Member-only story
THM - Wordpress: CVE-2021–29447
5 min readApr 11, 2025
A writeup for the room Wordpress: CVE-2021–29447 on TryHackMe
1. Use the vulnerability CVE-2021–29447 to read the wordpress configuration file.
There is a WordPress instance running on port 80 of the machine.
We can go to the login page, it is the standard path for a WordPress blog.
MACHINE_IP/wp-login.php
Login using the credentials given in the room description.
test-corp:test
Once inside, we can check that the server is running WordPress 5.6.2 and we have the permission to…
