CVE-2024-6244 PoC — WordPress plugin PZ Frontend Manager 安全漏洞

Source

https://github.com/Nxploited/CVE-2024-6244

Associated Vulnerability

Title:WordPress plugin PZ Frontend Manager 安全漏洞 (CVE-2024-6244)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin PZ Frontend Manager 1.0.6 版本之前存在安全漏洞，该漏洞源于某些地方未进行跨站请求伪造检查，这可能允许攻击者通过跨站请求伪造攻击让已登录的用户执行不必要的操作。

Description

pz-frontend-manager < 1.0.6 - CSRF Profile Picture Exploit

Readme

# 🚀 pz-frontend-manager <= 1.0.5 - CSRF Profile Picture Exploit

## 🛠️ Description
This script exploits a **CSRF vulnerability** in the WordPress plugin **pz-frontend-manager** (versions <= **1.0.5**) to change the profile picture of a logged-in user without their consent.

🔴 **CVE-2024-6244**

The plugin lacks proper **CSRF protection**, allowing attackers to force authenticated users into performing unintended actions via crafted requests.

## 🕵️‍♂️ How It Works
1. **Checks for Vulnerability:** The script fetches `readme.txt` to determine if the target site is running a vulnerable version (`< 1.0.6`).
2. **Encodes the Image:** The provided image is converted to **Base64**.
3. **Logs in as the User:** Uses provided credentials to establish a session.
4. **Sends CSRF Exploit Request:** Uploads the profile picture by making a forged request to `admin-ajax.php`.
5. **Uploads Images & Extracts Path:** The script also uploads images and extracts their path from the result.
6. **Displays the Image URL:** If successful, the script outputs the new profile picture URL.
7. **Uploaded Images Path:** Here you can find the uploaded images in multiple formats:
   ```
   /wp-content/uploads/2025/02/

## 📌 Features
- Supports multiple image formats (**PNG, JPG, JPEG, GIF**).
- Automatically detects if the target site is vulnerable.
- Provides a detailed request response.
- Simple and easy to use.

## ⚡ Usage
```bash
python3 CVE-2024-6244.py -u <TARGET_URL> -U <USERNAME> -p <PASSWORD> -i <IMAGE_FILE>
```
```
usage: p.py [-h] --url URL --username USERNAME --password PASSWORD [--image IMAGE]

pz-frontend-manager <= 1.0.5 - CSRF change user profile picture

options:
  -h, --help            show this help message and exit
  --url URL, -u URL     Base URL of the WordPress site
  --username USERNAME, -U USERNAME
                        Username for login
  --password PASSWORD, -p PASSWORD
                        Password for login
  --image IMAGE, -i IMAGE
                        Image file name (default: Nxploit.jpg)
```

### 🔹 Example
```bash
python3 CVE-2024-6244.py -u "https://victim-site.com" -U "admin" -p "password123" -i "new_avatar.png"
```

## 📥 Requirements
- Python 3.x
- `requests` module (`pip install requests`)

## 🚨 Disclaimer
This script is for **educational and security research purposes only**. Unauthorized exploitation of websites without permission is **illegal** and may lead to severe consequences.

---

File Snapshot


 [4.0K]  /data/pocs/625a42d223a6f4e9cff7b301f32667e4cb7033dc
├── [3.7K]  CVE-2024-6244.py
├── [ 36K]  Nxploit.jpg
└── [2.4K]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!