Stuck on "Ultimatum" Machine: Need Help Identifying CVE Exploited by Attacker

Hello everyone,

I’m currently working on the “Ultimatum” machine and I’m stuck at identifying the CVE that was exploited by the attacker. The logs show multiple requests targeting xmlrpc.php and other WordPress files, which suggests an XML-RPC vulnerability.

Given these observations, I believe it might be related to an XML-RPC vulnerability, but I’m not sure if I’m on the right track. Could someone please help me identify the correct CVE or guide me on what I might be missing?

Thanks in advance for your assistance!

xmlrpc.php was used for different thing. check the victim module which was used to create a user. there are not to many CVEs for it