CVE-2024-49328 PoC — WordPress plugin WP REST API FNS 安全漏洞

Source

Associated Vulnerability

Readme

# CVE-2024-49328-exploit

## 🌟 Overview
This script exploits a privilege escalation vulnerability in the WP REST API FNS Plugin for WordPress. The vulnerability affects all versions up to and including `1.0.0`, allowing unauthenticated attackers to gain administrator privileges.


## ⚙️ Usage
```bash
python script.py -u <site_url> -e <email> -p <password>
```
 ### 🔍 Details of Exploitation


| **Step** | **Description**                                               | **Icon**           |
|----------|---------------------------------------------------------------|--------------------|
| Step 1   | Verify the version of the plugin.            | 📝                 |
| Step 2   | Check if the version is exploitable (`1.0.0`,  or lower).| ✅                 |
| Step 3   | Exploit the vulnerability and register a new admin user.      | 🔒             |
| Step 4   | Print the result with user credentials for verification.      | 🎉                 |

## ➡️ Example Output
```

Found Stable tag version: 1.0.0
Version 1.0.0 is exploitable.
Exploiting the site... Please wait.
Successfully
Username: Nxploit@admin.sa
Password: nxploit
```


### Install the required packages

```
pip install requests
```



## ⚠️ Disclaimer
🚨 Warning:

This script is for educational purposes only. Unauthorized use of this script against systems without explicit permission is illegal and unethical.

File Snapshot

 [4.0K]  /data/pocs/b41f38b5eb14fe74192eb0b561a12e44e8d3c06e
├── [5.2K]  CVE-2024-49328.py
└── [1.4K]  README.md

0 directories, 2 files

Remarks