Automatically pwn the top 1000 WordPress plugins for fun, profit and school

This article is the first part of many on a Taint Analysis Tool I wrote for the PHP Programming Language. This part talks about how I make use of the tool to automatically look for vulnerabilities in the top 1000 WordPress Plugin!

Similar

The WordPress Block Patterns Resource List

Introduced to WordPress writers, theme developers and implementers in WordPress 5.5 release, Block Patterns, tested in the Gutenberg plugins since its 7.7 version, came to all WordPress sites. They open the door to be creative with blocks and make creativ... (more…)

Read more »

WordPress 4.7.2 post mortem

A few weeks ago, WordPress released version 4.7.2 to address several security vulnerabilities, including one critical one. This vulnerability allowed a remote, unauthorised attack to update web pages via the REST API. Since then, hundreds of thousands of ... (more…)

Read more »