WPScan is a WordPress vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc). Features of WPScan WordPress Vulnerability Scanner Username enumeration (from author querystring and location header) Weak password cracking (multithreaded) Version enumeration (from generator meta tag) Vulnerability enumeration […]
hacking-wordpress
WordPress 2.8.3 Admin Reset Exploit
Ah it’s WordPress again, sometimes I wonder how many holes there are in WordPress. I guess a dedicated attacker could find some serious ones with the complexity of the code base. It’s suspected some of the recent high profile breaches have come from WordPress exploits. The latest one to become public is a simple but […]
WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6
[ad] Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, […]
WordPress 2.0.5 Trackback Vulnerability with Exploit
[ad] WordPress was “born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog. WordPress is fresh software, but its roots and development go back to 2001. It is a mature and stable product. We hope by […]