Skip to content

v1.0.0

Latest

Choose a tag to compare

@NULL200OK NULL200OK released this 18 Jul 07:40
dfe250a

WP2Shell v1.0.0

WordPress REST API Batch SQL Injection to RCE Exploit Framework


🔥 What's New

  • Initial Release - Full exploitation framework for CVE-2026-63030 / CVE-2026-60137
  • Dual RCE Paths - INTO OUTFILE (primary) + Admin Plugin Upload (fallback)
  • Auto Method Discovery - Tests POST, PUT, PATCH, DELETE automatically
  • Parallel Scanning - Multi-threaded for fast target enumeration
  • Rich Reporting - JSON + HTML reports with extracted credentials

🚀 Quick Start

git clone https://github.com/NULL200OK/wp2shell.git
cd wp2shell
pip install -r requirements.txt

echo "https://target.com" > targets.txt
python wp2shell.py targets.txt --exploit --verbose