Remember WordPress? It’s been around forever, but you might be surprised to know that it powers over 43% of websites on the internet—around 810 million sites.

Breaking into bug bounty can be challenging, but exploiting WordPress is relatively straightforward. There are two bug bounty programs that pay for vulnerabilities found in WordPress plugins and themes. I started earlier this year, and I’ve already made ~$25K and submitted over 250 bugs (WordFence, PatchStack).

The WorkShop

This workshop will introduce you to getting paid for finding vulnerabilities in WordPress. It will be run in a CTF style, with walkthroughs, cheat sheets and 1-on-1 guidance for those who need it. This format allows you to choose the difficulty level and go at your own pace, making it suitable for both beginners and experienced bug hunters alike.

Join us and learn how to turn your hacking skills into cash by exploiting the world’s most popular CMS!

When & Where

Currently, this workshop is only planned for one conference but if it goes well I’d like to take it to others.