Updates WPSploit - Exploiting Wordpress With Metasploit.

Updates WPSploit – Exploiting WordPress With Metasploit.

Latest Change 29/8/2015:
+ Added Youtube Embed XSS Vulnerability
— This module attempts to exploit a Cross-Site Scripting in Youtube
— This module attempts to exploit an Authenticated Cross-Site Scripting in Youtube Embed Plugin for WordPress, version 3.3.2 and likely prior in order if the instance is vulnerable.
+ 34 modules (14 exploits and 20 auxiliaries)
+ Added WP ACF FrontEnd Display File Upload Vuln Module.

WPSploit – Exploiting WordPress With Metasploit. This repository is designed for creating and/or porting of specific exploits for WordPress using metasploit as exploitation tool.

Example WordPress TheCartPress Plugin XSS Scanner with Msf::Auxiliary Modules.

Example WordPress TheCartPress Plugin XSS Scanner with Msf::Auxiliary Modules.

Module http – Msf::Auxiliary :
– WordPress TheCartPress Plugin XSS Scanner.
– spreadsheet xss scanner Plugin XSS Scanner.
– WordPress DukaPress Plugin File Read Vulnerability.
– WordPress GI-Media Library Plugin File Read Vulnerability.
– WordPress Business Inteligence Lite SQLi Scanner.
– WordPress Mashshare Plugin Info Disclosure.
– WordPress Source Control Plugin File Read Vulnerability.
– WordPress April\’s Super Function Pack XSS Scanner

Module WebApp Msf::Exploit::Remote :
– WordPress Business Intelligence Lite File Upload.
– WordPress Creative Contact Form Upload Vulnerability.
– WordPress InBoundio Marketing Upload Vulnerability.
– WordPress N-Media Website Contact Form Upload Vulnerability.
– WordPress Reflex Gallery Upload Vulnerability.
– WordPress WooCommerce Amazon Affiliates Upload Vulnerability.
– WordPress Woopra Analytics File Upload.
– WordPress Work The Flow Upload Vulnerability.
– WordPress Xerte Online Plugin File Upload Vuln.
– WordPress SlideShow Gallery Authenticated File Upload.
– Added WP ACF FrontEnd Display File Upload Vuln Module. *new

Download : Master.zip  | Clone Url  | Our Post Before
Source : https://github.com/espreto