Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-34077 PoC — WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE

Source
https://github.com/0xgh057r3c0n/CVE-2025-34077
Associated Vulnerability
Title:WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE (CVE-2025-34077)
Description:An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
Description
Poc for Unauthenticated Admin Session Hijack - Pie Register Plugin (≤ 3.7.1.4)
Readme
<p align="center">
  <a href="https://wordpress.org">
    <img src="https://upload.wikimedia.org/wikipedia/commons/9/98/WordPress_blue_logo.svg" width="100" alt="WordPress Logo">
  </a>
</p>

<h1 align="center">CVE-2025-34077</h1>
<p align="center"><b>Unauthenticated Admin Session Hijack - Pie Register Plugin (≤ 3.7.1.4)</b></p>

---

## 📌 Description

This exploit targets a vulnerability in the **Pie Register WordPress plugin** (versions ≤ 3.7.1.4), allowing **unauthenticated session hijacking of admin accounts**.

> 🛡️ **This tool is for authorized testing and research only. Do not use it on systems you do not own or have explicit permission to test.**

---

## 🧪 Proof of Concept

<p align="center">
  <img src="poc-success.png" width="700" alt="PoC Screenshot" />
</p>
---

## 🚀 Usage

```bash
python3 CVE-2025-34077.py http://target.site
````

### Example:

```bash
python3 CVE-2025-34077.py http://example.com
```

---

## ✅ Features

* Sends crafted POST payload to target site
* Extracts valid `Set-Cookie` values from unauthenticated response
* Confirms exploit success with cookie details
* Works with tools like Burp Suite or browser dev tools

---

## 🧠 Technical Details

* **Vulnerability Type:** Auth Bypass / Session Hijack
* **Plugin:** Pie Register for WordPress
* **Affected Versions:** ≤ 3.7.1.4
* **Vector:** Crafted POST request to login endpoint
* **Impact:** Attacker gains administrator-level access via hijacked cookies

---

## ⚠️ Disclaimer

This script is provided for:

* Educational purposes
* Authorized penetration testing
* Security research

**You are fully responsible** for any misuse. Unauthorized use of this tool may violate laws.

---

## 👤 Author

* **Handle:** 0xgh057r3c0n
* **GitHub:** [github.com/0xgh057r3c0n/CVE-2025-34077](https://github.com/0xgh057r3c0n/CVE-2025-34077)

---

## 📄 License

This project is licensed under the [MIT License](https://github.com/0xgh057r3c0n/CVE-2025-34077/blob/main/LICENSE).
File Snapshot

 [4.0K]  /data/pocs/2c463d1bd5229f8e1a255f05ddf9d212764b610f
├── [3.3K]  CVE-2025-34077.py
├── [2.0K]  CVE-2025-34077.yaml
├── [1.1K]  LICENSE
├── [1.2M]  poc-success.png
└── [2.0K]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →