Vulnerability & Exploit Database

Back to search

WordPress Symposium Plugin SQL Injection

This module exploits a SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress, which allows remote attackers to extract credentials via the size parameter to get_album_item.php.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • PizzaHatHacker
  • Matteo Cantoni <goony [at]>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/admin/http/wp_symposium_sql_injection msf auxiliary(wp_symposium_sql_injection) > show actions ...actions... msf auxiliary(wp_symposium_sql_injection) > set ACTION <action-name> msf auxiliary(wp_symposium_sql_injection) > show options and set options... msf auxiliary(wp_symposium_sql_injection) > run