> For the complete documentation index, see [llms.txt](https://oreobiscuit.gitbook.io/introduction/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oreobiscuit.gitbook.io/introduction/exploiting-technologies/wordpress.md). # Wordpress Here you'll see comprehensive collection of resources dedicated to Content Management System (CMS) Pentesting and Security. It includes a variety of tools, informative articles, detailed write-ups, and other valuable materials. | **Topic** | **Resource** | | ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **wp-scan use guide** | [WPScan Use Guide - YouTube](https://www.youtube.com/watch?v=W2d46oeN4lA) | | | [Scan WordPress Vulnerability with WPScan - Medium](https://medium.com/hengky-sanjaya-blog/scan-wordpress-vulnerability-with-wpscan-b2de6c3de65c) | | | [How to Hack a WordPress Website with WPScan - Infosec Writeups](https://freedium.cfd/https://infosecwriteups.com/how-to-hack-a-wordpress-website-with-wpscan-85481309dd73) | | **Wordpress Vulnerable Plugins** | [WordPress Audit Plugins - Cyllective](https://cyllective.com/blog/posts/wordpress-audit-plugins) | | | [Reversing WordPress CVEs: Baby Steps - Infosec Writeups](https://infosecwriteups.com/reversing-wordpress-cves-baby-steps-1069feb50dd4) | | | [WordPress Media Library RCE (CVE-2023-4634) - Patrowl](https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/) | | | [High Severity Vulnerability Fixed in WordPress Elementor Pro Plugin - NinTechNet Blog](https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/) | | | [WordPress BuddyForms Plugin: Unauthenticated Insecure Deserialization (CVE-2023-26326) - Medium](https://medium.com/tenable-techblog/wordpress-buddyforms-plugin-unauthenticated-insecure-deserialization-cve-2023-26326-3becb5575ed8) | | | [WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security](https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/) | | | [CVE-2021-21661: Exposing Database Info via WordPress SQL Injection - Zero Day Initiative](https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection) | | **WordPress plugin bug bounty (WordFence)** | [WordPress Plugin Bug Bounty (WordFence) - NahamSec YouTube](https://www.youtube.com/watch?v=bX5ZnNgmegY\&t=363s\&ab_channel=NahamSec) | | | [WordPress Plugin Bug Bounty - BugBountyReportsExplained YouTube](https://www.youtube.com/watch?v=IPKKPj4GSUo\&t=906s\&ab_channel=BugBountyReportsExplained) | | **WordPress Pentesting** | [Hacking the WordPress Sites for Fun and Profit - Part 1 - Infosec Writeups](https://infosecwriteups.com/hacking-the-wordpress-sites-for-fun-and-profit-part-1-water-7ba474ced0f8) | | | [Wordpress Pentestinf Methodology By HackTricks](https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress) | | | [Enhancing WordPress Website Security: Automate WPScan and Receive Instant Alerts for New Vulnerabilities - Infosec Writeups](https://infosecwriteups.com/enhancing-wordpress-website-security-automate-wpscan-and-receive-instant-alerts-for-new-6ef94ab4714a) | | | [Pwning WordPress Passwords - Infosec Writeups](https://infosecwriteups.com/pwning-wordpress-passwords-2caf12216956) | | | [How to Get a Reverse Shell from Any WordPress - System Weakness](https://systemweakness.com/how-to-get-a-reverse-shell-from-any-wordpress-d12e2f7a3033) | | | [P1 Bug Hunting: Exploiting Common WordPress Vulnerabilities - The Gray Area](https://freedium.cfd/https://thegrayarea.tech/p1-bug-hunting-exploiting-common-wordpress-vulnerabilities-28046f85c588) | | | [Advanced Level for WordPress Vulnerabilities - Hossam Shady Medium](https://hossamshady.medium.com/advanced-level-for-wordpress-vulnerabilities-e93144e3a8f3) | | | [Hacking WordPress Server Database - System Weakness](https://freedium.cfd/https://systemweakness.com/hacking-wordpress-server-database-f6cc6c116057) | | | [Hacking WordPress with Some Common Vulnerabilities - Olger346 Medium](https://medium.com/@olger346/hacking-wordpress-with-some-common-vulnerabilities-256bd2c251f6) | | | [Leaking WordPress CSRF Tokens - Ahussam.me](https://ahussam.me/Leaking-WordPress-CSRF-Tokens/) | | | [How Did I Get $200 