Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2833 PoC — ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

Source
https://github.com/Alucard0x1/CVE-2023-2833
Associated Vulnerability
Title:ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation (CVE-2023-2833)
Description:The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
Description
Mass Exploit Privileges Authentication (Subscriber to Administrator) - Wordpress Plugin ReviewX
Readme
# CVE-2023-2833 Mass Exploit Generator by Alucard0x1

This repository contains an exploit for CVE-2023-2833, a privilege escalation vulnerability in the ReviewX plugin for WordPress versions up to and including 1.6.13.

## Description

The ReviewX plugin is vulnerable to privilege escalation, allowing a subscriber-level user to escalate their privileges to administrator-level.

## Usage

1. Create a subscriber account on the target website using the following credentials:
   - Username must be named set to = tt
   - Password must be set to = tt

2. Clone this repository and navigate to the exploit directory.

3. Prepare a `url.txt` file that contains a list of target website URLs, with one URL per line (main domain).

4. Run the exploit script by executing the following command:


```bash
Alucard0x1MassExploit.exe url.txt
```


## Credits

- Exploit Credit & Author: Lana Codes ([Lana Codes](https://lana.codes/lanavdb/a889c3ff-5df0-4d7e-951f-0b0406468efa/))
- Exploit Generator by : Alucard0x1
- CVE Information: [CVE-2023-2833](https://www.cve.org/CVERecord?id=CVE-2023-2833)

## Disclaimer

This exploit is provided for educational purposes only. Use it at your own risk. The author and OpenAI do not take responsibility for any illegal activities conducted with this exploit.
File Snapshot

 [4.0K]  /data/pocs/a25ca132fc89200aace4647634ad7975e96c1b2a
├── [ 15M]  Alucard0x1MassExploit.exe
├── [1.3K]  README.md
└── [  23]  url.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →