Exploit for CVE-2025-47646

## https://sploitus.com/exploit?id=FFAA823D-8FC8-56C0-B359-95136E869060
# CVE-2025-47646 PoC

Unauthenticated Privilege Escalation exploit for **WordPress PSW Front-end Login Registration Plugin ≤ 1.12**

---

## 📖 Description

This Python script is a proof-of-concept (PoC) exploit for **CVE-2025-47646**, targeting a vulnerability in the **WordPress PSW Front-end Login Registration Plugin ≤ 1.12**.  
The vulnerability allows an unauthenticated attacker to register new user accounts via an exposed AJAX action without proper validation or restrictions.

---

## 📌 Usage

### ▶️ Requirements:
- Python 3
- `requests` library
- `pyfiglet` library

Install required libraries:

```bash
pip install requests pyfiglet
```

---

### ▶️ Run the Exploit:

```bash
python3 CVE-2025-47646.py --url http://target.com --user testuser --password testpass123 --email test@example.com
```

**Arguments:**
- `--url` : Target WordPress site URL (with HTTP/HTTPS)
- `--user` : Username to register
- `--password` : Password for the new user
- `--email` : Email address for the new user

---

## ⚙️ Example

```bash
python3 CVE-2025-47646.py --url http://victim-site.com --user hacker --password Pass1234 --email hacker@example.com
```

---

## 📑 Notes

- This exploit depends on a specific form hash (`psw_form`) value which might vary depending on the target site setup. Ensure the value is correct for successful exploitation.

---

## 👨‍💻 Author

**Md Shoriful Islam (RootHarpy)**

---

## 📜 Disclaimer

This tool is created for educational and authorized penetration testing purposes only.  
Unauthorized use of this tool against targets without consent is illegal.