Set defaults in WordpressMulticall login scanner

This login scanner would crash it was used like a normal login scanner.

MS-2007

Author: acammack-r7

lib/metasploit/framework/login_scanner/wordpress_multicall.rb

@@ -29,10 +29,10 @@ class WordpressMulticall < HTTP
 
 
         def set_default
-          self.wordpress_url_xmlrpc = 'xmlrpc.php'
-          self.block_wait = 6
-          self.base_uri = '/'
-          self.chunk_size = 1700
+          @wordpress_url_xmlrpc ||= 'xmlrpc.php'
+          @block_wait ||= 6
+          @base_uri ||= '/'
+          @chunk_size ||= 1700
         end
 
         # Returns the XML data that is used for the login.
@@ -110,6 +110,8 @@ def send_wp_request(xml)
         # @param credential [Metasploit::Framework::Credential]
         # @return [Metasploit::Framework::LoginScanner::Result]
         def attempt_login(credential)
+          set_default
+          @passwords ||= [credential.private]
           generate_xml(credential.public).each do |xml|
             send_wp_request(xml)
             req_xml = Nokogiri::Slop(xml)