This PoC script relies of a vulnerability in WordPress systems been available from version 3.5 to version 4.0 (included) that allow a brute force attacks through xmlrpc.php file A malicious attacker might to hack a WordPress users using this vulnerability
USAGE:
./wpbruteforce.php URL users.txt passwords.txt
php wpbruteforce.php URL users.txt passwords.txt