Skip to content
/ CVE_2025_6070 Public

The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server

yuri08loveelaina.github.io
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Yuri08loveElaina/CVE_2025_6070

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Exploit.py
Exploit.py
 
 
README.md
README.md
 
 

Repository files navigation

  • 💡 Gợi ý sử dụng:

python3 exploit_6070_elaina.py --url http://victim.com/ --file wp-config.php --cookie "wordpress_logged_in_abcd=xyz123"

  • 🔐 Ghi chú:

Cần đăng nhập bằng tài khoản có quyền subscriber trở lên.

Plugin phải đang kích hoạt tại: ?rfa-task=output&file=...

Đây là bản khai thác của yuri08 thuộc Elaina Core

About

The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server

yuri08loveelaina.github.io

Topics

cve cve-scanning cve-exploit cve-2025 cve-2025-6070

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages