Automatically pwn the top 1000 WordPress plugins for fun, profit and school

This article is the first part of many on a Taint Analysis Tool I wrote for the PHP Programming Language. This part talks about how I make use of the tool to automatically look for vulnerabilities in the top 1000 WordPress Plugin!

Read full article

Similar

The WordPress Block Patterns Resource List

Introduced to WordPress writers, theme developers and implementers in WordPress 5.5 release, Block Patterns, tested in the Gutenberg plugins since its 7.7 version, came to all WordPress sites. They open the door to be creative with blocks and make creativ... (more…)

#StopMullware – On the Security of WordPress

This is the story of how I failed to proactively prevent every WordPress blog on the Internet from ever being conscripted into a Mirai-like… (more…)

Hosting WordPress on Heroku? Think Again

Ever think about hosting WordPress sites on Heroku? Think again. Here is some of my thoughts on Heroku WordPress hosting.

WordPress 4.7.2 post mortem

A few weeks ago, WordPress released version 4.7.2 to address several security vulnerabilities, including one critical one. This vulnerability allowed a remote, unauthorised attack to update web pages via the REST API. Since then, hundreds of thousands of ... (more…)

WordPress development on steroids – CLI, ES6, Webpack and much more

Tonik is a WordPress Starter Theme which aims to modernize, organize and enhance some aspects of WordPress theme development. (more…)

Latest News

Django RestQL

Rust crate for simple cloudstorage functions

How to Fit Models to Data in Python