Some useful resources for hacking WordPress and it's plugins and themes.
I have written a plugin designed to help dyanamic analysis and hacking of WordPress plugins and themes, this can be found in the plugin branch in this repo.
The reports directory contains a selection of my publicly disclosed vulnerability reports that were disclosed to bug bounty programs. I've tried to get a good cross-section of different vulnerability types.
| CVE | Bounty | Vulnerability | 📄 Report 🐍 Python PoC 🔗 Blog |
|---|---|---|---|
| CVE-2024-30509 | 11.25 AXP | SellKit Subscriber+ Arbitrary File Download | 📄 🐍 |
| CVE-2024-3242 | $469 | Brizy Contributor+ Arbitrary File Upload | 📄 🐍 |
| CVE-2024-4361 | $325 | SiteOrigin Contributor+ XSS | 📄 |
| CVE-2024-22144 | 270 AXP | GoTMLS Unauthenticated RCE | 📄 🐍 🔗 |
| CVE-2024-6386 | $1639 | WPML Contributor+ SSTI to RCE | 📄 🔗 |
| CVE-2024-4637 | $434 | Slider Revolution Contributor+ XSS | 📄 🐍 |
| CVE-2024-5153 | $361 | Starlar Elementor Addons Arbitrary Folder Deletion | 📄 🐍 |
| CVE-2024-52376 | 60 AXP | Boat Rental System Unauthenticated Arbitrary File Upload | 📄 🐍 |
| CVE-2024-50477 | 58.8 AXP | Stacks Mobile App Unauthenticated Privileged Escalation | 📄 |
These 📄 reports are in their original formats when originally submitted. Any mistakes are mine, for prettier versions please see the ones that have linked blog posts 🔗. Where I created a Python proof-of-concept script you will find it in the folder or directly by clicking on 🐍.
Feel free to reuse my Python code to help write you own PoCs, in future I may turn some of the functions into an easy-to-use library.