CVE-2024-43998

The repository contains a functional proof-of-concept exploit for CVE-2024-43998, demonstrating unauthorized plugin installation and activation in the Blogpoet WordPress theme due to a missing capability check in the `blogpoet_install_and_activate_plugins()` function. The PoC includes a crafted HTTP POST request to `/wp-admin/admin-ajax.php` that triggers the vulnerability.

The repository contains a functional exploit for CVE-2024-43998, a missing authorization vulnerability in the Blogpoet WordPress theme. The exploit checks the theme version and sends a crafted POST request to install and activate arbitrary plugins via an unauthenticated admin-ajax.php endpoint.

The repository contains functional exploit code for CVE-2024-43998, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.