POC详情: d7a3833c1a30b94e4d30b1329a4b49f351da2cfa

来源
https://github.com/Nxploited/CVE-2025-5701
关联漏洞
标题: WordPress plugin HyperComments 安全漏洞 (CVE-2025-5701)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin HyperComments 1.2.2及之前版本存在安全漏洞,该漏洞源于缺少能力检查,可能导致权限提升。
描述
 WordPress HyperComments Plugin <= 1.2.2 is vulnerable to Privilege Escalation
介绍

# CVE-2025-5701 - Unauthenticated Privilege Escalation Exploit


**Severity:** CRITICAL (CVSS 9.8)  
**Plugin Affected:** HyperComments for WordPress  
**Versions Affected:** ≤ 1.2.2

---

## 📌 Vulnerability Summary

The **HyperComments** plugin for WordPress is vulnerable to unauthorized modification of WordPress options due to a missing capability check in the `hc_request_handler` function. This allows **unauthenticated attackers** to update **arbitrary WordPress options**, such as:

- Enabling user registration (`users_can_register`)
- Changing the default role assigned to newly registered users (`default_role`)

By chaining these together, an attacker can enable registration and ensure any new user is automatically granted the **Administrator** role.

---

### 🧨 CVSS Score

```
CVSS v3.1: 9.8 CRITICAL  
AV:N / AC:L / PR:N / UI:N / S:U / C:H / I:H / A:H
```

---


## 📦 Usage

```
CVE-2025-5701 - Unauthenticated Privilege Escalation Exploit
By: Khaled Alenazi (Nxploited)

usage: CVE-2025-5701.py [-h] -u URL

CVE-2025-5701 - Unauthenticated Privilege Escalation Exploit by Khaled Alenazi (Nxploited)

options:
  -h, --help     show this help message and exit
  -u, --url URL  Target base URL (e.g., http://target-site.com)
```

---
## 📦 Example
```
python3 CVE-2025-5701.py -u http://target-site.com
```
## 💬 Example Output

```
CVE-2025-5701 - Unauthenticated Privilege Escalation Exploit
By: Khaled Alenazi (Nxploited)

[+] Target is vulnerable (version: 1.2.2) - proceeding with exploitation.
[+] Exploit endpoint is accessible.
[+] Server response: {"result":"success"}
[+] Registration is now enabled. New users will be assigned administrator role.
[+] Register here: http://target-site.com/wp-login.php?action=register

Exploit by: Khaled Alenazi (Nxploited)
```

---

## ⚠️ Disclaimer

This script is provided for **educational purposes only**. Unauthorized access to systems without permission is illegal and unethical. Use only in controlled environments or with explicit authorization.

---

*Nxploited (Khaled_alenazi)*
文件快照

 [4.0K]  /data/pocs/d7a3833c1a30b94e4d30b1329a4b49f351da2cfa
├── [4.0K]  CVE-2025-5701.py
├── [1.1K]  LICENSE
├── [2.0K]  README.md
└── [   9]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。