This Metasploit module allows you to export Wordpress data (such as the database, plugins, themes, uploaded files, etc) via the All-in-One Migration plugin without authentication.
9bdc122b893b2c4e99a62a27a708eeb673d8bcdfb2020c9ca3a67f16d7102653
WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.
2747a0842119425378a1378f7692a4eca0ef390a27497cfbb5b9ecd9e53c5e9f
Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.
cc15398ab11d0e8cb5fd8ef9052046e7b29bea4c4d0c3133e418bc99ac79897b