WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution

This Metasploit module uses an authentication bypass vulnerability in WordPress Pie Register plugin versions 3.7.1.4 and below to generate a valid cookie. With this cookie, hopefully of the admin, it will generate a plugin, pack the payload into it and upload it to a server running WordPress.

Leave a Reply