# Wordpress Here you'll see comprehensive collection of resources dedicated to Content Management System (CMS) Pentesting and Security. It includes a variety of tools, informative articles, detailed write-ups, and other valuable materials. | **Topic** | **Resource** | | ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **wp-scan use guide** | [WPScan Use Guide - YouTube](https://www.youtube.com/watch?v=W2d46oeN4lA) | | | [Scan WordPress Vulnerability with WPScan - Medium](https://medium.com/hengky-sanjaya-blog/scan-wordpress-vulnerability-with-wpscan-b2de6c3de65c) | | | [How to Hack a WordPress Website with WPScan - Infosec Writeups](https://freedium.cfd/https://infosecwriteups.com/how-to-hack-a-wordpress-website-with-wpscan-85481309dd73) | | **Wordpress Vulnerable Plugins** | [WordPress Audit Plugins - Cyllective](https://cyllective.com/blog/posts/wordpress-audit-plugins) | | | [Reversing WordPress CVEs: Baby Steps - Infosec Writeups](https://infosecwriteups.com/reversing-wordpress-cves-baby-steps-1069feb50dd4) | | | [WordPress Media Library RCE (CVE-2023-4634) - Patrowl](https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/) | | | [High Severity Vulnerability Fixed in WordPress Elementor Pro Plugin - NinTechNet Blog](https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/) | | | [WordPress BuddyForms Plugin: Unauthenticated Insecure Deserialization (CVE-2023-26326) - Medium](https://medium.com/tenable-techblog/wordpress-buddyforms-plugin-unauthenticated-insecure-deserialization-cve-2023-26326-3becb5575ed8) | | | [WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security](https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/) | | | [CVE-2021-21661: Exposing Database Info via WordPress SQL Injection - Zero Day Initiative](https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection) | | **WordPress plugin bug bounty (WordFence)** | [WordPress Plugin Bug Bounty (WordFence) - NahamSec YouTube](https://www.youtube.com/watch?v=bX5ZnNgmegY\&t=363s\&ab_channel=NahamSec) | | | [WordPress Plugin Bug Bounty - BugBountyReportsExplained YouTube](https://www.youtube.com/watch?v=IPKKPj4GSUo\&t=906s\&ab_channel=BugBountyReportsExplained) | | **WordPress Pentesting** | [Hacking the WordPress Sites for Fun and Profit - Part 1 - Infosec Writeups](https://infosecwriteups.com/hacking-the-wordpress-sites-for-fun-and-profit-part-1-water-7ba474ced0f8) | | | [Wordpress Pentestinf Methodology By HackTricks](https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress) | | | [Enhancing WordPress Website Security: Automate WPScan and Receive Instant Alerts for New Vulnerabilities - Infosec Writeups](https://infosecwriteups.com/enhancing-wordpress-website-security-automate-wpscan-and-receive-instant-alerts-for-new-6ef94ab4714a) | | | [Pwning WordPress Passwords - Infosec Writeups](https://infosecwriteups.com/pwning-wordpress-passwords-2caf12216956) | | | [How to Get a Reverse Shell from Any WordPress - System Weakness](https://systemweakness.com/how-to-get-a-reverse-shell-from-any-wordpress-d12e2f7a3033) | | | [P1 Bug Hunting: Exploiting Common WordPress Vulnerabilities - The Gray Area](https://freedium.cfd/https://thegrayarea.tech/p1-bug-hunting-exploiting-common-wordpress-vulnerabilities-28046f85c588) | | | [Advanced Level for WordPress Vulnerabilities - Hossam Shady Medium](https://hossamshady.medium.com/advanced-level-for-wordpress-vulnerabilities-e93144e3a8f3) | | | [Hacking WordPress Server Database - System Weakness](https://freedium.cfd/https://systemweakness.com/hacking-wordpress-server-database-f6cc6c116057) | | | [Hacking WordPress with Some Common Vulnerabilities - Olger346 Medium](https://medium.com/@olger346/hacking-wordpress-with-some-common-vulnerabilities-256bd2c251f6) | | | [Leaking WordPress CSRF Tokens - Ahussam.me](https://ahussam.me/Leaking-WordPress-CSRF-Tokens/) | | | [How Did I Get $200 with WordPress Vulnerability - NguHuynh Medium](https://medium.com/@nguhuynh.148/how-did-i-get-200-with-wordpress-vulnerability-4ce80f106709) | | | [DVWP - GitHub](https://github.com/vavkamil/dvwp) | | | [ATO of WordPress Website: $4-Digit Bounty in 5 Minutes - Ritesh Gohil Medium](https://riteshgohil-25.medium.com/ato-of-wordpress-website-4-digits-bounty-in-5-minute-cc888c4054c9) | | | [Error-Based SQL Injection on a WordPress Website and Extract More Than 150k User Details - Ynoof Medium](https://ynoof.medium.com/error-based-sql-injection-on-a-wordpress-website-and-extract-more-than-150k-user-details-f65f987c2cc0) | | | [How I Takeover WordPress Admin - Sahruldotid Medium](https://sahruldotid.medium.com/how-i-takeover-wordpress-admin-fiiipay-my-1bdede83635d) | | **Wordpress pentesting tools** | [Wappalyzer](https://www.wappalyzer.com/) | | | [WPintel](https://github.com/petercunha/WPintel) | | | [Wp-Scan](https://github.com/wpscanteam/wpscan) | | **XMLRPC.php Exploit POC** | [XMLRPC.php Exploit POC - YouTube](https://www.youtube.com/watch?v=fLZQf2uCVg8\&ab_channel=BugBountyPOCDisclosure) | *** ## All the Articles & Videos Related to the WordPress Pentesting | # | Article Title | Link | | -- | --------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 1 | CVE-2021-4434: A Critical WordPress Vulnerability Exposed | [Read Article](https://systemweakness.com/cve-2021-4434-a-critical-wordpress-vulnerability-exposed-202b7d75dda5) | | 2 | Scan WordPress Vulnerability with WPScan | [Read Article](https://medium.com/hengky-sanjaya-blog/scan-wordpress-vulnerability-with-wpscan-b2de6c3de65c) | | 3 | Major WordPress Vulnerability Allows Anyone to DDoS Your Website | [Read Article](https://medium.com/@Sprites/major-wordpress-vulnerability-allows-anyone-to-ddos-your-website-9007d6a12d0) | | 4 | WordPress Vulnerability: DoS Flaw Could Bring Down Your Site | [Read Article](https://medium.com/@thesslstore/wordpress-vulnerability-dos-flaw-could-bring-down-your-site-cde30bc4c340) | | 5 | How to Use Vulnerability Scanner Zoom | [Read Article](https://medium.com/hengky-sanjaya-blog/how-to-use-vulnerability-scanner-zoom-b21bfb2610) | | 6 | How to Exploit a WordPress Plugin Vulnerability: A Case Study of TheCartPress | [Read Article](https://medium.com/codex/how-to-exploit-a-wordpress-plugin-vulnerability-a-case-study-of-thecartpress-8c38236a26f4) | | 7 | WordPress XXE Vulnerability (CVE-2021-29447) TryHackMe | [Read Article](https://motasemhamdan.medium.com/wordpress-xxe-vulnerability-cve-2021-29447-tryhackme-d50fa52c039a) | | 8 | Major Security Vulnerability in WordPress and Drupal Could Take Down Websites | [Read Article](https://medium.com/@The1netnews/major-security-vulnerability-in-wordpress-and-drupal-could-take-down-websites-http-sumo-ly-1ps8-672b1d22fd0d) | | 9 | Critical Vulnerability in SEOPress WordPress Plugin Allows Hacking 100,000+ WordPress Websites | [Read Article](https://iics.medium.com/critical-vulnerability-in-seopress-wordpress-plugin-allows-hacking-100-000-wordpress-websites-f99a31c181f0) | | 10 | Mastering WordPress Penetration Testing: A Step-by-Step Guide | [Read Article](https://infosecwriteups.com/mastering-wordpress-penetration-testing-a-step-by-step-guide-d99a06487486) | | 11 | Disclosure: Email Address of Any WordPress User via Redacted Service | [Read Article](https://infosecwriteups.com/disclosure-email-address-of-any-wordpress-user-via-redacted-service-840d569639ed) | | 12 | How to Hack a WordPress Website with WPScan | [Read Article](https://infosecwriteups.com/how-to-hack-a-wordpress-website-with-wpscan-85481309dd73) | | 13 | Hacking the WordPress Sites for Fun and Profit (Part 1: Water) | [Read Article](https://infosecwriteups.com/hacking-the-wordpress-sites-for-fun-and-profit-part-1-water-7ba474ced0f8) | | 14 | Reversing WordPress CVEs: Baby Steps | [Read Article](https://infosecwriteups.com/reversing-wordpress-cves-baby-steps-1069feb50dd4) | | 15 | Enhancing WordPress Website Security: Automate WPScan and Receive Instant Alerts for New Vulnerabilities | [Read Article](https://infosecwriteups.com/enhancing-wordpress-website-security-automate-wpscan-and-receive-instant-alerts-for-new-6ef94ab4714a) | | 16 | CVE-2019-15092: WordPress Plugin Import Export Users 1.3.0 CSV Injection | [Read Article](https://infosecwriteups.