Finding Vulnerabilities in Core WordPress

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ultimatum

http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/

Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.

WordPress generators

Taxonomy Generator Create custom Taxonomies using register_taxonomy() function. Content
Post Type Generator Create custom Post Types using register_post_type() function. Content
Post Status Generator Create custom Post Status using register_post_status() function. Content
Theme Support Generator Create custom Theme Features using add_theme_support() function. Design
Sidebar Generator Create custom Sidebars using register_sidebar() function. Design
Menu Generator Create custom Navigation Menus using register_nav_menus() function. Design
Shortcodes Generator Create custom Shortcodes using add_shortcode() function. Content
Quicktags Generator Create custom Quicktags for the WordPress text editor. Admin
Toolbar Generator Create custom Toolbar (Admin Bar) using WP_Admin_Bar class. Admin
WP_Query Generator Create custom WordPress Queries using WP_Query class. Query
WP_User_Query Generator Create custom User Queries using WP_User_Query class. Query
WP_Comment_Query Generator Create custom Comment Queries using WP_Comment_Query class. Query
wp-config.php Generator Create custom configuration settings on wp-config.php file. Core
Plugin Readme Generator Create custom readme.txt file for your WordPress plugin. Core
Schedule Cron Job Event Create custom Cron Jobs using wp_schedule_event() function. Core
Register WordPress Scripts Register custom WordPress Scripts using wp_register_script() function. Core
Register WordPress Styles Register custom WordPress Styles using wp_register_style() function. Core
oEmbed Providers Register oEmbed providers using wp_oembed_add_provider() function. Content
Theme Default Headers Generator Create custom Theme Default Headers using register_default_headers() function. Design
User Contact Methods Generator Create custom Contact Methods for WordPress user-profile. Admin
Custom Snippet Save your own WordPress snippets and share them with the world. General
Meta Box Generator Premium Create custom WordPress Meta Boxes using add_meta_box() function. Content
Widgets Generator Premium Create custom WordPress Widgets using WP_Widget class. Design
Dashboard Widgets Generator Premium Create custom Dashboard Widgets using wp_add_dashboard_widget() function. Admin

source: https://generatewp.com/generator/

WordPress plugin development:

Passing parameters from PHP to Javascripts in plugins: http://ottopress.com/2010/passing-parameters-from-php-to-javascripts-in-plugins/

How To Include CSS and jQuery in my wordpress plugin?: http://stackoverflow.com/questions/3760222/how-to-include-css-and-jquery-in-my-wordpress-plugin

Introduction to Creating Your First WordPress Widget: http://code.tutsplus.com/tutorials/introduction-to-creating-your-first-wordpress-widget–cms-22403

How To Build WordPress Widgets Like A Pro: http://premium.wpmudev.org/blog/how-to-build-wordpress-widgets-like-a-pro/

5 Tips For Using jQuery with WordPress: http://www.ericmmartin.com/5-tips-for-using-jquery-with-wordpress/

How to Include jQuery and CSS in WordPress Plugin and Theme Development?: http://masterblogster.com/how-to-include-jquery-and-css-in-wordpress-plugin-and-theme-development/

Developer FAQ: https://wordpress.org/plugins/about/faq/

Readme Standard: https://wordpress.org/plugins/about/readme.txt

PHP redirect – If WordPress blog was moved to new place

The Google indexed old site, so put this PHP script into old folder:

<?php

$foopart = “”;

foreach ( $_GET as $key => $value) {
$foopart .= $key.”=”.$value.”&”;
}

$foopart = substr($foopart, 0, -1);

header(‘Location: http://blogbook.hu/site/?’.$foopart);

?>

Change the domain in th header (‘Location: ..’) part

Cutlass WordPress Starter Theme

Cutlass is a WordPress Starter Theme with the power of Laravel’s Blade templating engine included, allowing you to develop WordPress sites more quickly then you ever have before. It includes HTML5 syntax, Bootstrap and Font Awesome by default.

project page: http://cutlasswp.com/