WordPress Supply Chain Attack

OWASP Czech Chapter Meeting

Novel attack vector affecting WordPress websites. This talk will focus on the research from the beginning, explaining the motivation and exploration phase. A new scanner tool will be released, along with the Docker container for local testing. Lastly, you will get a chance to see the redacted results from the bug bounty hunting, recon process, and struggle with triage of the reports. TBU, currently still a 0day :)

---

Write-up

• WordPress Plugin Confusion: How an update can get you pwned

Slides

• https:/vavkamil.cz/assets/slides/2021-11-25-wordpress-supply-chain.pdf