exploit<p align="center">
<img src="banner.png" alt="CVE-2025-6934 Banner"/>
</p>
# CVE-2025-6934 > unauthenticated privilege escalation in opal estate pro
## Description
CVE-2025-6934 is a critical vulnerability in the **Opal Estate Pro** WordPress plugin (≤ v1.7.5).
This bug allows an **unauthenticated attacker** to create a new administrator account by sending a crafted request to:
```
/wp-admin/admin-ajax.php?action=opalestate\_register\_form
````
The root cause lies in the **nonce parsing (`opalestate-register-nonce`)** during the registration process, which is not properly validated.
This flaw allows attackers to bypass normal registration and directly create a new account with **administrator privileges**.
---
## Impact
- Remote unauthenticated attackers can create arbitrary admin accounts.
- Full access to the WordPress dashboard, plugins, themes, file manager, and potentially remote code execution (via malicious plugin upload).
- Fast escalation from **unauthenticated > full compromise**.
---
## Usage
Run the exploit tool with Python 3:
```bash
python3 exploit.py
````
You will be prompted for:
* `username` > New admin account username
* `password` > New admin account password
* `email` > Email address for the new account
* Target mode:
* **Single target** > Enter one target URL
* **Mass target** > Provide a file containing multiple target URLs
---
## Output
If successful, results are saved into `save.txt` in the format:
```
URL: https://example.com
USERNAME: admin123
PASSWORD: passw0rd!
EMAIL: attacker@example.com
ROLE: administrator
```
---
## Mitigation
* Update the **Opal Estate Pro** plugin to the latest patched version (> v1.7.5).
* Restrict anonymous access to `/wp-admin/admin-ajax.php` if possible.
* Audit WordPress user accounts after patching to detect unauthorized admins.
[4.0K] /data/pocs/435ed46f4db5cecd4395f73dbbc22717e76b1b77
├── [ 80K] banner.png
├── [5.6K] exploit.py
├── [1.8K] README.md
└── [ 41] requirements.txt
0 directories, 4 files