With WordPress being as popular as it is, with and estimated 43% of websites online today using this content management system. It is super important that we as cybersecurity professionals know how to scan for vulnerabilities and protect against the many attacks these websites face on a daily basis.
In this video I will show you how to use WPScan to check for vulnerabilities, and just for fun, show you how to take advantage of a Directory Traversal to RCE vulnerability that we found in one of the outdated plugins used in this lab.
Remember to keep your WordPress sites up to date, and don’t forget to install a WAF (Web Applications Firewall).
I hope you enjoy the video, and as usual, please leave some comments!