Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-49328 PoC β€” WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability

Source
https://github.com/Nxploited/CVE-2024-49328-exploit
Associated Vulnerability
Title:WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability (CVE-2024-49328)
Description:Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
Readme
# CVE-2024-49328-exploit

## 🌟 Overview
This script exploits a privilege escalation vulnerability in the WP REST API FNS Plugin for WordPress. The vulnerability affects all versions up to and including `1.0.0`, allowing unauthenticated attackers to gain administrator privileges.


## βš™οΈ Usage
```bash
python script.py -u <site_url> -e <email> -p <password>
```
 ### πŸ” Details of Exploitation


| **Step** | **Description**                                               | **Icon**           |
|----------|---------------------------------------------------------------|--------------------|
| Step 1   | Verify the version of the plugin.            | πŸ“                 |
| Step 2   | Check if the version is exploitable (`1.0.0`,  or lower).| βœ…                 |
| Step 3   | Exploit the vulnerability and register a new admin user.      | πŸ”’             |
| Step 4   | Print the result with user credentials for verification.      | πŸŽ‰                 |

## ➑️ Example Output
```

Found Stable tag version: 1.0.0
Version 1.0.0 is exploitable.
Exploiting the site... Please wait.
Successfully
Username: Nxploit@admin.sa
Password: nxploit
```


### Install the required packages

```
pip install requests
```



## ⚠️ Disclaimer
🚨 Warning:

This script is for educational purposes only. Unauthorized use of this script against systems without explicit permission is illegal and unethical.
File Snapshot

 [4.0K]  /data/pocs/b41f38b5eb14fe74192eb0b561a12e44e8d3c06e
β”œβ”€β”€ [5.2K]  CVE-2024-49328.py
└── [1.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’