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection-b5cc14535787) | | 17 | Pwning WordPress Passwords | [Read Article](https://infosecwriteups.com/pwning-wordpress-passwords-2caf12216956) | | 18 | How to Get a Reverse Shell from Any WordPress | [Read Article](https://systemweakness.com/how-to-get-a-reverse-shell-from-any-wordpress-d12e2f7a3033) | | 19 | P1 Bug Hunting: Exploiting Common WordPress Vulnerabilities | [Read Article](https://thegrayarea.tech/p1-bug-hunting-exploiting-common-wordpress-vulnerabilities-28046f85c588) | | 20 | Pentesting CMS Web Applications | [Read Article](https://arnavtripathy98.medium.com/pentesting-cms-web-applications-8b9f5c59fb6c) | | 21 | The Business Owner's Guide to Securing a WordPress Website: Importance of Vulnerability Testing | [Read Article](https://medium.com/@Theshahid/the-business-owners-guide-to-securing-a-wordpress-website-importance-of-vulnerability-testing-and-96f05f558c8f) | | 22 | Advanced Level for WordPress Vulnerabilities | [Read Article](https://hossamshady.medium.com/advanced-level-for-wordpress-vulnerabilities-e93144e3a8f3) | | 23 | Chaining IDOR and Host Header Can Takeover 1.8 Million Users Accounts | [Read Article](https://nullr3x.medium.com/chaining-idor-and-host-header-can-takeover-18-million-of-users-account-39d402f6a79e) | | 24 | How to Get Started Hacking WordPress Plugins to Earn Your First CVE | [Read Article](https://noob3xploiter.medium.com/how-to-get-started-hacking-wordpress-plugins-to-earn-your-first-cve-b31ea5e834c0) | | 25 | Hacking WordPress Server Database | [Read Article](https://systemweakness.com/hacking-wordpress-server-database-f6cc6c116057) | | 26 | Hacking WordPress: Hack the Box Preignition Walkthrough | [Read Article](https://cyberstock.info/hacking-wordpress-hack-the-box-preignition-wlakthrough-4465d65844dd?source=search_post---------3----------------------------) | | 27 | Hacking WordPress with Some Common Vulnerabilities | [Read Article](https://medium.com/@olger346/hacking-wordpress-with-some-common-vulnerabilities-256bd2c251f6) | | 28 | Hacking WordPress as a Site Owner | [Read Article](https://alexander-weinmann.medium.com/hacking-wordpress-as-a-site-owner-8f7187358103) | | 29 | RCE (Remote Code Execution) in WordPress | [Read Article](https://blog.evanricafort.com/2018/02/rce-remote-code-execution-in-wordpress.html) | | 30 | Leaking WordPress CSRF Tokens | [Read Article](https://ahussam.me/Leaking-WordPress-CSRF-Tokens/) | | 31 | WordPress XSS Vulnerability | [Read Article](https://web.archive.org/web/20200929004149/https://www.mohamedharon.com/2018/08/wordpressXSS.html) | | 32 | Finding an RCE Gadget Chain in WordPress Core | [Read Article](https://wpscan.com/blog/finding-a-rce-gadget-chain-in-wordpress-core/) | | 33 | WordPress Media Library RCE (CVE-2023-4634) | [Read Article](https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/) | | 34 | How Did I Get $200 with WordPress Vulnerability? | [Read Article](https://medium.com/@nguhuynh.148/how-did-i-get-200-with-wordpress-vulnerability-4ce80f106709) | | 35 | High Severity Vulnerability Fixed in WordPress Elementor Pro Plugin | [Read Article](https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/) | | 36 | WordPress BuddyForms Plugin Unauthenticated Insecure Deserialization (CVE-2023-26326) | [Read Article](https://medium.com/tenable-techblog/wordpress-buddyforms-plugin-unauthenticated-insecure-deserialization-cve-2023-26326-3becb5575ed8) | | 37 | Bypass CSP Using WordPress by Abusing Same-Origin Method Execution | [Read Article](https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/) | | 38 | WordPress Core Unauthenticated Blind SSRF | [Read Article](https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/) | | 39 | WordPress Transposh: Exploiting a Blind SQL Injection via XSS | [Read