Skip to content

sergiointel/wp2shell-poc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

wp2shell PoC

The first ever poc of the pre-auth timing-based SQL injection PoC for the WordPress REST API batch-route confusion chain (CVE-2026-63030 + CVE-2026-60137); still working on command exec

Affected: WordPress 6.9.0–6.9.4 and 7.0.0–7.0.1. Fixed in 6.9.5 and 7.0.2.

python3 poc.py https://target.example
python3 poc.py https://target.example 'SELECT DATABASE()'

Research: Searchlight Cyber · Aikido · Aikido Intel · WordPress

About

No description, website, or topics provided.

Resources

Stars

12 stars

Watchers

2 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages