26 matches found
WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner', 'Description' = %q This module attempts to exploit a UNION-based SQL...
WordPress Mobile Pack Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Mobile Pack Information Disclosure Vulnerability', 'Description' = %q This module exploits an information disclosure vulnerability in...
WordPress REST API Content Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API Content Injection', 'Description' = %q This module exploits a content injection vulnerability in WordPress versions 4.7 and...
WordPress DukaPress Plugin File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress DukaPress Plugin File Read Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in WordPress...
WordPress WPLMS Theme Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPLMS Theme Privilege Escalation', 'Description' = %q The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated...
WordPress Google Maps Plugin SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Google Maps Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in a REST endpoint registered ...
WordPress Royal Elementor Addons RCE
Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin use exploit/multi/http/wproyalelementoraddonsrce msf exploitwproyalelementoraddonsrce show targets ...targets... msf exploitwproyalelementoraddonsrce set TARGET msf...
WordPress Backup Guard Authenticated Remote Code Execution Exploit
This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP...
WordPress wpDiscuz 7.0.4 Shell Upload Exploit
This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server. This module...
WordPress Total Upkeep Unauthenticated Backup Downloader
This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...
WordPress Google Maps Plugin SQL Injection
This module exploits a SQL injection vulnerability in a REST endpoint registered by the WordPress plugin wp-google-maps between 7.11.00 and 7.11.17 included. As the table prefix can be changed by administrators, set DBPREFIX accordingly. This module requires Metasploit:...
WordPress REST API Content Injection
This module exploits a content injection vulnerability in WordPress versions 4.7 and 4.7.1 via type juggling in the REST API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API...
WordPress Mobile Pack Information Disclosure Vulnerability
This module exploits an information disclosure vulnerability in WordPress Plugin "WP Mobile Pack" version 2.1.2, allowing to read files with privileges information. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework clas...
WordPress WPshop eCommerce 1.3.9.5 Shell Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WordPress WPshop eCommerce Arbitrary File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in...
WordPress SlideShow Gallery Authenticated File Upload Exploit
The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. You can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism instead of the WordPress API it's possible to upload any file type. This module requires...
Wordpress Reflex Gallery Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
WordPress Mobile Edition File Read Vulnerability
This module exploits a directory traversal vulnerability in WordPress Plugin "WP Mobile Edition" version 2.2.7, allowing to read arbitrary files with the web server privileges. This module requires Metasploit: https://metasploit.com/download Current source:...
Wordpress SlideShow Gallery Authenticated File Upload
The Wordpress SlideShow Gallery plugin contains an authenticated file upload vulnerability. An attacker can upload arbitrary files to the upload folder. Since the plugin uses its own file upload mechanism instead of the WordPress API, it's possible to upload any file type. This module requires...
WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution
This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable. This...
WordPress cache_lastpostdate Arbitrary Code Execution
This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'registerglobals' option is enabled common for hosting providers. All versions of WordPress prior to 1.5.1.3 are affected. This module requires Metasploit:...