Skip to content

Instantly share code, notes, and snippets.

Last active February 7, 2017 04:57
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Find sites vulnerable to Wordpress Content Injection Vulnerability. For background see
import xml.etree.ElementTree as ET
import requests
import re
import logging as log
# 1. Run Nmap on your hosts. This will already match some versions.
# nmap -Pn --script 'http-wordpress-info' -phttp,https -iL wordpress-domains.txt -oX output.xml
# 2. Run this script on the `output.xml` file to find versions.
'content="WordPress ([\d\.]+)'
user_agent = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36'}
tree = ET.parse('output.xml')
hosts = tree.findall('.//host')
for h in hosts:
hostname = h.find('hostnames/hostname[@type="user"]').attrib['name']
wp_version = None
resp = requests.get('http://%s' % hostname, timeout=20, headers=user_agent)
for rex in VERSION_REX:
if re.findall(rex, resp.text):
wp_version = re.findall(rex, resp.text)[0]
except Exception as e:
log.error('Site timed out %s', hostname)
print('{} runs on {}'.format(hostname, wp_version))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment