Proof of Concept for “viewing unauthenticated posts” in WordPress 5.2.3

A couple of days WordPress released 5.2.4 with a few security patches. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. caught my attention, but I couldn’t find a public Proof of Concept, so I set out to reverse engi… Read more


WordPress 4.7.2 post mortem

A few weeks ago, WordPress released version 4.7.2 to address several security vulnerabilities, including one critical one. This vulnerability allowed a remote, unauthorised attack to update web pages via the REST API. Since then, hundreds of thousands of ... (more…)

Read more »