WPScan rewritten in Python + some WPSeku ideas

Python Library for Static WordPress (Autmated Crawling, Post-Processing and Hosting)

AiGPT started from the concept of CVE‑2024‑27956 , the WP Automatic CSV injection — but has been completely rebuilt into a multi‑vector, unauthenticated WordPress exploitation engine. It now chains 13 real‑world CVEs to create an administrator account or drop a web shell directly, then automatically injects a reverse shell into the active theme

CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

A PoC exploit for CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE)

Python Library to prepare and deploy a static version of a WordPress Installation on Netlify (Static Hosting Service Provider).

A comprehensive WordPress vulnerability scanner and exploitation framework for authorized penetration testing. This tool automatically detects and exploits multiple WordPress security vulnerabilities (CVEs) to help security professionals identify and patch weaknesses.

The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489

Wordpress Plugins List

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

Wordpress Security Scanner && Auto Exploiter

A silly script that helps to download pdf files from https://masterthecase.com where all the pdf files are protected by a WordPress plugin called "Pdf Embedder Premium Secure", http://wp-pdf.com/

Domain Grabber Made With Love :3

Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.

A tool to exploit WordPress plugin vulnerabilities and extract database credentials

Zero-Day Vulnerability in File Manager Plugin 6.7 ( CVE 2020-25213 )

SharkXploit Wordpress Auto Exploit is a great tools for search vulnerability in wordpress

WooCommerce Checker

WordPress vulnerability data