CVE-2025-4334

This exploit automates privilege escalation in the Simple User Registration WordPress plugin by extracting form details and submitting a crafted registration request to create an administrator account.

The repository contains functional exploit code for CVE-2023-21980 (MySQL client library hijacking via UTF-16 path traversal) and CVE-2025-14847 (MongoDB zLib memory leak). The MySQL exploit demonstrates RCE via malicious library loading, while the MongoDB tool extracts heap memory via crafted OP_COMPRESSED packets.

This is a functional exploit for CVE-2025-4334, targeting an unauthenticated privilege escalation vulnerability in the Simple User Registration WordPress plugin (<= v6.3). It automates the creation of an administrator account by extracting form details and submitting a crafted registration request.

This Python script exploits an unauthenticated privilege escalation vulnerability in Simple User Registration plugin for WordPress by crafting a malicious registration request with administrator role assignment. It extracts necessary form details (nonce, form_id) and submits a crafted POST request to elevate privileges.

The repository contains functional exploit code for CVE-2025-4334, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.