Critical Thinking - Bug Bounty Podcast Episode 55: Popping WordPress Plugins - Methodology Braindump
Jan 25, 2024
The podcast explores advanced knowledge about hacking WordPress plugins, discusses vulnerabilities in Elementor plugin, delves into handling user input and lack of access control in WordPress plugins, explores WordPress REST APIs and their exploits, discusses low install count authentication plugins and page-related code in WordPress, explores vulnerabilities in WordPress update option, delves into WordPress plugin functionality and SSRF, explores blind SSRF and XSS vulnerabilities in plugins, discusses HTML tag cleaning and attribute escaping, explores bypassing security measures and vulnerabilities in plugins, discusses WordPress security and SQL injection challenges, explores various vulnerabilities in WordPress and their exploitation, and delves into credential stealing and remote code execution vulnerabilities.
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8 9 10 11 12 13
Introduction
00:00 • 2min
Hacking WordPress Plugins: Exploiting Vulnerabilities
01:51 • 10min
Handling User Input in WordPress Plugins
11:58 • 17min
WordPress REST APIs: Accessing and Exploiting
28:49 • 9min
Low Install Count Authentication Plugins and Page-related Code in WordPress
38:04 • 14min
WordPress Update Option Vulnerabilities
51:43 • 8min
WordPress Plugin Functionality: Upload Handling, Unzipping, and SSRF
59:32 • 2min
IDMS V two, Blind SSRF, and XSS Vulnerabilities in WordPress Plugins
01:01:50 • 2min
Discussion on HTML tag cleaning and attribute escaping
01:03:52 • 2min
Bypassing Security Measures and Vulnerabilities in WordPress Plugins
01:05:52 • 4min
WordPress Security: Escaping Strings and SQL Injection
01:09:33 • 17min
WordPress Vulnerabilities and Exploits
01:26:40 • 10min
Credential Stealing and Remote Code Execution Vulnerabilities
01:36:38 • 7min