This PoC script relies of a vulnerability in WordPress systems been available from version 3.5 to version 4.0 (included) that allow a brute force attacks through xmlrpc.php file A malicious attacker might to hack a WordPress users using this vulnerability

USAGE:

./wpbruteforce.php URL usernames.txt passwords.txt

php wpbruteforce.php URL usernames.txt passwords.txt