XML External Entity Via MP3 File Upload On WordPress

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

MD5 | f480e11bbb87f0689d864f58c065154d

Related Posts