Plugin link: https://wordpress.org/plugins/mtouch-quiz/ Active Installs: 5,000+ Version tested: 3.1.2 CVE Reference: Waiting mTouch Quiz lets you add quizzes to your site. This plugin was designed […]
Get a bounty on a WordPress blog
I would like describe a step-by-step of my latest “appreciation program” reward on a security issue in a WordPress plugin. First things first – check […]
Events Made Easy WordPress plugin CSRF + Persistent XSS
Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Events Made Easy is a full-featured event management solution for WordPress. Events Made […]
Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part I
Very good article that I recommend you guys to read. This is part 1. http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/ Enjoy!