Exploit for CVE-2025-8723

⚡️ Cloudflare Image Resizing Description: The plugin's REST API endpoint fails to authenticate users and improperly sanitizes input in the hook_rest_pre_dispatch() method. This flaw enables attackers to inject and execute arbitrary PHP code by crafting malicious requests — with no login required. 🛠 Features of This Exploit Professional, modular, and extensible Python script Automatic detection of plugin vulnerability by parsing the readme.txt file Multiple bypass techniques for WAF and restrictive environments: Minimal and advanced header sets (randomized User-Agent, Referer, Origin, X-Forwarded-For, etc.) Repeated attempts with header rotation Proxy support (custom or BurpSuite-style) Custom command execution: Default: whoami, but user can specify any command Clear, professional output with informative status codes Handles all error cases gracefully (missing plugin, forbidden/unauthorized, server errors, etc.) 📦 What’s Inside the Script? 1️⃣ Automatic Vulnerability Detection Fetches wp-content/plugins/cf-image-resizing/readme.txt Extracts and checks the plugin version If version ≤ 1.5.6, proceeds to exploitation 2️⃣ Multiple Exploit Strategies Minimal headers: Sends only what's necessary to maximize compatibility Advanced headers: Randomizes User-Agent, Referer, Origin, Accept-Language, and more for each attempt Header rotation: Tries several combinations to evade WAF and rate limiting 3️⃣ Customizable Execution Run any system command on the target via CLI…Read More