Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-39596 PoC — WordPress plugin Quentn WP 安全漏洞

Source
https://github.com/Nxploited/CVE-2025-39596
Associated Vulnerability
Title:WordPress plugin Quentn WP 安全漏洞 (CVE-2025-39596)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Quentn WP 1.2.8及之前版本存在安全漏洞,该漏洞源于弱身份验证,可能导致权限提升。
Description
Quentn WP <= 1.2.8 - Unauthenticated Privilege Escalation
Readme
# CVE-2025-39596
Quentn WP &lt;= 1.2.8 - Unauthenticated Privilege Escalation
# 🚨 Quentn WP <= 1.2.8 - Unauthenticated Privilege Escalation

## 📝 Description

The **Quentn WP** plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, **1.2.8**. This allows **unauthenticated attackers** to escalate their privileges to **administrator** level.

- **CVE:** `CVE-2025-39596`
- **CVSS:** `9.8 (Critical)`

---

## 💻 Exploit Script Description

This repository contains a Python exploit for CVE-2025-39596, allowing the creation of a new WordPress admin user **without authentication** using a crafted API request.

**Features:**
- HTTP/HTTPS auto-detection
- Advanced randomization & evasion headers
- Proxy, cookie, SSL-bypass, and header-bypass support
- Clean modular structure for easy tweaking

---

## ⚙️ Usage

```bash
python3 CVE-2025-39596.py -u <target_url> -e <email> [options]
```

**Required Arguments:**
- `-u`, `--url` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Target WordPress site URL (e.g., http://127.0.0.1/wordpress)
- `-e`, `--email` &nbsp;&nbsp;Email for the new admin account

**Optional Arguments:**
- `-f`, `--fname` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;First name (default: Pwn)
- `-l`, `--lname` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Last name (default: Admin)
- `-r`, `--role` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Role to assign (default: administrator)
- `-k`, `--key` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Quentn API key if known
- `--cookie` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Cookie for authenticated bypass if available
- `--proxy` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Proxy support (e.g., http://127.0.0.1:8080)
- `--skip-ssl` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Skip SSL verification
- `--extra` &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Enable extra evasion headers

**Example:**
```bash
python3 CVE-2025-39596.py -u http://target.com/wordpress -e hacked@attacker.com --fname Root --lname User --proxy http://127.0.0.1:8080 --extra
```

---

## 📤 Output

- On **Success**:  
  `Exploit Success By | Nxploited`
- On **Failure**:  
  Shows the HTTP status code and response message for troubleshooting.

---

## ⚠️ Disclaimer

This tool is provided **for educational and authorized security testing purposes only**.  
**Any misuse is strictly prohibited.**  
The author is **not responsible** for any damage or misuse caused by this code.

---

**_By: Nxploited ( Khaled Alenazi )_**
File Snapshot

 [4.0K]  /data/pocs/a3811b7312f0afecd0378d9b14dab1d49b3ce026
├── [6.2K]  CVE-2025-39596.py
├── [1.5K]  LICENSE
├── [2.4K]  README.md
└── [  17]  requirements.txt

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.