1️⃣Wordpress

CMS Pentesting Guide (More Specifically WordPress Security)

Here you'll see comprehensive collection of resources dedicated to Content Management System (CMS) Pentesting and Security.

It includes a variety of tools, informative articles, detailed write-ups, and other valuable materials.

Topic	Resource
wp-scan use guide	WPScan Use Guide - YouTube
	Scan WordPress Vulnerability with WPScan - Medium
	How to Hack a WordPress Website with WPScan - Infosec Writeups
Wordpress Vulnerable Plugins	WordPress Audit Plugins - Cyllective
	Reversing WordPress CVEs: Baby Steps - Infosec Writeups
	WordPress Media Library RCE (CVE-2023-4634) - Patrowl
	High Severity Vulnerability Fixed in WordPress Elementor Pro Plugin - NinTechNet Blog
	WordPress BuddyForms Plugin: Unauthenticated Insecure Deserialization (CVE-2023-26326) - Medium
	WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security
	CVE-2021-21661: Exposing Database Info via WordPress SQL Injection - Zero Day Initiative
WordPress plugin bug bounty (WordFence)	WordPress Plugin Bug Bounty (WordFence) - NahamSec YouTube
	WordPress Plugin Bug Bounty - BugBountyReportsExplained YouTube
WordPress Pentesting	Hacking the WordPress Sites for Fun and Profit - Part 1 - Infosec Writeups
	Wordpress Pentestinf Methodology By HackTricks
	Enhancing WordPress Website Security: Automate WPScan and Receive Instant Alerts for New Vulnerabilities - Infosec Writeups
	Pwning WordPress Passwords - Infosec Writeups
	How to Get a Reverse Shell from Any WordPress - System Weakness
	P1 Bug Hunting: Exploiting Common WordPress Vulnerabilities - The Gray Area
	Advanced Level for WordPress Vulnerabilities - Hossam Shady Medium
	Hacking WordPress Server Database - System Weakness
	Hacking WordPress with Some Common Vulnerabilities - Olger346 Medium
	Leaking WordPress CSRF Tokens - Ahussam.me
	How Did I Get $200 with WordPress Vulnerability - NguHuynh Medium
	DVWP - GitHub
	ATO of WordPress Website: $4-Digit Bounty in 5 Minutes - Ritesh Gohil Medium
	Error-Based SQL Injection on a WordPress Website and Extract More Than 150k User Details - Ynoof Medium
	How I Takeover WordPress Admin - Sahruldotid Medium
Wordpress pentesting tools	Wappalyzer
	WPintel
	Wp-Scan
XMLRPC.php Exploit POC	XMLRPC.php Exploit POC - YouTube

