module
WordPress Plugin Automatic Config Change to RCE
| Disclosed |
|---|
| 2021-09-06 |
Disclosed
2021-09-06
Description
This module exploits an unauthenticated arbitrary wordpress options change vulnerability
in the Automatic (wp-automatic) plugin address will be changed. User registration is
enabled, and default user role is set to administrator. A user is then created with
the USER name set. A valid EMAIL is required to get the registration email (not handled in MSF).
in the Automatic (wp-automatic) plugin address will be changed. User registration is
enabled, and default user role is set to administrator. A user is then created with
the USER name set. A valid EMAIL is required to get the registration email (not handled in MSF).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.