with WordPress Vulnerability - NguHuynh Medium](https://medium.com/@nguhuynh.148/how-did-i-get-200-with-wordpress-vulnerability-4ce80f106709) | | | [DVWP - GitHub](https://github.com/vavkamil/dvwp) | | | [ATO of WordPress Website: $4-Digit Bounty in 5 Minutes - Ritesh Gohil Medium](https://riteshgohil-25.medium.com/ato-of-wordpress-website-4-digits-bounty-in-5-minute-cc888c4054c9) | | | [Error-Based SQL Injection on a WordPress Website and Extract More Than 150k User Details - Ynoof Medium](https://ynoof.medium.com/error-based-sql-injection-on-a-wordpress-website-and-extract-more-than-150k-user-details-f65f987c2cc0) | | | [How I Takeover WordPress Admin - Sahruldotid Medium](https://sahruldotid.medium.com/how-i-takeover-wordpress-admin-fiiipay-my-1bdede83635d) | | **Wordpress pentesting tools** | [Wappalyzer](https://www.wappalyzer.com/) | | | [WPintel](https://github.com/petercunha/WPintel) | | | [Wp-Scan](https://github.com/wpscanteam/wpscan) | | **XMLRPC.php Exploit POC** | [XMLRPC.php Exploit POC - YouTube](https://www.youtube.com/watch?v=fLZQf2uCVg8\&ab_channel=BugBountyPOCDisclosure) | *** ## All the Articles & Videos Related to the WordPress Pentesting | # | Article Title | Link | | -- | --------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 1 | CVE-2021-4434: A Critical WordPress Vulnerability Exposed | [Read Article](https://systemweakness.com/cve-2021-4434-a-critical-wordpress-vulnerability-exposed-202b7d75dda5) | | 2 | Scan WordPress Vulnerability with WPScan | [Read Article](https://medium.com/hengky-sanjaya-blog/scan-wordpress-vulnerability-with-wpscan-b2de6c3de65c) | | 3 | Major WordPress Vulnerability Allows Anyone to DDoS Your Website | [Read Article](https://medium.com/@Sprites/major-wordpress-vulnerability-allows-anyone-to-ddos-your-website-9007d6a12d0) | | 4 | WordPress Vulnerability: DoS Flaw Could Bring Down Your Site | [Read Article](https://medium.com/@thesslstore/wordpress-vulnerability-dos-flaw-could-bring-down-your-site-cde30bc4c340) | | 5 | How to Use Vulnerability Scanner Zoom | [Read Article](https://medium.com/hengky-sanjaya-blog/how-to-use-vulnerability-scanner-zoom-b21bfb2610) | | 6 | How to Exploit a WordPress Plugin Vulnerability: A Case Study of TheCartPress | [Read Article](https://medium.com/codex/how-to-exploit-a-wordpress-plugin-vulnerability-a-case-study-of-thecartpress-8c38236a26f4) | | 7 | WordPress XXE Vulnerability (CVE-2021-29447) TryHackMe | [Read Article](https://motasemhamdan.medium.com/wordpress-xxe-vulnerability-cve-2021-29447-tryhackme-d50fa52c039a) | | 8 | Major Security Vulnerability in WordPress and Drupal Could Take Down Websites | [Read Article](https://medium.com/@The1netnews/major-security-vulnerability-in-wordpress-and-drupal-could-take-down-websites-http-sumo-ly-1ps8-672b1d22fd0d) | | 9 | Critical Vulnerability in SEOPress WordPress Plugin Allows Hacking 100,000+ WordPress Websites | [Read Article](https://iics.medium.com/critical-vulnerability-in-seopress-wordpress-plugin-allows-hacking-100-000-wordpress-websites-f99a31c181f0) | | 10 | Mastering WordPress Penetration Testing: A Step-by-Step Guide | [Read Article](https://infosecwriteups.com/mastering-wordpress-penetration-testing-a-step-by-step-guide-d99a06487486) | | 11 | Disclosure: Email Address of Any WordPress User via Redacted Service | [Read Article](https://infosecwriteups.com/disclosure-email-address-of-any-wordpress-user-via-redacted-service-840d569639ed) | | 12 | How to Hack a WordPress Website with WPScan | [Read Article](https://infosecwriteups.com/how-to-hack-a-wordpress-website-with-wpscan-85481309dd73) | | 13 | Hacking the WordPress Sites for Fun and Profit (Part 1: Water) | [Read Article](https://infosecwriteups.com/hacking-the-wordpress-sites-for-fun-and-profit-part-1-water-7ba474ced0f8) | | 14 | Reversing WordPress CVEs: Baby Steps | [Read Article](https://infosecwriteups.com/reversing-wordpress-cves-baby-steps-1069feb50dd4) | | 15 | Enhancing WordPress Website Security: Automate WPScan and Receive Instant Alerts for New Vulnerabilities | [Read Article](https://infosecwriteups.com/enhancing-wordpress-website-security-automate-wpscan-and-receive-instant-alerts-for-new-6ef94ab4714a) | | 16 | CVE-2019-15092: WordPress Plugin Import Export Users 1.3.0 CSV Injection | [Read Article](https://infosecwriteups.