Vulnerable WordPress March 2024 (Kandovan)

Github Repo: https://github.com/onhexgroup/Vulnerable-WordPress

Various vulnerabilities in different programs are discovered and reported nowadays. If you’re a security researcher, you’re interested in working on them. For example, analyzing them, writing exploits, and so on.
But to do these things, you first need to have a laboratory environment. And this might be the most challenging stage of the process.

To simplify the research process, I release a vulnerable version of WordPress. The vulnerable version includes vulnerable plugins that are collected monthly.
The vulnerable plugins are extracted from Wordfence.com reports and downloaded from the WordPress website.

The vulnerable version can be used for various purposes such as exploit development, training, developing new Nuclei templates, developing hacking tools, and participating in bug bounty programs [1,2].

We have released the March version under the name Kandovan. Below, you can see images of this version.

Worpress version: 6.4.3Number of installed plugins (Clean and Vulnerable) : 355Number of vulnerabilities: 492Admin user: onhexgroupAdmin pass: K0O9%w$V9eYaFGWL)#Hash installer.php : B1475C1FC5C7B77FD0330E380203C702C70844D924AB599AC442E8D10CAF401AHash Vuln_plugins_March_2024.xlsx : 640C665346713BC2D007AF14A99AA94DE6657CDEAA6A9FCB95D0283B6FD9AE8AHash Vulnerable_WordPress_March_2024_df0a2c31b8077aaf8348_20240407054951_archive.zip : 82A72AF648A834482646985D8A4DC24B995BFFC38ECE98F403094485F696F095The list of vulnerable plugins for this month.This version includes vulnerable plugins, so please exercise caution when using it.Do not update the plugins.The plugins have been extracted based on reports from the wordfence.com.The plugins have not been activated due to the potential for disruption.It only includes plugins that are downloadable through the WordPress website.Download the file (You can also download from Google Drive) and extract it from the compressed format.Create a database and a user for the database.Run the installer.php file in your browser.

Video: How to install on Wamp (windows)

Video: How to install on Kali (Linux)

Donate:
Bitcoin: 1HPfpSES4kpuTgJDsbsxY3iMZWsxChcZm5
Ethereum: 0xb59922b7b786d59c31B8180024dE34D3D7932fb4
Tether usd: 0xb59922b7b786d59c31B8180024dE34D3D7932fb4
BNB coin: bnb1ncm9ln8ywx8557v3d428w8z82hg97379w070e3
Monero: 44XHPK7jDMcFiL44p6sez4KBmgXrPsgnQiiV8TiKv9yAeLDJQk9ZNmKWRgfSR8efeDGrN5v3MV1p46k3hT9J5zGR6vzDGFW
Iranian

Contact us:

Site | Telegram | Twitter | youtube | Linkedin | Instagram