Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5203Local File XSS Vulnerability in Wordpress.com (Write Up) XSS WordPress Evan Ricafort (@evanricafort) Bug Bounty2015-12-212023-06-13
4853[RCE] Remote Code Execution in Wordpress iOS Application (version 9.3) RCE iOS WordPress Evan Ricafort (@evanricafort) Bug Bounty2018-02-212023-06-13
4832Leaking WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489 CSRF WordPress Abdullah Hussam (@Abdulahhusam) Bug Bounty2018-03-152023-06-13
4620Reflected Swf XSS at ( https://plugins.svn.wordpress.org ) Flash XSS Reflected XSS WordPress Mohamed Haron (@m7mdharon) Bug Bounty2018-09-072023-06-13
4490WordPress Design Flaw Leads to WooCommerce RCE RCE Automattic (WooCommerce) Simon Scannell (@scannell_simon) Bug Bounty2018-11-062023-06-13
4405WordPress Privilege Escalation through Post Types Privilege escalation Stored XSS Object injection WordPress Simon Scannell (@scannell_simon) Bug Bounty2018-12-172023-06-13
4389How I Takeover Wordpress Admin fiiipay.my Account takeover CMS default files FiiiPay Syahrul Akbar Rohmani (@sahruldotid) Bug Bounty2018-12-282023-06-13
4324Reverse RDP Attack: Code Execution on RDP Clients Path traversal Microsoft Eyal Itkin Bug Bounty2019-02-052023-06-13
4252WordPress 5.1 CSRF to Remote Code Execution CSRF RCE HTML injection WordPress Simon Scannell (@scannell_simon) Bug Bounty2019-03-132023-06-13
3931H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress Stored XSS SQL injection Uber Julien Ahrens (@MrTuxracer) Bug Bounty2019-09-102023-06-13
3532Misconfigured WordPress takeover to Remote Code Execution Wordpress takeover RCE Security misconfiguration NA Smaran Chand (@smaranchand) Bug Bounty2020-04-222023-06-13
3382A subtle stored-XSS in WordPress core Stored XSS RCE WordPress Sam Thomas (@_s_n_t) Bug Bounty2020-06-172023-06-13
3073Error-Based SQL Injection on a WordPress website and extract more than 150k user details SQL injection NA Ynoof Alassiri Bug Bounty2020-10-272023-06-13
2983[CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up) Stored XSS WordPress Evan Ricafort (@evanricafort) Bug Bounty2020-12-062023-06-13
2603WordPress 5.7 XXE Vulnerability XXE WordPress Sonar (@SonarSource) Bug Bounty2021-04-272023-06-13
2281ATO of WordPress Website “4 digits €€€€ Bounty in 5 Minute!” Exposed registration page Account takeover NA Ritesh Gohil (@RiteshG37659480) Bug Bounty2021-08-292023-06-13
2048WordPress Plugin Confusion: How an update can get you pwned Supply chain attack WordPress plugin confusion WordPress theme confusion NA Kamil Vavra (@vavkamil) Bug Bounty2021-11-252023-06-13
1926Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more RCE Microsoft Gabriel Sztejnworcel (@sztejnworcel) Bug Bounty2022-01-112023-06-13
1908CVE-2022-21661: Exposing Database Info Via Wordpress SQL Injection SQL injection WordPress ngocnb Bug Bounty2022-01-182023-06-13
1857A technique to semi-automatically find vulnerabilities in WordPress plugins XSS SQL injection Open redirect CSRF NA kazet (@kazet1234) Bug Bounty2022-02-032023-06-13
1836WordPress < 5.8.3 - Object Injection Vulnerability Object injection RCE WordPress Simon Scannell (@scannell_simon) Bug Bounty2022-02-082023-06-13
1539Research: Auditing WordPress Plugins SQL injection LFI XSS RCE NA cy//ective (@cyllective) Bug Bounty2022-05-202023-06-13
1537Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web Account takeover Pre-hijacking attack Dropbox Meta / Facebook LinkedIn WordPress Zoom Avinash Sudhodanan (@sudoavi) Bug Bounty2022-05-202023-06-13
1509Bypass CSP Using WordPress By Abusing Same Origin Method Execution CSP bypass Same Origin Method Execution WordPress Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-05-292023-06-13
1453That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability RCE Microsoft Gabriel Sztejnworcel (@sztejnworcel) Bug Bounty2022-06-162023-06-13