WordPress authentication brute force and user enumeration utility for Metasploit.
53dfbc1d57cd5b6f8db8a14f4805dbb9ee5be66043bb48948f6bbf77a879d57d
Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.
43efc5605f03f9b6b8bc960812c20a8df3e0ad4ba585ad37e94105a2c1f2b536