A Hacker’s Tale: Finding 10x CVEs in WordPress Plugins

11 months ago 90

Hello Researchers,

Welcome back to my Medium blog, where I share my experiences and knowledge on all things related to cybersecurity. As a security researcher, I have always been fascinated by the concept of CVEs and how they can help improve the security of software applications. In this article, I want to talk about my journey of finding CVEs in WordPress plugins, a popular platform that powers more than 40% of all websites on the internet.

As you may know, WordPress plugins are widely used to enhance the functionality of WordPress sites. However, with the increasing number of plugins available, the chances of vulnerabilities in these plugins also increase. Therefore, it is crucial to identify and report these vulnerabilities to ensure the security of WordPress sites.

In this article, I will share how I got started in CVE hunting, how I chose my target and plugin details, and my experience of finding vulnerabilities in WordPress plugins. I hope my journey will inspire you to start your own CVE hunting journey and contribute to improving the security of software applications. So, let’s dive in!

What is CVE?

A CVE, or Common Vulnerabilities and Exposures, is a unique identifier assigned to a cybersecurity vulnerability or exposure. It helps security researchers and organizations to identify and track vulnerabilities, prioritize work, and ensure that they are addressing the most critical vulnerabilities first. The CVE List is maintained by the MITRE Corporation and is widely used by the cybersecurity community as a standard reference for vulnerabilities and exposures.

My Journey of Finding CVEs in WordPress Plugins:

As a security researcher, one of my biggest dreams was to get CVEs on my name. I always wondered how to achieve this goal, and after reading several blogs, I finally found one good blog by Swapnil Bodekar — “How I was able to find out my 1st CVE in the WordPress plugin🎉🎉🎉”.

After reading the blog that inspired me to start my own CVE hunting journey, I installed WordPress locally and began randomly installing plugins like Yoast SEO, Jetpack, Contact Form 7, and WPForms in hopes of finding vulnerabilities. Unfortunately, my efforts did not yield any results. It was only later that I realized these plugins were widely used and more secure than others, prompting me to change my approach.

During my college placement days, I came across a company called “miniOrange” where some of my friends had been placed. I knew that they were creating WordPress plugins, so without wasting any time, I quickly installed their plugins and started hunting for vulnerabilities. (Read Swapnil Bodekar’s blog to learn how to install WordPress and Plugins.)

I knew that XSS vulnerability was the easiest to find, so I started entering XSS payloads in every input field of the plugin. Soon enough, I discovered that these plugins were indeed vulnerable to XSS vulnerabilities. This discovery helped me to secure these plugins and get CVEs on my name.

Discovered 10x CVEs : https://wpscan.com/search?text=niraj

To report vulnerabilities in WordPress plugins, you can visit https://wpscan.com/submit and submit your findings. The WordPress team will then validate your submission and assign a CVE number if the vulnerability is deemed valid.

In conclusion, finding CVEs in WordPress plugins requires a lot of patience, dedication, and the right approach. By changing my strategy and targeting lesser-known plugins, I was able to achieve my goal. I hope that my journey has inspired you to start your own CVE hunting journey and that you will find success in your endeavors.

If you need any help or want to connect, you can connect with me via LinkedIn.

I hope it will help you in your Bug Hunting and Cyber Security Journey !!

Thanks for Reading !!😊


Read Entire Article