CVE-2024-25092

This PoC exploits CVE-2024-25092, a missing authorization vulnerability in NextMove Lite (<= 2.17.0), allowing authenticated attackers (subscriber+) to install and activate arbitrary WordPress plugins via the 'xl_addon_installation' function.

The repository contains functional exploit code for CVE-2024-25092, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target, confirming the exploit's effectiveness.

This Python script exploits CVE-2024-25092, a missing authorization vulnerability in the WordPress NextMove Lite plugin (versions <= 2.17.0), allowing authenticated users with subscriber-level permissions to install and activate arbitrary plugins.