Share
## https://sploitus.com/exploit?id=A8FE49FE-B963-55F5-8E02-5AC707D5293D
# ๐Ÿ“„ Nuclei Template for CVE-2025-39459

## ๐Ÿš€ Overview

This repository features a Nuclei template specifically designed to detect an **Unauthenticated Privilege Escalation Vulnerability (CVE-2025-39459)** in the **Real Estate 7 WordPress Theme**. This issue allows unauthenticated attackers to register as administrators via a vulnerable AJAX action.

## ๐Ÿ” Vulnerability Description

**CVE-2025-39459** arises from missing authorization checks on the `ct_add_new_member` AJAX action in the **Real Estate 7 WordPress Theme** versions up to 3.5.2. This allows unauthenticated attackers to register with administrator privileges by manipulating the `ct_user_role` parameter.

### ๐Ÿ›‘ Affected Versions

- **Real Estate 7 WordPress Theme**: Versions **up to and including 3.5.2**

### ๐Ÿ“Š CVSS Score

- **Base Score**: 9.8 (Critical)

### ๐Ÿท๏ธ CVSS Vector

- `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`

## ๐Ÿ“‹ Template Details

This Nuclei template detects the vulnerability by:
1. Extracting the registration nonce from `/register` page
2. Sending an authenticated request to `admin-ajax.php` with `action=ct_add_new_member` and `ct_user_role=administrator`
3. Checking for `"success":true` in the JSON response

### ๐Ÿ› ๏ธ Usage Instructions

To use this template with [Nuclei](https://nuclei.projectdiscovery.io/), make sure Nuclei is installed on your system. Then run the following command:

```bash
nuclei -t CVE-2025-39459.yaml -l list.txt
```

## ๐Ÿ‘ค Author

This template was developed by [RootHarpy](https://github.com/rootharpy). For inquiries, collaboration, or contributions, feel free to connect via GitHub.