tab โ enter your IP and port โ hit **FIRE**.
---
## ๐ Target Discovery (Dork)
**Fofa / Shodan dork** (from `Dork.txt`):
```
body="wp-content/themes/WebStack"
```
Paste into [Fofa](https://fofa.info) or [Shodan](https://shodan.io) to enumerate vulnerable targets.
---
## ๐ฌ Vulnerability Details
| Field | Info |
|-------|------|
| CVE ID | CVE-2026-1555 |
| Affected Software | WebStack WordPress Theme |
| Vulnerability Type | Unauthenticated Arbitrary File Upload โ RCE |
| Attack Vector | Network |
| Authentication | Not Required |
| CVSS v3 Score | **9.8 Critical** |
| Affected Versions | All versions prior to patch |
### Attack Flow
```
[1] Discover target via dork scan
โ
[2] Confirm WebStack theme installation
โ
[3] Trigger vulnerable upload endpoint (no auth required)
โ
[4] Upload ms.php payload to webroot
โ
[5] Access webshell โ achieve RCE
โ
[6] Escalate: dump DB creds, pivot, revshell
```
---
## ๐ ๏ธ Troubleshooting
**PyQt5 display error on headless server:**
```bash
export DISPLAY=:0
# or use Xvfb
sudo apt install xvfb -y
Xvfb :0 -screen 0 1024x768x24 &
export DISPLAY=:0
python3 CVE-2026-1555.py
```
**pip install fails for PyQt5:**
```bash
sudo apt install python3-pyqt5 python3-pyqt5.qtwebengine -y
```
**Permission denied running script:**
```bash
chmod +x CVE-2026-1555.py
python3 CVE-2026-1555.py
```
**requests/urllib3 SSL errors:**
```bash
pip install --upgrade requests urllib3 certifi
```
---
## ๐ Quick Run (One-liner)
```bash
git clone https://github.com/YOUR_USERNAME/CVE-2026-1555-Linux.git && \
cd CVE-2026-1555-Linux && \
python3 -m venv venv && source venv/bin/activate && \
pip install -r requirements.txt -q && \
python3 CVE-2026-1555.py
```
---
## โ ๏ธ Disclaimer
```
This tool is intended for authorized security research and penetration testing
only. The authors are not responsible for any misuse or damage caused by this
program. Only use against systems you own or have explicit written permission
to test. Unauthorized use is illegal.
```
---
**FriendsExploit** โข CVE-2026-1555 โข Linux Edition
*Built for researchers. Use responsibly.*