Skip to content

JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2023-51409

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
plugin/1.9.98
plugin/1.9.98
 
 
CVE-2023-51409.PNG
CVE-2023-51409.PNG
 
 
CVE-2023-51409.py
CVE-2023-51409.py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2023-51409 / 0-Click RCE Exploit

CVE-2023-51409

This repository contains a proof-of-concept exploit for CVE-2023-51409, an unauthenticated arbitrary file upload vulnerability in the AI Engine: ChatGPT Chatbot WordPress plugin, leading to remote command execution (RCE).

What the script does

The script uploads a PHP payload through a vulnerable REST endpoint without authentication, deploys it into the WordPress uploads directory, detects the target operating system, and provides an interactive remote shell for command execution.

Usage

python CVE-2023-51409.py --target http://target-wordpress-site

Once executed, the script automatically uploads the payload, validates accessibility, detects the OS, and drops into an interactive shell.

Notes

  • No authentication required (pre-auth / 0-click).
  • Works against vulnerable plugin versions only.
  • Intended for security research and controlled environments.

About

Unauthenticated 0-click RCE exploit for CVE-2023-51409. Abuses an arbitrary file upload flaw in the AI Engine WordPress plugin to upload a PHP webshell and achieve remote command execution without authentication, including OS detection and an interactive shell.

Topics

python php wordpress wordpress-plugin hacking bug-bounty cve-2023-51409

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages