According to foreign media reports on December 26, 14 WordPress malicious plugin discovered and deleted by the WordPress team in 2014 is still used by hundreds of websites. These malicious plug-ins may allow an attacker to execute...
WordFence security experts found that Captcha WordPress plugin that downloads as much as 300,000 times, hides a backdoor that allows potential attackers to gain administrative access to the WordPress website without requiring any authentication. Captcha...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published September 16, 2017 · Last modified February 28, 2018
Jaidam is an open source penetration testing tool that would take as input a list of domain names, scan them, determine if WordPress or Joomla platform was used and finally check them automatically, for...
Web Exploitation / WebApp PenTest
by do son · Published September 9, 2017 · Last modified November 15, 2017
WordPress is a blog platform developed using PHP language, users can support PHP and MySQL database on the server set up their own website. WordPress can also be used as a content management system...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published August 21, 2017 · Last modified October 10, 2021
CoMisSion – WhiteBox CMS analysis CoMisSion is a tool to quickly analyze a CMS setup. The tool: checks for the core version; checks for modifications made on the core (additions, alterations, deletions) with a...
Web Exploitation / WebApp PenTest
by do son · Published March 10, 2017 · Last modified December 16, 2017
Recently, WordPress team is published WordPress version 4.7.3. This version fixed some errors that existed in previous WordPress versions. On this post, I am going to analysis WordPress 4.7.2 Cross-Site Scripting (XSS) via Taxonomy...
As one of the world’s most popular blogging platforms, WordPress has millions of user groups.However, popularity is also a double-edged sword, the more popular a site, the higher the chance of receiving spam or...
Vulnerability Impact Arbitrary code execution with the following two conditions: An attacker can upload your own configuration language file, or the file containing the language themes, plug-ins folder Website attacker constructs using good language...
Secure Your Connection
