CVE-2024-1698 Exploit Script – WordPress NotificationX <= 2.8.2 – SQL Injection This is an exploit script to find out wordpress admin's username and password hash by exploiting CVE-2024-1698. This Python script is intended for educational purposes only. It demonstrates a proof of concept for exploiting CVE-2024-1698 SQL injection vulnerability to extract admin credentials (username and password hash) from a WordPress website's NotificationX Analytics API. Please use this script responsibly and only on systems you are authorized to test. Unauthorized or malicious use is strictly prohibited. Disclaimer The author and contributors of this script are not responsible for any misuse, damage, or illegal activity caused by the use of this tool. Use at your own risk. Requirements Python 3.x requests library Usage Ensure you have Python 3.x installed on your system. Install the required dependencies by running: pip install requests Modify the url, delay, and other variables in the script according to your testing environment and requirements. Run the script: python exploit.py The script will attempt to extract the admin username and password hash. Results will be displayed if successful. Legal and Ethical Considerations Only use this script on systems you have explicit permission to test. Unauthorized access to computer systems is illegal and unethical. Respect the privacy and security of others. Do not use this script to access sensitive information without proper…Read More