add WordPress Plugin Mailpress 4.5.2 RCE

2025-06-20 09:50:49 +00:00 · 2021-07-28 17:31:28 +08:00 · 2021-07-28 17:31:28 +08:00 · 9d72c8537b
commit 9d72c8537b
parent e8865f7de9
2 changed files with 11 additions and 0 deletions
--- a/WordPress/Mailpress/WordPress_Plugin_Mailpress_4.5.2_RCE.gif
+++ b/WordPress/Mailpress/WordPress_Plugin_Mailpress_4.5.2_RCE.gif
--- a/WordPress/Mailpress/WordPress_Plugin_Mailpress_4.5.2_RCE.md
+++ b/WordPress/Mailpress/WordPress_Plugin_Mailpress_4.5.2_RCE.md
@ -0,0 +1,11 @@
+# WordPress Plugin Mailpress 4.5.2 RCE
+
+In the WordPress Mailpress Plugin, the subject parameter in the iview function in the mailpress/mp-includes/class/MP_Actions.class.php file is not filtered, and pass to do_eval function, leading to remote code execution.
+
+**Affected version**: WordPress Plugin Mailpress <= 4.5.2
+
+**FOFA query rule**: [app="WordPress"](https://fofa.so/result?qbase64=YXBwPSJXb3JkUHJlc3Mi)
+
+# Demo
+
+![](WordPress_Plugin_Mailpress_4.5.2_RCE.gif)