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection-b5cc14535787) | | 17 | Pwning WordPress Passwords | [Read Article](https://infosecwriteups.com/pwning-wordpress-passwords-2caf12216956) | | 18 | How to Get a Reverse Shell from Any WordPress | [Read Article](https://systemweakness.com/how-to-get-a-reverse-shell-from-any-wordpress-d12e2f7a3033) | | 19 | P1 Bug Hunting: Exploiting Common WordPress Vulnerabilities | [Read Article](https://thegrayarea.tech/p1-bug-hunting-exploiting-common-wordpress-vulnerabilities-28046f85c588) | | 20 | Pentesting CMS Web Applications | [Read Article](https://arnavtripathy98.medium.com/pentesting-cms-web-applications-8b9f5c59fb6c) | | 21 | The Business Owner's Guide to Securing a WordPress Website: Importance of Vulnerability Testing | [Read Article](https://medium.com/@Theshahid/the-business-owners-guide-to-securing-a-wordpress-website-importance-of-vulnerability-testing-and-96f05f558c8f) | | 22 | Advanced Level for WordPress Vulnerabilities | [Read Article](https://hossamshady.medium.com/advanced-level-for-wordpress-vulnerabilities-e93144e3a8f3) | | 23 | Chaining IDOR and Host Header Can Takeover 1.8 Million Users Accounts | [Read Article](https://nullr3x.medium.com/chaining-idor-and-host-header-can-takeover-18-million-of-users-account-39d402f6a79e) | | 24 | How to Get Started Hacking WordPress Plugins to Earn Your First CVE | [Read Article](https://noob3xploiter.medium.com/how-to-get-started-hacking-wordpress-plugins-to-earn-your-first-cve-b31ea5e834c0) | | 25 | Hacking WordPress Server Database | [Read Article](https://systemweakness.com/hacking-wordpress-server-database-f6cc6c116057) | | 26 | Hacking WordPress: Hack the Box Preignition Walkthrough | [Read Article](https://cyberstock.info/hacking-wordpress-hack-the-box-preignition-wlakthrough-4465d65844dd?source=search_post---------3----------------------------) | | 27 | Hacking WordPress with Some Common Vulnerabilities | [Read Article](https://medium.com/@olger346/hacking-wordpress-with-some-common-vulnerabilities-256bd2c251f6) | | 28 | Hacking WordPress as a Site Owner | [Read Article](https://alexander-weinmann.medium.com/hacking-wordpress-as-a-site-owner-8f7187358103) | | 29 | RCE (Remote Code Execution) in WordPress | [Read Article](https://blog.evanricafort.com/2018/02/rce-remote-code-execution-in-wordpress.html) | | 30 | Leaking WordPress CSRF Tokens | [Read Article](https://ahussam.me/Leaking-WordPress-CSRF-Tokens/) | | 31 | WordPress XSS Vulnerability | [Read Article](https://web.archive.org/web/20200929004149/https://www.mohamedharon.com/2018/08/wordpressXSS.html) | | 32 | Finding an RCE Gadget Chain in WordPress Core | [Read Article](https://wpscan.com/blog/finding-a-rce-gadget-chain-in-wordpress-core/) | | 33 | WordPress Media Library RCE (CVE-2023-4634) | [Read Article](https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/) | | 34 | How Did I Get $200 with WordPress Vulnerability? | [Read Article](https://medium.com/@nguhuynh.148/how-did-i-get-200-with-wordpress-vulnerability-4ce80f106709) | | 35 | High Severity Vulnerability Fixed in WordPress Elementor Pro Plugin | [Read Article](https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/) | | 36 | WordPress BuddyForms Plugin Unauthenticated Insecure Deserialization (CVE-2023-26326) | [Read Article](https://medium.com/tenable-techblog/wordpress-buddyforms-plugin-unauthenticated-insecure-deserialization-cve-2023-26326-3becb5575ed8) | | 37 | Bypass CSP Using WordPress by Abusing Same-Origin Method Execution | [Read Article](https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/) | | 38 | WordPress Core Unauthenticated Blind SSRF | [Read Article](https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/) | | 39 | WordPress Transposh: Exploiting a Blind SQL Injection via XSS | [Read Article](https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/) | | 40 | WordPress Audit