CVE-2024-6624 PoC — WordPress plugin JSON API User安全漏洞

Source

Associated Vulnerability

Description

This is a Python script that exploits the CVE-2024-6624 vulnerability in the JSON API User <= 3.9.3 plugin for WordPress. 

Readme

# **CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation**

![CVE-2024-6624 Jenderal92](https://github.com/user-attachments/assets/4d8b4be0-cd0f-4f4e-a4af-e2c80c9c25c4)


This is a Python script that exploits the **CVE-2024-6624** vulnerability in the **JSON API User <= 3.9.3** plugin for WordPress. This tool allows unauthenticated attackers to register new users and escalate their privileges to administrator without authorization.

---

## **How to Use**

### **Preparation**

1. Ensure that Python 2.7 is installed on your system.  
2. Install the `requests` dependency:

   ```bash
   pip install requests
   ```

3. Prepare a text file (`urls.txt`) containing a list of target URLs (one URL per line).

---

### **Usage Steps**

1. Run the script:

   ```bash
   python CVE-2024-6624.py
   ```

2. Enter the filename containing the target URLs when prompted:

   ```bash
   Enter the filename containing the URL list: urls.txt
   ```

3. The script will process each URL in the list and attempt to exploit the vulnerability.

4. Successful exploit results will be saved in the `admin.txt` file in the following format:

   ```
   http://example.com/wp-login.php|ngocoxscrew|ngocoxs_crews+
   ```

---


## **Disclaimer**
I have written the disclaimer on the cover of Jenderal92. You can check it [HERE !!!](https://github.com/Jenderal92/)

File Snapshot

 [4.0K]  /data/pocs/dc4006dfbb2d8e151bd8b508c4a87aa110a4d9d4
├── [4.8K]  CVE-2024-6624.py
└── [1.3K]  README.md

0 directories, 2 files

Remarks