# CVE-2025-0316-Exploit
# CVE-2025-0316 Exploit Toolkit
🚨 Auth Bypass Exploit for WordPress Plugin WP Directorybox Manager <= 2.5
> 🔥 Automated exploit script for CVE-2025-0316 — Auth Bypass via vulnerable AJAX action.
### ⚠️ Legal Notice
This tool is intended strictly for:
- Research
- Red Team simulation
- Authorized security assessment
Using this tool against targets without consent is illegal.
---
## 🛠 Features
- 🔍 User enumeration via `?author=` trick
- 🚪 Exploit vulnerable plugin action to gain admin panel access
- 🧠 Auto cookie save + login popup
- 🌐 Proxy support + random user-agents
- 💻 Multi-threaded and delay-tunable
---
## ✅ Tested On
- WordPress 6.x
- Plugin: WP Directorybox Manager <= 2.5
---
## 🚀 Usage
```bash
python3 exploit.py -u https://victim-site.com -t 5 -d 1
```
Options:
- -u, --url: Target WordPress site
- -t, --threads: Number of parallel threads (default 3)
- -d, --delay: Delay between requests (default 1.5s)
---
---
## 📁 Output
- Logs saved in `logs/`
- Cookies saved as JSON
- Browser auto-login on success
---
---
##
```
⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣶⣖⠠⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠠⣿⣿⣿⣿⣾⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⢠⢤⡄⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⣿⣯⢻⡇⠀⠀⠀⠀⠀⠀⠀⢀⣤⣷⠏⠉⠉⢞⠀
⠀⠀⠀⠀⢀⢠⣤⣶⣿⣿⣿⣿⡽⢻⣷⣦⣆⣤⣀⣢⣤⡾⠟⠁⠀⠀⠀⠀⠀
⠀⠀⠀⢀⣭⣿⣿⣿⣿⣿⣿⣿⡿⡟⡘⢿⣿⣍⡉⢍⢁⠁⠀⠀⠀⡠⠀⢆⣠
⠀⠀⢠⣾⣯⣿⣿⣿⣿⢿⡻⣿⣿⣇⣷⣾⠻⣿⣿⣿⣷⣾⣷⣨⣣⣳⢾⣻⣝
⠀⣐⣽⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⠄⠹⢻⠻⡿⣿⣿⣷⣽⡷⣿⣏⡀
⣰⣾⣿⣿⣿⣿⣿⣿⣿⣿⣽⣿⢯⣼⣿⣿⡷⠀⠀⠀⠀⠈⠛⢾⡈⠙⢇⡌⢇
⣻⣿⣿⣿⡏⠈⣿⣿⣿⣿⣿⡿⡿⣿⣟⣿⣧⡧⠄⠀⠀⠀⠀⠀⠀⠀⠀⠈⠂
⢘⢿⣿⣿⣥⠻⣿⣿⣿⣿⡿⣿⣿⣟⣿⣿⣿⣿⣛⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠘⠁⡈⣻⣯⡭⡟⣿⣽⣿⣿⣿⣿⣿⣯⡛⠹⣿⣦⢀⠀⠀⠀⠀⢀⣀⣤⠔
⠀⠀⠀⡏⢩⣿⣿⣿⣿⣿⣿⣤⣦⣤⣈⣋⣭⡴⠾⣿⣿⡿⠞⠛⠛⠋⠉⠀⠀
⠀⠀⣘⠇⢾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣞⣷⡀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀
⠀⠀⡏⠀⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿⣿⣿⣿⣎⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠰⠀⠹⢻⡻⡽⢿⣳⠯⡹⣿⠷⡩⢿⣿⣿⣿⣿⣎⠓⠀⠀⠀⠀⠀⠀⠀⠀
```
##
this exploit is fully open source so u can use it without any tension or fear and if u find any issues in my code just send a msg to me ill fix it
# REQUIRMENTS
requests
colorama
termcolor
browser-cookie3
---
## 👤 Author
MrPayloadC
- A ORDINARY PERSON
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view