## https://sploitus.com/exploit?id=A8FE49FE-B963-55F5-8E02-5AC707D5293D
# ๐ Nuclei Template for CVE-2025-39459
## ๐ Overview
This repository features a Nuclei template specifically designed to detect an **Unauthenticated Privilege Escalation Vulnerability (CVE-2025-39459)** in the **Real Estate 7 WordPress Theme**. This issue allows unauthenticated attackers to register as administrators via a vulnerable AJAX action.
## ๐ Vulnerability Description
**CVE-2025-39459** arises from missing authorization checks on the `ct_add_new_member` AJAX action in the **Real Estate 7 WordPress Theme** versions up to 3.5.2. This allows unauthenticated attackers to register with administrator privileges by manipulating the `ct_user_role` parameter.
### ๐ Affected Versions
- **Real Estate 7 WordPress Theme**: Versions **up to and including 3.5.2**
### ๐ CVSS Score
- **Base Score**: 9.8 (Critical)
### ๐ท๏ธ CVSS Vector
- `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
## ๐ Template Details
This Nuclei template detects the vulnerability by:
1. Extracting the registration nonce from `/register` page
2. Sending an authenticated request to `admin-ajax.php` with `action=ct_add_new_member` and `ct_user_role=administrator`
3. Checking for `"success":true` in the JSON response
### ๐ ๏ธ Usage Instructions
To use this template with [Nuclei](https://nuclei.projectdiscovery.io/), make sure Nuclei is installed on your system. Then run the following command:
```bash
nuclei -t CVE-2025-39459.yaml -l list.txt
```
## ๐ค Author
This template was developed by [RootHarpy](https://github.com/rootharpy). For inquiries, collaboration, or contributions, feel free to connect via GitHub.