CVE-2025-4334

CRITICAL NUCLEI

Simple User Registration < 6.3 - Unauthenticated Privilege Escalation via User Meta Manipulation

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2025-4334. PoCs published by Nxploited, ctkqiang, 0xgh057r3c0n. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit automates privilege escalation in the Simple User Registration WordPress plugin by extracting form details and submitting a crafted registration request to create an administrator account.

Description

The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.

Exploits (5)

nomisec WORKING POC 7 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2025-4334

View Code ZIP pw:eip

This exploit automates privilege escalation in the Simple User Registration WordPress plugin by extracting form details and submitting a crafted registration request to create an administrator account.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Simple User Registration WordPress plugin <= 6.3

No auth needed

Prerequisites: Access to the registration form URL · WordPress site with vulnerable plugin installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC 4 stars

by ctkqiang · gopoc

https://github.com/ctkqiang/CVE-Exploits/tree/main/CVE-2025-4334

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2023-21980 (MySQL client library hijacking via UTF-16 path traversal) and CVE-2025-14847 (MongoDB zLib memory leak). The MySQL exploit demonstrates RCE via malicious library loading, while the MongoDB tool extracts heap memory via crafted OP_COMPRESSED packets.

Classification

Working Poc 95%

Attack Type

Rce, Info Leak

Complexity

Moderate

Reliability

Reliable

Target: MySQL Client (pre-8.0.33), MongoDB (multiple versions)

No auth needed

Prerequisites: gcc for compilation · network access to target · MySQL client with UTF-16 support · MongoDB with zlib compression enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 3 stars

by 0xgh057r3c0n · poc

https://github.com/0xgh057r3c0n/CVE-2025-4334

View Code ZIP pw:eip

This is a functional exploit for CVE-2025-4334, targeting an unauthenticated privilege escalation vulnerability in the Simple User Registration WordPress plugin (<= v6.3). It automates the creation of an administrator account by extracting form details and submitting a crafted registration request.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Simple User Registration WordPress plugin <= 6.3

No auth needed

Prerequisites: Access to the target WordPress site with the vulnerable plugin installed · URL of the registration form page

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC 1 stars

by vinodwick · pythonpoc

https://github.com/vinodwick/CVE-2025-4334

View Code ZIP pw:eip

This Python script exploits an unauthenticated privilege escalation vulnerability in Simple User Registration plugin for WordPress by crafting a malicious registration request with administrator role assignment. It extracts necessary form details (nonce, form_id) and submits a crafted POST request to elevate privileges.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Simple User Registration plugin for WordPress <= 6.3

No auth needed

Prerequisites: WordPress site with vulnerable Simple User Registration plugin · Access to registration form page

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-4334

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-4334, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: target URL · malicious file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation

CRITICALVERIFIEDby pussycat0x

Shodan: http.component:"wordpress" && http.html:"/wp-content/plugins/simple-user-registration/"

References (3)

Core 3

Core References

https://plugins.trac.wordpress.org/changeset/3327946/

Product

https://plugins.trac.wordpress.org/browser/wp-registration/trunk/inc/classes/class.register.php#L135

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c211e0c0-3086-43d2-853c-489f9c42b0ab?source=cve

Scores

CVSS v3 9.8

EPSS 0.0205

EPSS Percentile 78.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

najeebmedia/simple_user_registration < 6.3

nmedia/Simple User Registration < 6.3

Published Jun 26, 2025

Tracked Since Feb 18, 2026