Tag: wordpress

Posted on by

WordPress hacking guide for beginners

Hello aspiring hackers. In this howto we will learn about hacking wordpress with Revslider plugin exploit. This howto is a direct sequel to our previous howto  WordPress vulnerability assessment with WPscan, so I suggest you go through that how to first and look out for the Easter eggs. This howto is based on one of the vulnerabilities we found in our previous howto.

New to Ethical Hacking?

Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).

Inside the free guide, you’ll learn:.

Download the free starter kit and start learning ethical hacking today

To those newbies, who don’t know what is revolution slider,  it is a popular plugin used by many wordpress websites. Well, I am sure you have heard about Panama papers leak. Yeah, I’m talking about the leak of 11.5m files from the database of the world’s fourth biggest offshore law firm, Mossack Fonseca. It has been identified that Mossack Fonseca was using a vulnerable version of WordPress revslider plugin which resulted in the hack. All versions of the plugin from 2.1.7 to 3.0.95 are vulnerable to the attack.

This exploit was made public last year but still there are many wordpress websites using the vulnerable plugin( as with the case of Mossack fonseca ). Now let us see how this exploit works in Metasploit. Start Metasploit and search for our exploit as shown below.

Load the exploit as shown below.

Set the required options as shown below.

Set the required payload. Here for illustration I am setting the famous meterpreter payload.

Want to Learn Ethical Hacking Step-by-Step?

If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:

✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained

Get the free starter kit here

You can also check if your target is vulnerable by using “check” command as shown below.( But we already know our target is vulnerable).

You can execute the exploit by typing “exploit”. If all went well, you will get the meterpreter shell on victim system.

That was all about hacking wordpress with Revslider plugin exploit.

Start Your Ethical Hacking Journey Today

Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:

✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply

Get the free starter kit now and begin your ethical hacking journey
Posted on by 2 Comments

Beginners guide to WPScan

Hello aspiring ethical hackers. In this blogpost, you will learn about WPScan, a tool used to perform WordPress vulnerability assessment. WordPress is one of most popular Content Management system (CMS) WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues and also for enumeration. Let’s se how it works. It is installed by default in Kali Linux and we are going to use the same for this tutorial. Now open a terminal and update our tool by typing command as shown below.

New to Ethical Hacking?

Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).

Inside the free guide, you’ll learn:.

  • Ethical hacking fundamentals
  • Beginner cybersecurity roadmap
  • Essential hacking tools
  • Common vulnerabilities explained
Download the free starter kit and start learning ethical hacking today
wpscan

To scan a WordPress website, all you have to give is the URL as shown below. For this blogpost, I am using a local installation of WordPress as target.  Assign the target as shown below. The scan will start as shown below.

Here are the screenshots of result of this scan. As you can see we have  13 vulnerabilities in the present installation and the vulnerabilities are given below.

One of the easiest ways to hack a WordPress site is to exploit the plugins installed in the target as most of the WordPress vulnerabilities nowadays exist in the plugins installed on it. So it is very important to enumerate the plugins installed on our WordPress target. We can enumerate the plugins using the “enumerate” option as shown below.

The scan result will be as shown below.( And there you have the first Easter egg). So totally we found four plugins. The first one is Ajax Load More Plugin. As the red exclamation mark shows, it is vulnerable.

wpscan

The second plugin is the vulnerable version of Akismet.

Want to Learn Ethical Hacking Step-by-Step?

If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:

✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained

Get the free starter kit here

The third vulnerable plugin is the WordPress Slider revolution plugin. We will see more about this in our next blogpost.

Another important aspect to find vulnerabilities in the WordPress is its theme.  Now let’s enumerate the theme as shown below. The vulnerabilities present in the theme are given below.

After that let’s enumerate the users in our remote target as shown below.

We can see that the only username in our target. That’s WPscan for you. Hope it was helpful to you and wait for the sequels.

Start Your Ethical Hacking Journey Today

Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:

✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply

Get the free starter kit now and begin your ethical hacking journey