CVE-2024-6244

This exploit demonstrates a CSRF vulnerability in the PZ Frontend Manager WordPress plugin (version <= 1.0.5), allowing an attacker to change a user's avatar via a crafted HTML form. The PoC includes a base64-encoded image payload and a script to auto-submit the form.

The repository contains functional exploit code for CVE-2024-6244, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.

This PoC exploits a CSRF vulnerability in the WordPress plugin pz-frontend-manager (versions <= 1.0.5) to change a user's profile picture without their consent. It includes version checking, authentication, and a crafted request to upload an image via admin-ajax.php.