PoC for CVE-2025-47646 - WordPress PSW Front-end Login Registration Plugin ≤ 1.12 Unauthenticated Privilege Escalation# CVE-2025-47646 PoC
Unauthenticated Privilege Escalation exploit for **WordPress PSW Front-end Login Registration Plugin ≤ 1.12**
---
## 📖 Description
This Python script is a proof-of-concept (PoC) exploit for **CVE-2025-47646**, targeting a vulnerability in the **WordPress PSW Front-end Login Registration Plugin ≤ 1.12**.
The vulnerability allows an unauthenticated attacker to register new user accounts via an exposed AJAX action without proper validation or restrictions.
---
## 📌 Usage
### ▶️ Requirements:
- Python 3
- `requests` library
- `pyfiglet` library
Install required libraries:
```bash
pip install requests pyfiglet
```
---
### ▶️ Run the Exploit:
```bash
python3 CVE-2025-47646.py --url http://target.com --user testuser --password testpass123 --email test@example.com
```
**Arguments:**
- `--url` : Target WordPress site URL (with HTTP/HTTPS)
- `--user` : Username to register
- `--password` : Password for the new user
- `--email` : Email address for the new user
---
## ⚙️ Example
```bash
python3 CVE-2025-47646.py --url http://victim-site.com --user hacker --password Pass1234 --email hacker@example.com
```
---
## 📑 Notes
- This exploit depends on a specific form hash (`psw_form`) value which might vary depending on the target site setup. Ensure the value is correct for successful exploitation.
---
## 👨💻 Author
**Md Shoriful Islam (RootHarpy)**
---
## 📜 Disclaimer
This tool is created for educational and authorized penetration testing purposes only.
Unauthorized use of this tool against targets without consent is illegal.
[4.0K] /data/pocs/e3b1f45904783f8d5b4c7151ad0b30a1bf1fb154
├── [2.0K] CVE-2025-47646.py
└── [1.6K] README.md
0 directories, 2 files