CVE-2025-34077

This exploit leverages an authentication bypass in Pie Register WordPress Plugin (CVE-2025-34077) to upload a malicious plugin containing a PHP web shell, achieving remote code execution (RCE). The script automates the process for multiple targets using threading.

This exploit demonstrates an unauthenticated privilege escalation vulnerability in the WordPress Pie Register plugin (version <= 3.7.1.4). By sending a crafted POST request with specific parameters, an attacker can obtain authentication cookies for the admin user (ID 1).

This PoC exploits an unauthenticated admin session hijack vulnerability in the Pie Register WordPress plugin (≤ 3.7.1.4) by sending a crafted POST request to extract valid admin cookies.

This repository provides a detailed walkthrough of exploiting CVE-2025-34077 in the Pie Register WordPress plugin, including steps for authentication bypass, privilege escalation, and achieving a reverse shell. It includes screenshots and explanations of the process but lacks actual exploit code.

This PoC exploits an unauthenticated admin session hijack vulnerability in the WordPress Pie Register plugin (≤ 3.7.1.4) by sending a crafted POST request to steal admin session cookies.

This Metasploit module exploits an authentication bypass vulnerability in WordPress Plugin Pie Register <= 3.7.1.4 to generate a valid admin cookie, then uploads a malicious plugin containing a PHP payload for remote code execution.