Exploit for CVE-2024-54363

## https://sploitus.com/exploit?id=28A80CC8-6E77-591A-9496-32443D757D1B
# CVE-2024-54363-Exploit
Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.

# Description

The `nssTheme Wp NssUser Register` plugin for WordPress is vulnerable to an **Incorrect Privilege Assignment** issue, leading to **Privilege Escalation**. This vulnerability allows an attacker to register a new user with administrative privileges without proper authorization. The issue affects plugin versions up to **1.0.0**.

## Exploit Details
- **Affected Plugin**: `Wp NssUser Register`
- **Affected Versions**: Up to version `1.0.0`
- **Vulnerability Type**: Privilege Escalation
- **Requirements**: Access to the `/wp-admin/admin-ajax.php` endpoint with registration enabled.

### Install the required packages
```
pip install -r requirements.txt
```
## usage:
```
usage: CVE-2024-54363.py [-h] -u URL

Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation

options:
  -h, --help         show this help message and exit
  -u URL, --url URL  Base URL of the WordPress site
```

### Expected Output
```
The site http://target-wordpress-site.com is vulnerable. Exploitation in progress...
Exploitation successful!
Username: nxploit123
Password: nxploit
```

### Disclaimer
This script is provided for educational purposes only. The author is not responsible for any damages caused by the misuse of this script.