How to find more than 150 vulnerabilities in WordPress plugins installed on 15 million websites
How to find more than 150 vulnerabilities in WordPress plugins installed on 15 million websites
WordPress is the most popular open-source content management system. It can be extended with almost 60,000 plugins providing various features such as online stores, forms, analytics, or image galleries. During the talk, I will present a method to discover multiple new vulnerabilities in the plugins. I will show an open-source tool that implements this method, share the most interesting (or funny) vulnerabilities I have found, and describe how the framework could make it easier to write secure plugin code.