Back to directory

WRITEUP #114

Exploiting authorization by nonce in WordPress plugins

RCEArbitrary file uploadSQL injectionSecurity code review

byBartek Nowotarski

Program

Wordfence

Published

Aug 5, 2024

Added to HackDex

Aug 14, 2024

Read Full Writeuphttps://nowotarski.info/wordpress-nonce-authorization/

▸ RELATED WRITEUPS

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Spip Preauth RCE 2024: Part 2, A Big Upload

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670

SQL InjectionReverse engineering

Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle

RCESecurity code review

WordPress GiveWP POP to RCE (CVE-2024-5932)

RCEPHP pop chain

Built with ❤️ by Shubham Rawat