WordPress Backup Guard Authenticated Remote Code Execution Exploit

Anon666Exp3rt 1K 2nd Sep, 2021

Loading Please wait...

PHP | CVE-2021-24155 | remote exploits | This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.

To share this paste please copy this url and send to your friends
RAW Paste Data
Recent Pastes