5 writeups tagged with WordPress
Dolphin CMS with a WordPress instance on port 81. Admin credential brute-force leads to plugin RCE and privilege escalation.
WordPress 4.7.2 on CentOS. Exploited outdated plugin for remote code execution and escalated via sudo misconfiguration.
WordPress BuddyForms plugin SSRF for local file read. Grafana SQLite injection for credentials. Telescope log viewer arbitrary file read for root key.
Gwolle Guestbook WordPress RFI via robots.txt discovery. Lateral move through sudo tar with --checkpoint shell execution.
Insane box chaining WordPress plugin creds, SMTP sniffing, RSA private key crack, and Vigenère cipher decode.
