CVE-2024-10124

This repository contains a functional exploit for CVE-2024-10124, which allows unauthenticated arbitrary plugin installation and activation in the Vayu Blocks WordPress plugin due to a missing capability check. The PoC includes both version checking and plugin installation functionality.

The repository contains functional exploit code for CVE-2024-10124, targeting a WordPress plugin vulnerability. The Python script demonstrates arbitrary file upload capabilities, confirming the vulnerability's exploitability.

The repository contains a functional proof-of-concept exploit for CVE-2024-10124, demonstrating an unauthenticated arbitrary plugin installation/activation vulnerability in the Vayu Blocks WordPress plugin. The PoC includes a crafted HTTP POST request to the vulnerable endpoint, which can lead to remote code execution if a vulnerable plugin is installed.