module
WordPress InfiniteWP Client Authentication Bypass
| Disclosed | Created |
|---|---|
| Jan 14, 2020 | Feb 10, 2020 |
Disclosed
Jan 14, 2020
Created
Feb 10, 2020
Description
This module exploits an authentication bypass in the WordPress
InfiniteWP Client plugin to log in as an administrator and execute
arbitrary PHP code by overwriting the file specified by PLUGIN_FILE.
The module will attempt to retrieve the original PLUGIN_FILE contents
and restore them after payload execution. If VerifyContents is set,
which is the default setting, the module will check to see if the
restored contents match the original.
Note that a valid administrator username is required for this module.
WordPress >= 4.9 is currently not supported due to a breaking WordPress
API change. Tested against 4.8.3.
InfiniteWP Client plugin to log in as an administrator and execute
arbitrary PHP code by overwriting the file specified by PLUGIN_FILE.
The module will attempt to retrieve the original PLUGIN_FILE contents
and restore them after payload execution. If VerifyContents is set,
which is the default setting, the module will check to see if the
restored contents match the original.
Note that a valid administrator username is required for this module.
WordPress >= 4.9 is currently not supported due to a breaking WordPress
API change. Tested against 4.8.3.
Authors
WebARX
wvu [email protected]
wvu [email protected]
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.