diff --git a/lib/msf/core/exploit/http/wordpress/helpers.rb b/lib/msf/core/exploit/http/wordpress/helpers.rb
index 206b0364c7..d667ff0ebc 100644
--- a/lib/msf/core/exploit/http/wordpress/helpers.rb
+++ b/lib/msf/core/exploit/http/wordpress/helpers.rb
@@ -123,8 +123,8 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Helpers
   #
   # @param cookie [String] A valid admin session cookie
   # @return [String,nil] The nonce, nil on error
-  def wordpress_helper_get_plugin_upload_nonce(cookie)
-    uri = normalize_uri(wordpress_url_backend, 'plugin-install.php')
+  def wordpress_helper_get_plugin_upload_nonce(cookie, path = nil)
+    uri = path || normalize_uri(wordpress_url_backend, 'plugin-install.php')
     options = {
       'method'    => 'GET',
       'uri'       => uri,
@@ -134,6 +134,9 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Helpers
     res = send_request_cgi(options)
     if res && res.code == 200
       return res.body.to_s[/id="_wpnonce" name="_wpnonce" value="([a-z0-9]+)"/i, 1]
+    elsif res && res.redirect? && res.redirection
+      path = wordpress_helper_parse_location_header(res)
+      return wordpress_helper_get_plugin_upload_nonce(cookie, path)
     end
   end
 end