Share
## https://sploitus.com/exploit?id=21EE1FAE-8D18-5E31-99DB-F5B0E0277828
# MODIFIED CVE-2024-25600 
(original -> https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT)

# WordPress Bricks Builder RCE Exploit

A Python exploit for CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution vulnerability.

## Description

This tool exploits a critical vulnerability in WordPress Bricks Builder plugin that allows unauthenticated remote code execution. The vulnerability exists in the `render_element` function which improperly handles user input, enabling arbitrary PHP code execution.

## Features

- **Automated Nonce Extraction**: Automatically fetches the required nonce from target sites
- **Interactive Shell**: Provides an interactive command execution interface
- **Bulk Scanning**: Scan multiple targets from a file with configurable threading
- **Dual Endpoint Support**: Tests both REST API endpoints used by Bricks Builder
- **Rich Output**: Colorful console output with status indicators

## Installation

### Requirements

```bash
pip3 install requests beautifulsoup4 rich prompt_toolkit
```
usage:
```bash
python3 cve-2024-25600.py -u https://example.com/
```
# what i have modified 
- removed unwanted imports
- removed unwanted progress bars
- simplified scan_file function
- direct shell access