LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Vulnerable WordPress January 2024 (Imadaddin Nasimi)

9 months ago 95
BOOK THIS SPACE FOR AD
ARTICLE AD

Onhexgroup

Github: https://github.com/onhexgroup/Vulnerable-WordPress

Today, we see the release of various vulnerabilities in various programs. If you’re a security researcher, you’re probably tempted to work on them. For example, check that vulnerability, write an exploit for it or, if possible, write a Nuclei template for it.
To do all of these things, you first need to create a lab environment for that vulnerability, and this might be the hardest step.
In order to make it easier for you and to be able to do my own research, I created a vulnerable version of WordPress that is updated monthly.
The vulnerable version contains vulnerable plugins every month that are published on the Wordfence.com website. Of course, plugins that can be downloaded through WordPress.com.
This can be useful for those working in education, exploit developers, offensive/defensive tool developers, Nuclei template developers, Bug Hunters (For example work on Wordfence bug bounty program), etc.

This edition was published in January 2024 with the title “Imadaddin Nasimi”.

Information about the installed version of WordPress:
List of the plugins
Worpress version: 6.4.3
Number of installed plugins (Clean and Vulnerable) : 171
Number of vulnerabilities: 210
Admin user: onhexgroup
Admin pass: v&fTL98vTDfuyx9qMw

Hash installer.php : B69EDC6DDB635A7F28A26640972A716C470E02D8C8F06AB39FD41063AFFE6423
Hash Vuln_plugins_January_2024.xlsx : B69EDC6DDB635A7F28A26640972A716C470E02D8C8F06AB39FD41063AFFE6423
Hash Vulnerable_WordPress_January_2024.7z : ADBD50D7D3D153C23DA622237CF6B3C44797C1E28CEF45FB7CED076EEE2CA772

Hints:
This version contains vulnerabilities, so be careful when using it.
Avoid updating plugins.
Plugins are extracted from Wordfence reports.
Plugins are not activated and only installed.
This list only includes plugins that downloadable from WordPress.org.

Install:
Download file and extract it
Create database and user database
run installer.php on browser

Video: How to install on wamp (windows)

Video: How to install on Kali (Linux)

Donate:
Bitcoin: 1HPfpSES4kpuTgJDsbsxY3iMZWsxChcZm5
Ethereum: 0xb59922b7b786d59c31B8180024dE34D3D7932fb4
Tether usd: 0xb59922b7b786d59c31B8180024dE34D3D7932fb4
BNB coin: bnb1ncm9ln8ywx8557v3d428w8z82hg97379w070e3
Monero: 44XHPK7jDMcFiL44p6sez4KBmgXrPsgnQiiV8TiKv9yAeLDJQk9ZNmKWRgfSR8efeDGrN5v3MV1p46k3hT9J5zGR6vzDGFW
Iranian

Contact us:

Site | Telegram | Twitter | youtube | Linkedin | Instagram

Read Entire Article
  3. Vulnerable WordPress January 2024 (Imadaddin Nasimi)

Related

Phishing-as-a-Service (PhaaS): “Rockstar 2FA” Targets Microsoft 365 with AiTM Attacks

Phishing-as-a-Service (PhaaS): “Rockstar 2FA” Targets Microsoft 365 with AiTM Attacks

Unmasking Open Redirect Vulnerabilities: A Real-World Discovery

Unmasking Open Redirect Vulnerabilities: A Real-World Discovery

The Ultimate Bug Bounty Roadmap Zero to Pro

The Ultimate Bug Bounty Roadmap Zero to Pro

hackthebox-Administrator-walkthrough

hackthebox-Administrator-walkthrough

Google Dorking Made Simpler with GFU

Google Dorking Made Simpler with GFU

Authentication Bypass Vulnerability :)

Authentication Bypass Vulnerability :)

Trending

1. Iga świątek
2. SSC MTS
3. Moana movie
4. Sikandar Ka Muqaddar Review
5. Cat
6. Champions Trophy 2025
7. India GDP growth rate
8. Cyclonic storm Fengal
9. SSC MTS Answer Key 2024
10. Samantha father

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved