Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-6934 PoC — Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'

Source
https://github.com/0xgh057r3c0n/CVE-2025-6934
Associated Vulnerability
Title:Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' (CVE-2025-6934)
Description:The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
Description
CVE-2025-6934 is a critical vulnerability in the WordPress Opal Estate Pro plugin (<= 1.7.5) that allows unauthenticated attackers to create new administrator accounts through the plugin’s insecure AJAX registration process.
Readme
# CVE-2025-6934 – WordPress Opal Estate Pro Exploit
<p align="center">
  <img src="https://s.w.org/about/images/logos/wordpress-logo-notext-rgb.png" alt="WordPress Logo" width="200" height="200">
</p>

📖 Description
This repository contains a **Proof of Concept (PoC) exploit** for **CVE-2025-6934**, 
a critical vulnerability in **WordPress Plugin: Opal Estate Pro <= 1.7.5**, allowing **unauthenticated administrator account creation**.

⚠️ **Disclaimer**: This tool is provided for **educational and security research purposes only**.  
The author is **not responsible** for any misuse or damage caused.

---

## 🚀 Features
- Automatic detection of plugin version from `readme.txt`
- Nonce extraction for registration
- Exploits vulnerable AJAX endpoint
- Creates a new **administrator account**

---

## 🔧 Installation
Clone the repo and install dependencies:

```bash
git clone https://github.com/0xgh057r3c0n/CVE-2025-6934.git
cd CVE-2025-6934

pip3 install -r requirements.txt
````

**requirements.txt**

```
requests
beautifulsoup4
colorama
```

---

## ▶️ Usage

Run the script with your target:

```bash
python3 CVE-2025-6934.py -u http://target.com/ -mail newadmin@mail.com -password MySecurePass123 -user newadmin
```

✅ Example Output:

```
[✔] Exploit Successful!
    Username : newadmin
    Email    : newadmin@mail.com
    Password : MySecurePass123
    Role     : administrator
```

---

## 📸 Screenshot

![Exploit Screenshot](screenshot.png)

---

## 🛡️ Mitigation

* Update to the **latest version** of the plugin
* Or disable the vulnerable plugin immediately
* Monitor WordPress logs for unauthorized account creation

---

## 👤 Author

**Gaurav Bhattacharjee** (0xgh057r3c0n)

---

## 📜 License

This project is licensed under the **MIT License** – see the [LICENSE](LICENSE) file for details.
File Snapshot

 [4.0K]  /data/pocs/0611c08c68a78e093ee4e71990b2890eee8cd75f
├── [5.6K]  CVE-2025-6934.py
├── [2.5K]  CVE-2025-6934.yaml
├── [1.1K]  LICENSE
├── [1.8K]  README.md
├── [  33]  requirements.txt
└── [1.2M]  screenshot.png

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →