CVE-2022-1609
Description
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
NVD
Severity: CRITICAL
CVE ID: CVE-2022-1609
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-1609
Refrence: Project Discovery GitHub
savior-only
CVE-2022-1609 WordPress Weblizar后门
Refrence: GitHub
0xSojalSec
Bash poc for CVE-2022-1609 WordPress Weblizar Backdoor
Refrence: GitHub
0xSojalSec
Bash poc for CVE-2022-1609 WordPress Weblizar Backdoor
Refrence: GitHub
w4r3s
Exploit for CVE-2022-1609 WordPress Weblizar Backdoor.
Refrence: GitHub