🚨 CVE-2025-4631 – Profitori WordPress Plugin Privilege Escalation Exploit 📌 Vulnerability Summary Profitori Plugin (versions 2.0.6.0 to 2.1.1.3) is vulnerable to unauthenticated privilege escalation due to a missing capability check in the /wp-json/stocktend/v1/stocktend_object endpoint. This allows remote attackers to escalate the privileges of existing users (or create new ones) by directly manipulating the wp_capabilities meta field. CVE: CVE-2025-4631 CVSS Score: 9.8 (Critical) Published: May 30, 2025 Last Updated: May 31, 2025 🛠️ What This Script Does This Python exploit automates the privilege escalation process by: ✅ Checking the plugin version via the readme.txt file. 🚀 Exploiting the vulnerable REST API endpoint if a vulnerable version is detected. 📡 Sending the payload to escalate a user’s privileges to Administrator. 🧾 Printing formatted, detailed results including the modified user’s credentials. If the version check fails, the exploit proceeds cautiously with a warning. 📸 Exploit Proof 💻 Usage bash usage: CVE-2025-4631.py [-h] -u URL -id ID [–email EMAIL] [–name NAME] [–url_field URL_FIELD] [–verbose] Example: bash python CVE-2025-4631.py -u https://nxploit.ddev.site -id 3 Sample Output: “` [📄] Checking plugin version at: https://nxploit.ddev.site/wp-content/plugins/profitori/readme.txt [✅] Vulnerable version detected: 2.1.1.3 [🚀] Exploiting in 3 seconds… [📡] Sending privilege escalation request to:…Read More