CMS stands for content management system—a system used to manage and modify digital content. It supports the collaboration of multiple users, authors, and subscribers. There are a lot of CMSes being used over the internet and some of the major ones are WordPress, Joomla, PHPNuke, and AEM (Adobe Experience Manager). In this chapter, we will look into a well-known CMS, WordPress. We'll see how to perform penetration testing on this CMS.
We will cover the following topics in this chapter:
- Introduction to WordPress architecture
- WordPress reconnaissance and enumeration using Metasploit
- Vulnerability scanning for WordPress
- WordPress exploitation
- Customizing the Metasploit exploit