CVE-2024-54363

CRITICAL

nssTheme Wp NssUser Register <1.0.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-54363. PoCs published by Nxploited, Boshe99, RandomRobbieBF.

AI-analyzed exploit summary This PoC exploits an Incorrect Privilege Assignment vulnerability in the Wp NssUser Register WordPress plugin, allowing unauthenticated users to register as administrators. The script checks the plugin version and sends a crafted POST request to escalate privileges.

Description

Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.

Exploits (3)

nomisec WORKING POC 1 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-54363-Exploit

View Code ZIP pw:eip

This PoC exploits an Incorrect Privilege Assignment vulnerability in the Wp NssUser Register WordPress plugin, allowing unauthenticated users to register as administrators. The script checks the plugin version and sends a crafted POST request to escalate privileges.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Wp NssUser Register plugin for WordPress <= 1.0.0

No auth needed

Prerequisites: Access to the target WordPress site's /wp-admin/admin-ajax.php endpoint · Plugin version <= 1.0.0

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-54363-Exploit

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-54363, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: target URL · path to the file to be uploaded

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-54363

View Code ZIP pw:eip

This PoC demonstrates an unauthenticated privilege escalation vulnerability in the Wp NssUser Register WordPress plugin (version <= 1.0.0). The exploit sends a crafted POST request to register a new user with administrator privileges.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Wp NssUser Register WordPress plugin <= 1.0.0

No auth needed

Prerequisites: WordPress site with vulnerable plugin installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.0182

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-266

Status published

Products (2)

nssTheme/Wp NssUser Register < 1.0.0

saiful.total/Wp NssUser Register < 1.0.0

Published Dec 16, 2024

Tracked Since Feb 18, 2026