Guides
This page contains a high-level overview of all the guides on this site. If something is not clear, or you have an idea for something that’s missing, drop a message on the discord.
Bug Bounty
There are two main WordPress bug bounty programs and a third invite only program. These companies are all competing for you to report you bugs to them, so we have a somewhat competitive marketplace which looks promising for bug bounty hunters. Over the last few months we’ve seen the bounty amounts increase and special events with increased bounties for qualifying vulns. Read more about turning your exploits into cash:
Setup
It is incredibly helpful to have a local WordPress instance to develop and test exploits against. The following guides will show you some of the ways you can set up a local environment and begin testing and debugging code:
Scanning
There is some guidance on creating and optimizing REGEX for vulnerability hunting in WordPress, these will be especially useful when tackling the REGEX challenges that are part of the wpctf.
Sources and Sinks
When hunting for bugs you need to find a way to pass data from a source that you control into a sink, something that will perform an action you can manipulate. Along the way from source to sink you will often encounter sanitizers, that will modify your input, however, these don’t always prevent an attack from getting through to a sink!
Protections
There are some protections automatically built in to WordPress to combat some of the more prevalent attacks.
Attacks
There are some attacks that are specific to PHP or WordPress that I’ve written some guidance on:
I’ve also published a load of my write-ups in a GitHub repo as they were when I submitted them to bug bounty programs. This includes any Python PoC’s I’ve written, bounty amounts and blogs etc.