CVE-2024-43998 PoC — WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability

Source

https://github.com/Nxploited/CVE-2024-43998

Associated Vulnerability

Title:WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability (CVE-2024-43998)
Description:Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.

Description

Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.

Readme

# CVE-2024-43998


# Description

**CVE-2024-43998**: Missing Authorization vulnerability in the `Blogpoet` theme allows access to functionality not properly constrained by ACLs. This issue affects Blogpoet versions from `n/a` through `1.0.3`.

## Usage

   ```bash

usage: CVE-2024-43998.py [-h] -u URL [-p PLUGIN]

CVE-2024-43998 exploit by Nxploited

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     The base URL of the WordPress site, e.g., http://192.168.100.74:888
  -p PLUGIN, --plugin PLUGIN
                        The plugin name to be installed and activated (default: wordpress-seo)
 ```



### Disclaimer
This script is intended for educational purposes and authorized security assessments only. Misuse of this script may result in legal consequences. Always obtain proper authorization before testing on any system.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!