Exploit Details
⚖️ Legal Disclaimer
Xenpaii Team holds absolute zero liability for your actions. This tool is provided "as is" for educational research and authorized auditing only. What you do with this power is your own burden.
Target Plugin: Kirki Customizer Framework (Affected: 6.0.0 - 6.0.6)
Vulnerability Type: Unauthenticated Privilege Escalation
Description:
The plugin contains a vulnerability in the 'handle_forgot_password' function, allowing unauthenticated remote attackers to escalate their privileges to administrator by bypassing the authentication mechanism.
Kerentanan ini terdapat pada fungsi 'handle_forgot_password', yang memungkinkan penyerang eksternal tanpa autentikasi untuk menaikkan hak akses mereka menjadi administrator dengan melewati mekanisme verifikasi kata sandi yang kurang aman.
References
Specifications
- Language: Python 3.x
- Requirements: requests, colorama
- Multi-threaded scanning support.
- Bypass common WAF signatures.