Plugins | [Read Article](https://cyllective.com/blog/posts/wordpress-audit-plugins) | | 41 | WordPress Object Injection Vulnerability | [Read Article](https://www.sonarsource.com/blog/wordpress-object-injection-vulnerability/) | | 42 | Fuzzing WordPress Plugins | [Read Article](https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html) | | 43 | Exposing Database Info via WordPress SQL Injection (CVE-2021-21661) | [Read Article](https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection) | | 44 | WordPress Plugin Confusion Update Can Get You Pwned | [Read Article](https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/) | | 45 | ATO of WordPress Website: $4 Digits Bounty in 5 Minutes | [Read Article](https://riteshgohil-25.medium.com/ato-of-wordpress-website-4-digits-bounty-in-5-minute-cc888c4054c9) | | 46 | WordPress XXE Security Vulnerability | [Read Article](https://www.sonarsource.com/blog/wordpress-xxe-security-vulnerability/) | | 47 | Error-Based SQL Injection on a WordPress Website and Extract More than 150k User Details | [Read Article](https://ynoof.medium.com/error-based-sql-injection-on-a-wordpress-website-and-extract-more-than-150k-user-details-f65f987c2cc0) | | 48 | WordPress CSRF to RCE | [Read Article](https://www.sonarsource.com/blog/wordpress-csrf-to-rce/) | | 49 | How I Takeover WordPress Admin (Fiiipay) | [Read Article](https://sahruldotid.medium.com/how-i-takeover-wordpress-admin-fiiipay-my-1bdede83635d) | | 50 | WordPress Post Type Privilege Escalation | [Read Article](https://www.sonarsource.com/blog/wordpress-post-type-privilege-escalation/) | | 51 | WordPress Design Flaw Leads to WooCommerce RCE | [Read Article](https://www.sonarsource.com/blog/wordpress-design-flaw-leads-to-woocommerce-rce/) | | 52 | [WordPress Hacking Videos](https://www.youtube.com/@NahamSec/search?query=wordpress) | YouTube Video | | 53 | [WordPress Vulnerability Exploits](https://www.youtube.com/watch?v=Z9QPazbfwFE\&ab_channel=CertBros) | YouTube Video | | 54 | [WordPress Security](https://www.youtube.com/watch?v=09puahSYN1M\&ab_channel=LoiLiangYang) | YouTube Video | | 55 | [WordPress DDoS Attack](https://www.youtube.com/watch?v=9gwyj4frqwc\&t=726s\&ab_channel=GetCyber) | YouTube Video | | 56 | [WordPress RCE Exploitation](https://www.youtube.com/watch?v=bX5ZnNgmegY\&t=363s\&ab_channel=NahamSec) | YouTube Video | | 57 | [WordPress Vulnerability](https://www.youtube.com/watch?v=IPKKPj4GSUo\&ab_channel=BugBountyReportsExplained) | YouTube Video | | 58 | [WordPress Plugin Exploits](https://www.youtube.com/watch?v=OV80cB5k9zo\&ab_channel=v3n0mt3ch%F0%9F%9A%A9) | YouTube Video | | 59 | [WordPress Penetration Testing](https://www.youtube.com/watch?v=fLZQf2uCVg8\&ab_channel=BugBountyPOCDisclosure) | YouTube Video | | 60 | [WordPress Security Flaws](https://www.youtube.com/watch?v=MBwOylzydNk\&ab_channel=%CE%9ESH%CE%94%D0%98) | YouTube Video | | 61 | [WordPress Vulnerability Management](https://www.youtube.com/watch?v=8AZKloj28pE\&ab_channel=TheCyberMentor) | YouTube Video | | 62 | [WordPress Attack Vectors](https://www.youtube.com/watch?v=bVSrlDtTBdI\&ab_channel=CyberOpposition) | YouTube Video | | 63 | [WordPress Security Analysis](https://www.youtube.com/watch?v=OWYMpt4XdBI\&ab_channel=SathvikTechtuber) | YouTube Video | | 64 | [WordPress Exploit Demonstration](https://www.youtube.com/watch?v=mXuBPT8jEtA\&ab_channel=BePractical) | YouTube Video | | 65 | [WordPress Security Testing](https://www.youtube.com/watch?v=gJ-2wDMqLrI\&ab_channel=TechChip) | YouTube Video | | 66 | [WordPress Plugin Vulnerabilities](https://www.youtube.com/watch?v=W2d46oeN4lA\&ab_channel=JamieMarsland) | YouTube Video | | 67 | [WordPress Vulnerability Assessments](https://www.youtube.com/watch?v=tYV4Dg8TMfY\&ab_channel=GrantCollins) | YouTube Video | | 68 | Wordpress Pentestinf Methodology By HackTricks | [Read Article](https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress) | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://oreobiscuit.gitbook.io/introduction/exploiting-technologies/wordpress.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.