### [CVE-2020-24186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24186) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. ### POC #### Reference - http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html - http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html - http://packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.html - http://packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.html - http://packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.html - http://packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.html - https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/ - https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/ #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/Sakura-501/CVE-2020-24186-exploit - https://github.com/Shamsuzzaman321/Wordpress-Exploit-AiO-Package - https://github.com/Whiteh4tWolf/wordpress_shell_upload - https://github.com/ait-aecid/kyoushi-environment - https://github.com/h3v0x/CVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE - https://github.com/hev0x/CVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE - https://github.com/hev0x/CVE-2020-24186-wpDiscuz-7.0.4-RCE - https://github.com/hktalent/bug-bounty - https://github.com/meicookies/CVE-2020-24186 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/substing/CVE-2020-24186_reverse_shell_upload