Article](https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/) | | 40 | WordPress Audit Plugins | [Read Article](https://cyllective.com/blog/posts/wordpress-audit-plugins) | | 41 | WordPress Object Injection Vulnerability | [Read Article](https://www.sonarsource.com/blog/wordpress-object-injection-vulnerability/) | | 42 | Fuzzing WordPress Plugins | [Read Article](https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html) | | 43 | Exposing Database Info via WordPress SQL Injection (CVE-2021-21661) | [Read Article](https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection) | | 44 | WordPress Plugin Confusion Update Can Get You Pwned | [Read Article](https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/) | | 45 | ATO of WordPress Website: $4 Digits Bounty in 5 Minutes | [Read Article](https://riteshgohil-25.medium.com/ato-of-wordpress-website-4-digits-bounty-in-5-minute-cc888c4054c9) | | 46 | WordPress XXE Security Vulnerability | [Read Article](https://www.sonarsource.com/blog/wordpress-xxe-security-vulnerability/) | | 47 | Error-Based SQL Injection on a WordPress Website and Extract More than 150k User Details | [Read Article](https://ynoof.medium.com/error-based-sql-injection-on-a-wordpress-website-and-extract-more-than-150k-user-details-f65f987c2cc0) | | 48 | WordPress CSRF to RCE | [Read Article](https://www.sonarsource.com/blog/wordpress-csrf-to-rce/) | | 49 | How I Takeover WordPress Admin (Fiiipay) | [Read Article](https://sahruldotid.medium.com/how-i-takeover-wordpress-admin-fiiipay-my-1bdede83635d) | | 50 | WordPress Post Type Privilege Escalation | [Read Article](https://www.sonarsource.com/blog/wordpress-post-type-privilege-escalation/) | | 51 | WordPress Design Flaw Leads to WooCommerce RCE | [Read Article](https://www.sonarsource.com/blog/wordpress-design-flaw-leads-to-woocommerce-rce/) | | 52 | [WordPress Hacking Videos](https://www.youtube.com/@NahamSec/search?query=wordpress) | YouTube Video | | 53 | [WordPress Vulnerability Exploits](https://www.youtube.com/watch?v=Z9QPazbfwFE\&ab_channel=CertBros) | YouTube Video | | 54 | [WordPress Security](https://www.youtube.com/watch?v=09puahSYN1M\&ab_channel=LoiLiangYang) | YouTube Video | | 55 | [WordPress DDoS Attack](https://www.youtube.com/watch?v=9gwyj4frqwc\&t=726s\&ab_channel=GetCyber) | YouTube Video | | 56 | [WordPress RCE Exploitation](https://www.youtube.com/watch?v=bX5ZnNgmegY\&t=363s\&ab_channel=NahamSec) | YouTube Video | | 57 | [WordPress Vulnerability](https://www.youtube.com/watch?v=IPKKPj4GSUo\&ab_channel=BugBountyReportsExplained) | YouTube Video | | 58 | [WordPress Plugin Exploits](https://www.youtube.com/watch?v=OV80cB5k9zo\&ab_channel=v3n0mt3ch%F0%9F%9A%A9) | YouTube Video | | 59 | [WordPress Penetration Testing](https://www.youtube.com/watch?v=fLZQf2uCVg8\&ab_channel=BugBountyPOCDisclosure) | YouTube Video | | 60 | [WordPress Security Flaws](https://www.youtube.com/watch?v=MBwOylzydNk\&ab_channel=%CE%9ESH%CE%94%D0%98) | YouTube Video | | 61 | [WordPress Vulnerability Management](https://www.youtube.com/watch?v=8AZKloj28pE\&ab_channel=TheCyberMentor) | YouTube Video | | 62 | [WordPress Attack Vectors](https://www.youtube.com/watch?v=bVSrlDtTBdI\&ab_channel=CyberOpposition) | YouTube Video | | 63 | [WordPress Security Analysis](https://www.youtube.com/watch?v=OWYMpt4XdBI\&ab_channel=SathvikTechtuber) | YouTube Video | | 64 | [WordPress Exploit Demonstration](https://www.youtube.com/watch?v=mXuBPT8jEtA\&ab_channel=BePractical) | YouTube Video | | 65 | [WordPress Security Testing](https://www.youtube.com/watch?v=gJ-2wDMqLrI\&ab_channel=TechChip) | YouTube Video | | 66 | [WordPress Plugin Vulnerabilities](https://www.youtube.com/watch?v=W2d46oeN4lA\&ab_channel=JamieMarsland) | YouTube Video | | 67 | [WordPress Vulnerability Assessments](https://www.youtube.com/watch?v=tYV4Dg8TMfY\&ab_channel=GrantCollins) | YouTube Video | | 68 | Wordpress Pentestinf Methodology By HackTricks | [Read Article](https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress) |