CVE-2025-47646

The repository provides a detailed technical analysis of CVE-2025-47646, a broken authentication vulnerability in the PSW Front-end Login & Registration WordPress plugin. It includes a proof-of-concept request demonstrating how unauthenticated attackers can exploit the plugin's registration mechanism to create accounts with elevated privileges if the site's default_role is misconfigured.

The repository contains functional exploit code for CVE-2025-47646, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the exploit by uploading a malicious file to a vulnerable endpoint.

This repository contains a functional Python exploit for CVE-2025-47646, targeting an unauthenticated privilege escalation vulnerability in the WordPress PSW Front-end Login Registration Plugin ≤ 1.12. The exploit registers a new user account via an exposed AJAX action without proper validation.