Jenderal92/CVE-2024-6624

# **CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation**  This is a Python script that exploits the **CVE-2024-6624** vulnerability in the **JSON API User <= 3.9.3** plugin for WordPress. This tool allows unauthenticated attackers to register new users and escalate their privileges to administrator without authorization. ## **How to Use** ### **Preparation** 1. Ensure that Python 2.7 is installed on your system. 2. Install the `requests` dependency: pip install requests 3. Prepare a text file (`urls.txt`) containing a list of target URLs (one URL per line). ### **Usage Steps** 1. Run the script: python CVE-2024-6624.py 2. Enter the filename containing the target URLs when prompted: Enter the filename containing the URL list: urls.txt 3. The script will process each URL in the list and attempt to exploit the vulnerability. 4. Successful exploit results will be saved in the `admin.txt` file in the following format: http://example.com/wp-login.php|ngocoxscrew|ngocoxs_crews+ ## **Disclaimer** I have written the disclaimer on the cover of Jenderal92. You can check it [HERE !!!](https://github.com/Jenderal92/)