Share 
## https://sploitus.com/exploit?id=F5AFCFFD-E11A-547A-A3E3-1A3B2ADBCFD9
# ๐Ÿšจ CVE-2025-47539 โ€“ WordPress Eventin Plugin Critical Exploit

## ๐Ÿ”ฅ Vulnerability Summary
The **Event Manager, Events Calendar, Tickets, Registrations โ€“ Eventin** plugin for WordPress is vulnerable to **unauthenticated privilege escalation** due to a missing authorization check in the `import_items()` function.

- ๐Ÿ”“ Affected Versions: `<= 4.0.26`
- ๐Ÿ†” CVE: `CVE-2025-47539`
- ๐Ÿšจ CVSS Score: `9.8 (Critical)`
- ๐Ÿ“… Public Disclosure: `May 7, 2025`
- ๐Ÿ”„ Last Updated: `May 15, 2025`

Unauthenticated attackers can craft a malicious request to the REST API and create a new user with `administrator` privileges without any user interaction.

---

## ๐Ÿ’ป About the Script

This Python script is a standalone exploitation tool for CVE-2025-47539.

It will:
- Auto-generate a valid CSV payload file.
- Upload the file to the vulnerable endpoint.
- Automatically trigger the import process.
- Provide immediate feedback including full credentials of the created admin account.

> โš ๏ธ This script is intended for educational use and professional security assessments only.

---

## โš™๏ธ Usage

```bash
usage: a.py [-h] -u URL

Exploit for CVE-2025-47539 # By Nxploited (Khaled Alenazi)

options:
  -h, --help     show this help message and exit
  -u, --url URL  Target base URL (e.g. http://target.com)
```

---

## โœ… Expected Output

```bash
By:Nxploited (Khaled_alenazi) |    NxploitBot@gmail.com
[+] Exploitation succeeded
[+] Response:
{"message":"Successfully imported speaker"}

[+] Exploited Account Details
    Name     : Nxploited (Khaled_alenazi)
    Email    : Nxploit@admin.sa
    Username : NxPloted
    Password : nxploit123
    Role     : administrator

Exploit: By: Nxploited (Khaled_alenazi)
Use this script for educational purposes only. I am not responsible for your actions.
```

---

## ๐Ÿ“Š Impact

More than **10,000+** WordPress sites are confirmed to be vulnerable to this exploit.  
All site administrators using Eventin **โ‰ค 4.0.26** should **immediately update** to version `4.0.28` or later.

---

## โš ๏ธ Disclaimer

This tool is provided **for educational and authorized penetration testing** purposes only.  
The creator is **not responsible for any misuse or damage** caused by this script.

---

## ๐Ÿ‘ค 

**By:** Nxploited ( Khaled_Alenazi )  
๐Ÿ“ง **Contact:** NxploitBot@gmail.com