| Finding A RCE Gadget Chain In WordPress Core |
|
|
|
| XSS in WordPress via open embed auto discovery |
|
|
|
| WordPress Core - Unauthenticated Blind SSRF |
|
|
|
| WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security |
|
|
|
| Bypass CSP Using WordPress By Abusing Same Origin Method Execution |
|
|
|
| Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web |
|
|
|
| WordPress < 5.8.3 - Object Injection Vulnerability |
|
|
|
| CVE-2022-21661: Exposing Database Info Via Wordpress SQL Injection |
|
|
|
| WordPress 5.7 XXE Vulnerability |
|
|
|
| [CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up) |
|
|
|
| A subtle stored-XSS in WordPress core |
|
|
|
| WordPress 5.1 CSRF to Remote Code Execution |
|
|
|
| WordPress Privilege Escalation through Post Types |
|
|
|
| Reflected Swf XSS at ( https://plugins.svn.wordpress.org ) |
|
|
|
| Leaking WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489 |
|
|
|
| [RCE] Remote Code Execution in Wordpress iOS Application (version 9.3) |
|
|
|
| Local File XSS Vulnerability in Wordpress.com (Write Up) |
|
|
|
writeups.xyz
/
WordPress