• For plugins may need to upload as a zip
• files are uploaded to /wp-content/uploads
• Some good content here on how to get a revshell if you can get into the management panel https://www.hackingarticles.in/wordpress-reverse-shell/

Plugins >> Themes

tldr wpscan
wpscan --update
wpscan --url <http://$IP>
wpscan --url <http://$IP>:$PORT -e vt,tt,u,ap
wpscan --url $IP --enumerate p,t,u
wpscan --url $IP --enumerate p,t,u --plugins-detection aggressive
wpscan --url $IP -e p,t,u --plugins-detection aggressive --threads 20

tldr wspcan
if xmlrpc is enabled, use this <https://github.com/relarizky/wpxploit>

# make sure you get the token from wpscan website! You will need to create a user account
wpscan --url http://<domain> --enumerate ap --plugins-detection aggressive -o websrv1/wpscan

# if https, add the --disable-tls-checks
# to enum users, add --enumerate u
# if you have a user, add --usernames <username> to brute force, -U <user list>, --passwords <wordlist like rockyou>