WordPress Testing

R3zk0n ยท October 2, 2025

Network   Security
Contents

    Black Box

    • https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress

    Obtaining Source Code

    • Use WPScan to identify available plugins and then download them.
    • wp_ajax_nopriv_ โ€“> Actions that are unauthenticated
    • add_action โ€“> WordPress actions
    • wp_ajax โ€“> AJAX functions
    • https://gemfury.com/jsarnowski (Includes Elementor Pro)

    Twitter, Facebook