Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-10508 PoC — RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escal

Source
https://github.com/Jenderal92/CVE-2024-10508
Associated Vulnerability
Title:RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery (CVE-2024-10508)
Description:The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.
Description
This tool scans WordPress sites for vulnerabilities in the "RegistrationMagic" plugin (CVE-2024-10508). It checks for the presence of a specific version (`6.0.2.6`) and marks the site as vulnerable if found. The results are saved in a file (`vuln.txt`) for further analysis.
Readme
# CVE-2024-10508

<p>This tool scans WordPress sites for vulnerabilities in the <strong>RegistrationMagic</strong> plugin <strong>(CVE-2024-10508)</strong>. 
It checks for the presence of a specific version (6.0.2.6) and marks the site as vulnerable if found. 
The results are saved in a file (`vuln.txt`) for further analysis.</p>

## Features:
<ul dir="auto">
    <li>Scans WordPress websites for vulnerabilities in the "RegistrationMagic" plugin, specifically for CVE-2024-10508.</li>
    <li>Checks for the vulnerable version "6.0.2.6" of the plugin and flags those websites as vulnerable.</li>
    <li>Saves the URLs of vulnerable sites into a result file called "vuln.txt" for further review and reporting.</li>
</ul>

## Buy Coffee :
<ul dir="auto">
<li>Bitcoin $: 14nXhmRiQx5joCXFTdR8ydm3T8et7MFDXC</li>
<li>Saweria $: https://saweria.co/Shin403</li>
<li>Trakteer $: https://trakteer.id/shin403</li>
<li>Buymeacoffee $: https://www.buymeacoffee.com/shin.code</li>
<li>Ko-Fi $: https://ko-fi.com/shincode403</li>
</ul>

![Jenderal92 CVE-2024-10508](https://github.com/user-attachments/assets/7a5affc7-2400-47e7-b7f4-bd7b880b61fa)


## How To Run?
<ul dir="auto">
<li>Download and install Python from the official Python website: <a href="https://www.python.org">https://www.python.org</a>.</li>
<li>Install the required modules using the command: <code>pip install requests</code>.</li>
<li>Run the script with: <code>python file.py</code>.</li>
<li>Provide a list of sites (e.g., url.txt) as input.</li>
</ul>

## Disclaimer !!!

<p>I have written the disclaimer on the cover of Jenderal92. You can check it <a href="https://github.com/Jenderal92">HERE !!!</a></p>
File Snapshot

 [4.0K]  /data/pocs/ffcac6ca4dbd16d1e1fb50945afb579f2437d932
├── [1.5K]  CVE-2024-10508.py
└── [1.6K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →