🕷️

WP File Manager CVE-2020-25213 Exploit

⚠️ Legal Disclaimer:
This exploit is for educational and authorized testing only.
Only use on systems you own or have explicit permission to test.
Unauthorized access to computer systems is illegal.

📁 Download Files

1. Main Exploit Script:

⬇️ Download exploit_wp_file_manager.py

Usage: python3 exploit_wp_file_manager.py <target_url>

2. Documentation:

⬇️ Download README.md

3. Requirements:

⬇️ Download requirements.txt

📋 Quick Start

Download all files above
Install dependencies:
```
pip3 install -r requirements.txt
```

Run exploit:

python3 exploit_wp_file_manager.py http://your-target.com

🎯 What This Exploit Does

✅ Checks for vulnerable WP File Manager 6.0
✅ Uploads PHP web shell via CVE-2020-25213
✅ Gains Remote Code Execution (RCE)
✅ Reads wp-config.php database credentials
✅ Creates WordPress admin user with full privileges
✅ Outputs shell URL + admin credentials

🔐 Vulnerability Details

CVE: CVE-2020-25213
Severity: CRITICAL (CVSS 9.8)
Affected: WP File Manager 6.0
Impact: Unauthenticated RCE → Admin Access
Author: Spidy

Made with 🕷️ by Spidy | http://147.93.85.111