WordPress is one of the most popular CMS available for websites. It can be used to create a beautiful website, blog, or app. As its developers say, “WordPress is both free and priceless at the same time”. Its latest release to time, 4.5 has been downloaded 40,446,377 times till editing of this howto. But being popular in field of hacking has its own disadvantages. The latest version suffers from oEmbed Denial of Service (DoS), Password Change via Stolen Cookie and Redirect Bypass vulnerabilities.
Similarly every version of WordPress has some vulnerability or other. But how do we find out which version of WordPress is the site running. Metasploit has an auxiliary module for WordPress version detection. Let’s see how it works.
Start Metasploit and load the module. Type command “show options” to see the options we required for this module.
Multiple IP addresses can be set as shown below. I am trying five targets.
After assigning IP addresses, type command “run” to execute the exploit. The first target is my own. As you can see, our two of our targets responded with their version. But what about others? Maybe a firewall is blocking our request or maybe our targeturi is wrong. Please try this scan with targeturi set to “/” and also “/wordpress” for better results.
By the way, version 4.1 suffers from a arbitrary file upload vulnerability.