Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ultimatum

 
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web. “Part III – Ultimatum” will describe and analyze CVE-2015-5714 and CVE-2015-5715, allowing XSS attacks, as well as another privilege escalation. Both vulnerabilities are now patched, please ensure you upgrade to WordPress 4.3.1 as soon as possible.   In Part I, we showed a privilege ...