All pages
Powered by GitBook
1 of 2

WordPress

Manual

Information Gathering

  • license.txt (wordpress version)

  • wp-activate.php

  • wp-content/uploads/

  • wp-includes/

  • wp-config.php

# get wordpress version
curl https://victim.com/ | grep 'content="WordPress'

Users / IP

Check for usernames : /wp-json/wp/v2/users

Could leak IP addresses : /wp-json/wp/v2/pages

# get author name = potential user
curl -s -I -X GET http://blog.example.com/?author=1

xmlrpc.php

Active

Credentials brute-force or use it to launch DoS attacks

Exploit

SSRF

/wp-json/oembed/1.0/proxy

Try

WPScan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

Commands - with API

Default

Private Commands - with API

Loading...