wordpress-login: WordPress login

漏洞描述

PoC代码[已公开]

id: wordpress-login

info:
  name: WordPress login
  author: its0x08
  severity: info
  verfied: true
  description: |-
    fofa: app="WordPress"
  tags: wordpress,login
  created: 2023/11/13

rules:
  r0:
    request:
      method: GET
      path: /wp-login.php
    expression: response.status == 200 && (response.body.ibcontains(b'WordPress</title>') || response.body.bcontains(b'/wp-login.php?action=lostpassword">Lost your password?</a>') || response.body.bcontains(b'<form name="loginform" id="loginform" action="{{hosturl}}/wp-login.php" method="post">'))
expression: r0()

相关漏洞推荐

• WordPress Plugin Alone Theme /wp-admin/admin-ajax.php beplus_import_pack_install_plugin 文件上传漏洞（CVE-2025-5394）
• WordPress Time Clock 插件 /wp-admin/admin-ajax.php 代码执行漏洞 （CVE-2024-9593）
• WordPress Ditty /wp-json/dittyeditor/v1/displayItems 服务器端请求伪造漏洞
• Yealink T53 Phone /api/auth/login 默认口令漏洞
• POC 深圳勤杰软件有限公司勤杰DHR数智人力资源共享平台ScanLogin.ashx loginId参数存在SQL注入
• 天锐绿盾审批系统 trwfe/login.jsp/.%2e/user/findUserPageExcludeCurrentUser.do SQL 注入漏洞
• WordPress AI Engine /wp-json/mcp/v1 信息泄露漏洞（CVE-2025-11749）
• POC 网神SecFox运维安全管理与审计系统 /3.0/authService/login 命令执行漏洞
• WordPress wp-event-solution 插件 /wp-admin/admin-ajax.php 文件读取漏洞（CVE-2025-47445）
• 恒友摄影ERP login.ashx SQL注入漏洞
• POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
• POC CVE-2024-39646: WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS
• POC CVE-2024-6220: WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload