CVE-2025-4334 PoC — WordPress plugin Simple User Registration 安全漏洞

Source

https://github.com/0xgh057r3c0n/CVE-2025-4334

Associated Vulnerability

Title:WordPress plugin Simple User Registration 安全漏洞 (CVE-2025-4334)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Simple User Registration 6.3及之前版本存在安全漏洞，该漏洞源于用户元值限制不足，可能导致权限提升。

Description

Proof-of-concept exploit for CVE-2025-4334, a privilege escalation vulnerability in the Simple User Registration WordPress plugin (<= 6.3), allowing unauthenticated attackers to create administrator accounts.

Readme

<p align="center">
  <img src="https://s.w.org/style/images/about/WordPress-logotype-wmark.png" alt="WordPress Logo" width="150"/>
</p>

# CVE-2025-4334 - Simple User Registration <= 6.3 Unauthenticated Privilege Escalation

**Exploit Title:** Simple User Registration <= 6.3 – Unauthenticated Privilege Escalation  
**Author:** Gaurav Bhattacharjee (0xgh057r3c0n)  
**CVE ID:** CVE-2025-4334  

This exploit targets a vulnerability in the **Simple User Registration plugin for WordPress (<= v6.3)**, allowing **unauthenticated attackers** to escalate privileges and create a new administrator account.

---

## ⚙️ Installation

Clone the repository and install the required Python dependencies:

```bash
git clone https://github.com/0xgh057r3c0n/CVE-2025-4334.git
cd CVE-2025-4334
pip3 install -r requirements.txt
````

Dependencies:

* `requests`
* `colorama`

---

## 🚀 Usage

```bash
python3 CVE-2025-4334.py -u <base_url> --form <form_url>
```

**Arguments:**

* `-u / --url` → Base WordPress URL (e.g. `https://target.com/wordpress/`)
* `--form` → Full URL of the registration form (e.g. `https://target.com/wpr/default-registration/`)

**Example:**

```bash
python3 CVE-2025-4334.py -u https://example.com/wordpress --form https://example.com/wpr/default-registration/
```

---

## 📜 Sample Output

```
[*] Fetching form details...
[i] Extracted Nonce   : 1a2b3c4d5e
[i] Extracted Form ID : 12
[i] Referer Path      : /wpr/default-registration/
[*] Sending exploit payload...
[i] HTTP Response Code : 200
[i] Server Response    : {"success":true,"user_id":2}

[+] Exploitation Successful
[+] Username   : 0xgh057r3c0nadmin
[+] First Name : 0xgh057r3c0nadmin
[+] Last Name  : 0xgh057r3c0nadmin
[+] Email      : test@admin.com
[+] Password   : Wiz007@8876@
[+] Role       : administrator

Exploit By : Gaurav Bhattacharjee (0xgh057r3c0n)
```

---

## ⚠️ Disclaimer

This tool is provided for **educational and research purposes only**.
Unauthorized use against systems without permission is illegal.
The author takes **no responsibility** for misuse.

---

## 📄 License

This project is licensed under the [MIT License](LICENSE).

File Snapshot


 [4.0K]  /data/pocs/b11415ed6a265da7f4eff601d4a2e834d83a78a9
├── [4.9K]  CVE-2025-4334.py
├── [2.8K]  CVE-2025-4334.yaml
├── [1.1K]  LICENSE
├── [2.1K]  README.md
└── [  18]  requirements.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!