.png)
2 months ago
39 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello! I’m Raunak Gupta, a Security Researcher, Bug Bounty Hunter, and Computer Science student from India.
Today, I’m excited to share all the resource I documented and personally used to master WordPress Pentesting soo lessssss gooo!!!!!
1. WordPress Pentesting & Bug Bounty Blogs
2. Intentionally Vulnerable WordPress CTF
3. WordPress Pentesting Tools
4. Use WordPress Pentesting Tools at its Full Potential
5. Wordpress Common Vulnerable Plugins
6. WordPress Plugins Dedicated Bug Bounty Platform
7. All The Articles I Read on CMS Pentesting
https://chromewebstore.google.com/detail/wpintel-wordpress-vulnera/mkhmkjcbidkifopffebieonhhkondlfe
https://medium.com/hengky-sanjaya-blog/scan-wordpress-vulnerability-with-wpscan-b2de6c3de65chttps://medium.com/@Sprites/major-wordpress-vulnerability-allows-anyone-to-ddos-your-website-9007d6a12d0
https://medium.com/@thesslstore/wordpress-vulnerability-dos-flaw-could-bring-down-your-site-cde30bc4c340
https://medium.com/hengky-sanjaya-blog/how-to-use-vulnerability-scanner-zoom-b21bfb2610
https://medium.com/codex/how-to-exploit-a-wordpress-plugin-vulnerability-a-case-study-of-thecartpress-8c38236a26f4
https://medium.com/@nguhuynh.148/how-did-i-get-200-with-wordpress-vulnerability-4ce80f106709
https://medium.com/tenable-techblog/wordpress-buddyforms-plugin-unauthenticated-insecure-deserialization-cve-2023-26326-3becb5575ed8
https://medium.com/@The1netnews/major-security-vulnerability-in-wordpress-and-drupal-could-take-down-websites-http-sumo-ly-1ps8-672b1d22fd0d
https://medium.com/@Theshahid/the-business-owners-guide-to-securing-a-wordpress-website-importance-of-vulnerability-testing-and-96f05f558c8f
https://medium.com/@olger346/hacking-wordpress-with-some-common-vulnerabilities-256bd2c251f6
https://iics.medium.com/critical-vulnerability-in-seopress-wordpress-plugin-allows-hacking-100-000-wordpress-websites-f99a31c181f0
https://ynoof.medium.com/error-based-sql-injection-on-a-wordpress-website-and-extract-more-than-150k-user-details-f65f987c2cc0
https://nullr3x.medium.com/chaining-idor-and-host-header-can-takeover-18-million-of-users-account-39d402f6a79e
https://sahruldotid.medium.com/how-i-takeover-wordpress-admin-fiiipay-my-1bdede83635d
https://hossamshady.medium.com/advanced-level-for-wordpress-vulnerabilities-e93144e3a8f3
https://motasemhamdan.medium.com/wordpress-xxe-vulnerability-cve-2021-29447-tryhackme-d50fa52c039a
https://noob3xploiter.medium.com/how-to-get-started-hacking-wordpress-plugins-to-earn-your-first-cve-b31ea5e834c0
https://riteshgohil-25.medium.com/ato-of-wordpress-website-4-digits-bounty-in-5-minute-cc888c4054c9
https://arnavtripathy98.medium.com/pentesting-cms-web-applications-8b9f5c59fb6c
https://alexander-weinmann.medium.com/hacking-wordpress-as-a-site-owner-8f7187358103
https://systemweakness.com/cve-2021-4434-a-critical-wordpress-vulnerability-exposed-202b7d75dda5
https://systemweakness.com/how-to-get-a-reverse-shell-from-any-wordpress-d12e2f7a3033
https://systemweakness.com/hacking-wordpress-server-database-f6cc6c116057
https://infosecwriteups.com/mastering-wordpress-penetration-testing-a-step-by-step-guide-d99a06487486
https://infosecwriteups.com/disclosure-email-address-of-any-wordpress-user-via-redacted-service-840d569639ed
https://infosecwriteups.com/disclosure-email-address-of-any-wordpress-user-via-redacted-service-840d569639ed
https://infosecwriteups.com/how-to-hack-a-wordpress-website-with-wpscan-85481309dd73
https://infosecwriteups.com/hacking-the-wordpress-sites-for-fun-and-profit-part-1-water-7ba474ced0f8
https://infosecwriteups.com/reversing-wordpress-cves-baby-steps-1069feb50dd4
https://infosecwriteups.com/enhancing-wordpress-website-security-automate-wpscan-and-receive-instant-alerts-for-new-6ef94ab4714a
https://infosecwriteups.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection-b5cc14535787
https://infosecwriteups.com/pwning-wordpress-passwords-2caf12216956
https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/
https://www.sonarsource.com/blog/wordpress-object-injection-vulnerability/
https://www.sonarsource.com/blog/wordpress-xxe-security-vulnerability/
https://www.sonarsource.com/blog/wordpress-csrf-to-rce/
https://www.sonarsource.com/blog/wordpress-post-type-privilege-escalation/
https://www.sonarsource.com/blog/wordpress-design-flaw-leads-to-woocommerce-rce/
https://thegrayarea.tech/p1-bug-hunting-exploiting-common-wordpress-vulnerabilities-28046f85c588
https://cyberstock.info/hacking-wordpress-hack-the-box-preignition-wlakthrough-4465d65844dd?source=search_post---------3----------------------------
https://blog.evanricafort.com/2018/02/rce-remote-code-execution-in-wordpress.html
https://ahussam.me/Leaking-WordPress-CSRF-Tokens/
https://web.archive.org/web/20200929004149/https://www.mohamedharon.com/2018/08/wordpressXSS.html
https://wpscan.com/blog/finding-a-rce-gadget-chain-in-wordpress-core/
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/
https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
https://cyllective.com/blog/posts/wordpress-audit-plugins
https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html
https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress
https://www.youtube.com/watch?v=tYV4Dg8TMfY&ab_channel=GrantCollins
https://www.youtube.com/watch?v=W2d46oeN4lA&ab_channel=JamieMarsland
https://www.youtube.com/watch?v=gJ-2wDMqLrI&ab_channel=TechChip
https://www.youtube.com/watch?v=mXuBPT8jEtA&ab_channel=BePractical
https://www.youtube.com/watch?v=OWYMpt4XdBI&ab_channel=SathvikTechtuber
https://www.youtube.com/watch?v=bVSrlDtTBdI&ab_channel=CyberOpposition
https://www.youtube.com/watch?v=8AZKloj28pE&ab_channel=TheCyberMentor
https://www.youtube.com/watch?v=MBwOylzydNk&ab_channel=%CE%9ESH%CE%94%D0%98
https://www.youtube.com/watch?v=fLZQf2uCVg8&ab_channel=BugBountyPOCDisclosure
https://www.youtube.com/watch?v=OV80cB5k9zo&ab_channel=v3n0mt3ch%F0%9F%9A%A9
https://www.youtube.com/watch?v=IPKKPj4GSUo&ab_channel=BugBountyReportsExplained
https://www.youtube.com/watch?v=bX5ZnNgmegY&t=363s&ab_channel=NahamSec
https://www.youtube.com/watch?v=9gwyj4frqwc&t=726s&ab_channel=GetCyber
https://www.youtube.com/watch?v=09puahSYN1M&ab_channel=LoiLiangYang
https://www.youtube.com/watch?v=Z9QPazbfwFE&ab_channel=CertBros
https://www.youtube.com/@NahamSec/search?query=wordpress
Bengali (Bangladesh) · 
English (United States) ·