Vulnerability & Exploit Database

Back to search

Wordpress XML-RPC Username/Password Login Scanner

This module attempts to authenticate against a Wordpress-site (via XMLRPC) using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Cenk Kalpakoglu <cenk.kalpakoglu [at]>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/scanner/http/wordpress_xmlrpc_login msf auxiliary(wordpress_xmlrpc_login) > show actions ...actions... msf auxiliary(wordpress_xmlrpc_login) > set ACTION <action-name> msf auxiliary(wordpress_xmlrpc_login) > show options and set options... msf auxiliary(wordpress_xmlrpc_login) > run

Related Modules