Open in app

Sign in

Write

Sign in

Top 25 WordPress Bug Bounty Reports

Cristian Cornea
4 min readJun 24, 2020

In this article, we will discuss WordPress security, common attacks, and present 25 disclosed reports from their public bug bounty program.

What is WordPress?

WordPress is one of the most popular Content Management Systems (CMS) in this world. It was released in 2003, and currently, it is used by over 60 million websites.

It is open-source and easy-to-use, which means that anybody can deploy a WordPress instance in less an hour.

As the underlying architecture, it is based on PHP and MySQL/MariaDB. One of the main strengths that made WordPress so popular, is the possibility of installing custom plugins and themes, which allows users to fully customize their websites depending on their needs.

Why it is vulnerable?

Read the first sentence of the third paragraph again within the above section, and you’ll get the answer.

Just kidding… or probably not, but the most vulnerable part about WordPress is not its main core, but the additional components, which include themes and plugins.

Common WordPress Attacks

Some of the most common cyber-attacks targeting WordPress-powered websites:

  • Brute-Force: the login forms…

--

--

Cristian Cornea

Written by Cristian Cornea

2.7K Followers

🥷🏻Zerotak - Cyber Security & Pentesting 🧑‍🎓CSTCE - Cyber Security Training Centre of Excellence 🦉SectionX.io - Threat Intel🧛🏼BSides Transylvania

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams