Finding Vulnerabilities in Core WordPress

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ultimatum

Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.

WordPress generators

Taxonomy Generator Create custom Taxonomies using register_taxonomy() function. Content
Post Type Generator Create custom Post Types using register_post_type() function. Content
Post Status Generator Create custom Post Status using register_post_status() function. Content
Theme Support Generator Create custom Theme Features using add_theme_support() function. Design
Sidebar Generator Create custom Sidebars using register_sidebar() function. Design
Menu Generator Create custom Navigation Menus using register_nav_menus() function. Design
Shortcodes Generator Create custom Shortcodes using add_shortcode() function. Content
Quicktags Generator Create custom Quicktags for the WordPress text editor. Admin
Toolbar Generator Create custom Toolbar (Admin Bar) using WP_Admin_Bar class. Admin
WP_Query Generator Create custom WordPress Queries using WP_Query class. Query
WP_User_Query Generator Create custom User Queries using WP_User_Query class. Query
WP_Comment_Query Generator Create custom Comment Queries using WP_Comment_Query class. Query
wp-config.php Generator Create custom configuration settings on wp-config.php file. Core
Plugin Readme Generator Create custom readme.txt file for your WordPress plugin. Core
Schedule Cron Job Event Create custom Cron Jobs using wp_schedule_event() function. Core
Register WordPress Scripts Register custom WordPress Scripts using wp_register_script() function. Core
Register WordPress Styles Register custom WordPress Styles using wp_register_style() function. Core
oEmbed Providers Register oEmbed providers using wp_oembed_add_provider() function. Content
Theme Default Headers Generator Create custom Theme Default Headers using register_default_headers() function. Design
User Contact Methods Generator Create custom Contact Methods for WordPress user-profile. Admin
Custom Snippet Save your own WordPress snippets and share them with the world. General
Meta Box Generator Premium Create custom WordPress Meta Boxes using add_meta_box() function. Content
Widgets Generator Premium Create custom WordPress Widgets using WP_Widget class. Design
Dashboard Widgets Generator Premium Create custom Dashboard Widgets using wp_add_dashboard_widget() function. Admin


WordPress plugin development:

Passing parameters from PHP to Javascripts in plugins:

How To Include CSS and jQuery in my wordpress plugin?:

Introduction to Creating Your First WordPress Widget:–cms-22403

How To Build WordPress Widgets Like A Pro:

5 Tips For Using jQuery with WordPress:

How to Include jQuery and CSS in WordPress Plugin and Theme Development?:

Developer FAQ:

Readme Standard:

PHP redirect – If WordPress blog was moved to new place

The Google indexed old site, so put this PHP script into old folder:


$foopart = “”;

foreach ( $_GET as $key => $value) {
$foopart .= $key.”=”.$value.”&”;

$foopart = substr($foopart, 0, -1);



Change the domain in th header (‘Location: ..’) part