This Metasploit module exploits an unauthenticated arbitrary wordpress options change vulnerability in the Automatic (wp-automatic) plugin less than or equal to 3.53.2. If WPEMAIL is provided, the administrators email address will be changed. User registration is enabled, and default user role is set to administrator. A user is then created with the USER name set. A valid EMAIL is required to get the registration email (not handled in MSF).
This Metasploit module exploits an unauthenticated arbitrary wordpress options change vulnerability in the Automatic (wp-automatic) plugin less than or equal to 3.53.2. If WPEMAIL is provided, the administrators email address will be changed. User registration is enabled, and default user role is set to administrator. A user is then created with the USER name set. A valid EMAIL is required to get the registration email (not handled in MSF).