? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on Twitter: https://bbre.dev/tw
In this video, I’m showing you how to start hacking WordPress, how to analyse the source code of a WordPress plugin and what bugs to pay attention to to maximise your bounty.
doker-compose.yaml: https://gist.github.com/Rhynorater/9c4b285a04f1b035634da1a8bf184d12
Plugins in scope: https://ctbb.show/downloads/pluginData
Credit for creating these goes to @criticalthinkingpodcast
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:49 How to setup a local WordPress instance for testing?
01:45 How to start analysing a WordPress plugin?
09:24 Wordfence Bug Bounty Program
11:30 How can a WordPress plugin create a new endpoint in another way?
14:10 Walkthrough of a real vulnerability
Add comment