WPScan rewritten in Python + some WPSeku ideas
-
Updated
Jun 4, 2021 - Python
WPScan rewritten in Python + some WPSeku ideas
Python Library for Static WordPress (Autmated Crawling, Post-Processing and Hosting)
AiGPT started from the concept of CVE‑2024‑27956 , the WP Automatic CSV injection — but has been completely rebuilt into a multi‑vector, unauthenticated WordPress exploitation engine. It now chains 13 real‑world CVEs to create an administrator account or drop a web shell directly, then automatically injects a reverse shell into the active theme
CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555
A comprehensive WordPress vulnerability scanner and exploitation framework for authorized penetration testing. This tool automatically detects and exploits multiple WordPress security vulnerabilities (CVEs) to help security professionals identify and patch weaknesses.
A PoC exploit for CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE)
Python Library to prepare and deploy a static version of a WordPress Installation on Netlify (Static Hosting Service Provider).
A WordPress plugin that manages the update of Rank Math metadata (SEO Title, SEO Description, Canonical URL, Focus Keyword) via the REST API for WordPress posts and WooCommerce products.
The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489
Wordpress Plugins List
Hacking WordPress Plugins - Authenticated Shell Upload, by compromising admin console and upload a malicious plugin with PHP (reverse shell code)
InfiniteWP Client < 1.9.4.5 - Authentication Bypass
Wordpress Security Scanner && Auto Exploiter
Audit, clean, and harden a WordPress site end to end, with an AI agent (Claude/Cursor/Codex/MCP or SSH). Detects & removes hidden malware — cloaking, backdoors, database injection — scores your security posture, and hardens safely. Free, open-source (AGPL-3.0).
A silly script that helps to download pdf files from https://masterthecase.com where all the pdf files are protected by a WordPress plugin called "Pdf Embedder Premium Secure", http://wp-pdf.com/
Domain Grabber Made With Love :3
A tool to exploit WordPress plugin vulnerabilities and extract database credentials
Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.
Zero-Day Vulnerability in File Manager Plugin 6.7 ( CVE 2020-25213 )
Add a description, image, and links to the wordpress-plugin topic page so that developers can more easily learn about it.
To associate your repository with the wordpress-plugin topic, visit your repo's landing page and select "manage topics."