• WordPress Crop-image Shell Upload
    Disclosure Date: 2019-02-19
    First seen: 2020-04-26
    exploit/multi/http/wp_crop_rce
    This module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and <= 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently. Authors: - RIPSTECH Technology - Wilfried Becard <wilfried.becard@synacktiv.com>
  • WordPress Crop-image Shell Upload
    Disclosure Date: 2019-02-19
    First seen: 2020-04-26
    exploit/multi/http/wp_crop_rce
    This module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and <= 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently. Authors: - RIPSTECH Technology - Wilfried Becard <wilfried.becard@synacktiv.com>
  • WordPress PHPMailer Host Header Command Injection
    Disclosure Date: 2017-05-03
    First seen: 2020-04-26
    exploit/unix/webapp/wp_phpmailer_host_header
    This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely. Authors: - Dawid Golunski - wvu <wvu@metasploit.com>
  • WordPress REST API Content Injection
    Disclosure Date: 2017-02-01
    First seen: 2020-04-26
    auxiliary/scanner/http/wordpress_content_injection
    This module exploits a content injection vulnerability in WordPress versions 4.7 and 4.7.1 via type juggling in the REST API. Authors: - Marc Montpas - wvu <wvu@metasploit.com>
  • PHPMailer Sendmail Argument Injection
    Disclosure Date: 2016-12-26
    First seen: 2020-04-26
    exploit/multi/http/phpmailer_arg_injection
    PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes. Authors: - Dawid Golunski - Spencer McIntyre
  • PHPMailer Sendmail Argument Injection
    Disclosure Date: 2016-12-26
    First seen: 2020-04-26
    exploit/multi/http/phpmailer_arg_injection
    PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes. Authors: - Dawid Golunski - Spencer McIntyre
  • Wordpress XMLRPC DoS
    Disclosure Date: 2014-08-06
    First seen: 2020-04-26
    auxiliary/dos/http/wordpress_xmlrpc_dos
    Wordpress XMLRPC parsing is vulnerable to a XML based denial of service. This vulnerability affects Wordpress 3.5 - 3.9.2 (3.8.4 and 3.7.4 are also patched). Authors: - Nir Goldshlager - Christian Mehlmauer <FireFart@gmail.com>
  • WordPress cache_lastpostdate Arbitrary Code Execution
    Disclosure Date: 2005-08-09
    First seen: 2020-04-26
    exploit/unix/webapp/wp_lastpost_exec
    This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected. Authors: - str0ke <str0ke@milw0rm.com> - hdm <x@hdm.io>
  • WordPress Brute Force and User Enumeration Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/wordpress_login_enum
    WordPress Authentication Brute Force and User Enumeration Utility Authors: - Tiago Ferreira <tiago.ccna@gmail.com> - Zach Grace <zgrace@404labs.com> - Christian Mehlmauer <FireFart@gmail.com>
  • Wordpress Pingback Locator
    First seen: 2020-04-26
    auxiliary/scanner/http/wordpress_pingback_access
    This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the API an attacker can cause the wordpress site to port scan an external target and return results. Refer to the wordpress_pingback_portscanner module. This issue was fixed in wordpress 3.5.1 Authors: - Thomas McCarthy "smilingraccoon" <smilingraccoon@gmail.com> - Brandon McCann "zeknox" <bmccann@accuvant.com> - Christian Mehlmauer <FireFart@gmail.com>
  • WordPress Traversal Directory DoS
    First seen: 2020-04-26
    auxiliary/dos/http/wordpress_directory_traversal_dos
    Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. Authors: - Yorick Koster - CryptisStudents
11 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!