---

All the Articles & Videos Related to the WordPress Pentesting

#	Article Title	Link
1	CVE-2021-4434: A Critical WordPress Vulnerability Exposed	Read Article
2	Scan WordPress Vulnerability with WPScan	Read Article
3	Major WordPress Vulnerability Allows Anyone to DDoS Your Website	Read Article
4	WordPress Vulnerability: DoS Flaw Could Bring Down Your Site	Read Article
5	How to Use Vulnerability Scanner Zoom	Read Article
6	How to Exploit a WordPress Plugin Vulnerability: A Case Study of TheCartPress	Read Article
7	WordPress XXE Vulnerability (CVE-2021-29447) TryHackMe	Read Article
8	Major Security Vulnerability in WordPress and Drupal Could Take Down Websites	Read Article
9	Critical Vulnerability in SEOPress WordPress Plugin Allows Hacking 100,000+ WordPress Websites	Read Article
10	Mastering WordPress Penetration Testing: A Step-by-Step Guide	Read Article
11	Disclosure: Email Address of Any WordPress User via Redacted Service	Read Article
12	How to Hack a WordPress Website with WPScan	Read Article
13	Hacking the WordPress Sites for Fun and Profit (Part 1: Water)	Read Article
14	Reversing WordPress CVEs: Baby Steps	Read Article
15	Enhancing WordPress Website Security: Automate WPScan and Receive Instant Alerts for New Vulnerabilities	Read Article
16	CVE-2019-15092: WordPress Plugin Import Export Users 1.3.0 CSV Injection	Read Article
17	Pwning WordPress Passwords	Read Article
18	How to Get a Reverse Shell from Any WordPress	Read Article
19	P1 Bug Hunting: Exploiting Common WordPress Vulnerabilities	Read Article
20	Pentesting CMS Web Applications	Read Article
21	The Business Owner's Guide to Securing a WordPress Website: Importance of Vulnerability Testing	Read Article
22	Advanced Level for WordPress Vulnerabilities	Read Article
23	Chaining IDOR and Host Header Can Takeover 1.8 Million Users Accounts	Read Article
24	How to Get Started Hacking WordPress Plugins to Earn Your First CVE	Read Article
25	Hacking WordPress Server Database	Read Article
26	Hacking WordPress: Hack the Box Preignition Walkthrough	Read Article
27	Hacking WordPress with Some Common Vulnerabilities	Read Article
28	Hacking WordPress as a Site Owner	Read Article
29	RCE (Remote Code Execution) in WordPress	Read Article
30	Leaking WordPress CSRF Tokens	Read Article
31	WordPress XSS Vulnerability	Read Article
32	Finding an RCE Gadget Chain in WordPress Core	Read Article
33	WordPress Media Library RCE (CVE-2023-4634)	Read Article
34	How Did I Get $200 with WordPress Vulnerability?	Read Article
35	High Severity Vulnerability Fixed in WordPress Elementor Pro Plugin	Read Article
36	WordPress BuddyForms Plugin Unauthenticated Insecure Deserialization (CVE-2023-26326)	Read Article
37	Bypass CSP Using WordPress by Abusing Same-Origin Method Execution	Read Article
38	WordPress Core Unauthenticated Blind SSRF	Read Article
39	WordPress Transposh: Exploiting a Blind SQL Injection via XSS	Read Article
40	WordPress Audit Plugins	Read Article
41	WordPress Object Injection Vulnerability	Read Article
42	Fuzzing WordPress Plugins	Read Article
43	Exposing Database Info via WordPress SQL Injection (CVE-2021-21661)	Read Article
44	WordPress Plugin Confusion Update Can Get You Pwned	Read Article
45	ATO of WordPress Website: $4 Digits Bounty in 5 Minutes	Read Article
46	WordPress XXE Security Vulnerability	Read Article
47	Error-Based SQL Injection on a WordPress Website and Extract More than 150k User Details	Read Article
48	WordPress CSRF to RCE	Read Article
49	How I Takeover WordPress Admin (Fiiipay)	Read Article
50	WordPress Post Type Privilege Escalation	Read Article
51	WordPress Design Flaw Leads to WooCommerce RCE	Read Article
52	WordPress Hacking Videos	YouTube Video
53	WordPress Vulnerability Exploits	YouTube Video
54	WordPress Security	YouTube Video
55	WordPress DDoS Attack	YouTube Video
56	WordPress RCE Exploitation	YouTube Video
57	WordPress Vulnerability	YouTube Video
58	WordPress Plugin Exploits	YouTube Video
59	WordPress Penetration Testing	YouTube Video
60	WordPress Security Flaws	YouTube Video
61	WordPress Vulnerability Management	YouTube Video
62	WordPress Attack Vectors	YouTube Video
63	WordPress Security Analysis	YouTube Video
64	WordPress Exploit Demonstration	YouTube Video
65	WordPress Security Testing	YouTube Video
66	WordPress Plugin Vulnerabilities	YouTube Video
67	WordPress Vulnerability Assessments	YouTube Video
68	Wordpress Pentestinf Methodology By HackTricks	Read Article