Update HttpClient and WordPress mixins

lib/msf/core/exploit/http/client.rb

@@ -463,10 +463,10 @@ module Exploit::Remote::HttpClient
   end
 
   # Returns the complete URI as string including the scheme, port and host
-  def full_uri
+  def full_uri(custom_uri = nil)
     uri_scheme = ssl ? 'https' : 'http'
     uri_port = rport.to_s == '80' ? '' : ":#{rport}"
-    uri = normalize_uri(target_uri.to_s)
+    uri = normalize_uri(custom_uri || target_uri.to_s)
     "#{uri_scheme}://#{rhost}#{uri_port}#{uri}"
   end
 

lib/msf/core/exploit/http/wordpress/uris.rb

@@ -92,7 +92,7 @@ module Msf::Exploit::Remote::HTTP::Wordpress::URIs
   # @return [String] Wordpress Admin Update URL
   def wordpress_url_admin_update
     normalize_uri(wordpress_url_backend, 'update.php')
-  end  
+  end
 
   # Returns the Wordpress wp-content dir URL
   #
@@ -129,4 +129,11 @@ module Msf::Exploit::Remote::HTTP::Wordpress::URIs
     normalize_uri(target_uri.path, 'xmlrpc.php')
   end
 
+  # Returns the Wordpress REST API URL
+  #
+  # @return [String] Wordpress REST API URL
+  def wordpress_url_rest_api
+    normalize_uri(target_uri.path, 'index.php/wp-json/wp/v2')
+  end
+
 end

lib/msf/core/exploit/http/wordpress/version.rb

@@ -3,7 +3,7 @@
 module Msf::Exploit::Remote::HTTP::Wordpress::Version
 
   # Used to check if the version is correct: must contain at least one dot
-  WORDPRESS_VERSION_PATTERN = '([^\r\n"\']+\.[^\r\n"\']+)'
+  WORDPRESS_VERSION_PATTERN = '(\d+\.\d+(?:\.\d+)*)'
 
   # Extracts the Wordpress version information from various sources
   #
@@ -107,10 +107,10 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Version
   private
 
   def wordpress_version_helper(url, regex)
-    res = send_request_cgi(
+    res = send_request_cgi!({
       'method' => 'GET',
       'uri' => url
-    )
+    }, 3.5)
     if res
       match = res.body.match(regex)
       return match[1] if match