Finding Vulnerabilities in Core WordPress

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ultimatum

http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/

Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.

WordPress generators

Taxonomy Generator Create custom Taxonomies using register_taxonomy() function. Content
Post Type Generator Create custom Post Types using register_post_type() function. Content
Post Status Generator Create custom Post Status using register_post_status() function. Content
Theme Support Generator Create custom Theme Features using add_theme_support() function. Design
Sidebar Generator Create custom Sidebars using register_sidebar() function. Design
Menu Generator Create custom Navigation Menus using register_nav_menus() function. Design
Shortcodes Generator Create custom Shortcodes using add_shortcode() function. Content
Quicktags Generator Create custom Quicktags for the WordPress text editor. Admin
Toolbar Generator Create custom Toolbar (Admin Bar) using WP_Admin_Bar class. Admin
WP_Query Generator Create custom WordPress Queries using WP_Query class. Query
WP_User_Query Generator Create custom User Queries using WP_User_Query class. Query
WP_Comment_Query Generator Create custom Comment Queries using WP_Comment_Query class. Query
wp-config.php Generator Create custom configuration settings on wp-config.php file. Core
Plugin Readme Generator Create custom readme.txt file for your WordPress plugin. Core
Schedule Cron Job Event Create custom Cron Jobs using wp_schedule_event() function. Core
Register WordPress Scripts Register custom WordPress Scripts using wp_register_script() function. Core
Register WordPress Styles Register custom WordPress Styles using wp_register_style() function. Core
oEmbed Providers Register oEmbed providers using wp_oembed_add_provider() function. Content
Theme Default Headers Generator Create custom Theme Default Headers using register_default_headers() function. Design
User Contact Methods Generator Create custom Contact Methods for WordPress user-profile. Admin
Custom Snippet Save your own WordPress snippets and share them with the world. General
Meta Box Generator Premium Create custom WordPress Meta Boxes using add_meta_box() function. Content
Widgets Generator Premium Create custom WordPress Widgets using WP_Widget class. Design
Dashboard Widgets Generator Premium Create custom Dashboard Widgets using wp_add_dashboard_widget() function. Admin

source: https://generatewp.com/generator/

WordPress plugin development:

Passing parameters from PHP to Javascripts in plugins: http://ottopress.com/2010/passing-parameters-from-php-to-javascripts-in-plugins/

How To Include CSS and jQuery in my wordpress plugin?: http://stackoverflow.com/questions/3760222/how-to-include-css-and-jquery-in-my-wordpress-plugin

Introduction to Creating Your First WordPress Widget: http://code.tutsplus.com/tutorials/introduction-to-creating-your-first-wordpress-widget–cms-22403

How To Build WordPress Widgets Like A Pro: http://premium.wpmudev.org/blog/how-to-build-wordpress-widgets-like-a-pro/

5 Tips For Using jQuery with WordPress: http://www.ericmmartin.com/5-tips-for-using-jquery-with-wordpress/

How to Include jQuery and CSS in WordPress Plugin and Theme Development?: http://masterblogster.com/how-to-include-jquery-and-css-in-wordpress-plugin-and-theme-development/

Developer FAQ: https://wordpress.org/plugins/about/faq/

Readme Standard: https://wordpress.org/plugins/about/readme.txt

PHP redirect – If WordPress blog was moved to new place

The Google indexed old site, so put this PHP script into old folder:

<?php

$foopart = “”;

foreach ( $_GET as $key => $value) {
$foopart .= $key.”=”.$value.”&”;
}

$foopart = substr($foopart, 0, -1);

header(‘Location: http://blogbook.hu/site/?’.$foopart);

?>

Change the domain in th header (‘Location: ..’) part