## https://sploitus.com/exploit?id=DB56658D-ACFA-56C6-A811-445EC0F2D79B
# **CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation**
This is a Python script that exploits the **CVE-2024-6624** vulnerability in the **JSON API User <= 3.9.3** plugin for WordPress. This tool allows unauthenticated attackers to register new users and escalate their privileges to administrator without authorization.
---
## **How to Use**
### **Preparation**
1. Ensure that Python 2.7 is installed on your system.
2. Install the `requests` dependency:
```bash
pip install requests
```
3. Prepare a text file (`urls.txt`) containing a list of target URLs (one URL per line).
---
### **Usage Steps**
1. Run the script:
```bash
python CVE-2024-6624.py
```
2. Enter the filename containing the target URLs when prompted:
```bash
Enter the filename containing the URL list: urls.txt
```
3. The script will process each URL in the list and attempt to exploit the vulnerability.
4. Successful exploit results will be saved in the `admin.txt` file in the following format:
```
http://example.com/wp-login.php|ngocoxscrew|ngocoxs_crews+
```
---
## **Disclaimer**
I have written the disclaimer on the cover of Jenderal92. You can check it [HERE !!!](https://github.com/Jenderal92/)