漏洞描述

The Customify Site Library plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.0.9. This makes it possible for unauthenticated attackers to execute code on the server.

WordPress 的自定义站点库插件在 0.0.9 及之前的所有版本中都容易受到远程代码执行的攻击。这使得未经身份验证的攻击者可以在服务器上执行代码。

参考链接

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customify-sites/customify-site-library-009-unauthenticated-remote-code-execution

漏洞POC

技术太菜还没有还原出来~根据描述是一个未经身份验证的代码执行漏洞， 但是我只发现了一个经过身份验证的任意文件远程下载，还是太菜了