Erwan

@wptavern You will have to re-check your source, the issue was not reported to Patchstack. wpscan.com/vulnerability/…

Essential Addons for Elementor Patches Critical Security Vulnerability wptavern.com/essential-addo…

Jetpack is acquiring WPScan, a WordPress vulnerability database used across the WordPress ecosystem to learn about new vulnerabilities. Read more about how we're planning to make malware data and APIs more open source for all. jetpack.com/2021/11/04/jet…

RIP Mr Sean Lock, damn your craziness will be missed :(

We're giving away a free @offsectraining OCSP (PEN-200) certification course for WPScan's 10th Birthday! 🥳 Worth $999! We will be picking one security researcher who submitted a valid vuln during 2021 via our website submission form at random on June 16th! HACK THE PLANET!!!

Covid Test Centers Leak Personal Information via WordPress API blog.wpscan.com/2021/04/09/cov…

@Bugcrowd Something attackers don't have ;D

How would you define "scope" in just 4 words?

When you report a Stored XSS (with privilege escalation risk) and vendor replies "It's not a security issue, you can install a role manager plugin." o_O

We're very excited to finally be able to assign CVE numbers for WordPress core, plugin and theme vulnerabilities.

@jpgninja @ethicalhack3r @_WPScan_ @firefart Really depends what your goal is: find 0-day, make stats of attacks etc. Easiest part is to create the HP, all the management behind is very time consuming (especially to filter already known exploits). Can continue via dm if you wish, the tweet limit is killing me already xD

@erwan_lr @ethicalhack3r @_WPScan_ @firefart Re: Approach, is it a game of: ☝🏻 False-flagging requests (ie. sending back 200's on timthumb.php reqs), or planting (presumably patched) files? ✌🏻 Logging everything (full requests, files, and all), or sifting through access_logs for novel requests?

Looking to do more vuln research in 2021. Anyone have tips on running a wordpress honeypot? Maybe the #wpscan team? /cc @_WPScan_ @firefart @erwan_lr @ethicalhack3r

@jpgninja @ethicalhack3r @_WPScan_ @firefart What are you looking for specifically ? Create honeypots and/or all the management behind ?

@ethicalhack3r @_WPScan_ @firefart @erwan_lr Ok, very cool. Thanks! Missed this before responding by dm, so if it will answer any of those questions feel free to ignore. Just trying to get a big picture understanding of the most efficient way of managing. Cheers!

@Random_Robbie Done, please send DM with questions :)

Hey @Burp_Suite, I can not reply to the support agent on the thread. Tried in FF 77.0.1 and Safari 13.1.1 :x

Fermeture de COVID3D... Après 190000 visières fournies et sans doute s'apercevant qu'il y a du fric à se faire en vendant la visière 15€ alors que les makers les offrent nos premiers de cordée ont décidé que ces visières gratuites, c'était de la merde... #OnNoublieraPas

@darryllane101 Stop the de-auth attack ;P

@i_r_eip You're welcome!

Need to fingerprint some CMS/LMS/libs for your #Pentest ?! You should just give a try to github.com/erwanlr/Finger… and thx @erwan_lr for this nice script !

@avorion That's amazing!. However, those factory's goods do not appear in the trading overview (I've sent a report about that a few days ago ;))

Missing just a few of the ingredients for your new awesome Turret? Look for Turret Factory Suppliers. These handy merchants always have a variety of items needed for turret crafting in stock! More expensive, but all in one place! #indiegames #indiedev #gamedev #Avorion #Boxelware

@syed__umar @digininja @pentestmatt @PortSwigger Just put whatever (like test) in the first field, select the Encode as Base64, then click on the Smart decode next to the generated base64 encoded text. I don't recall any time this feature worked

@digininja @pentestmatt @PortSwigger Giving some test strings which Burp wasn't able to decode might help in improvements.

@adriendb I'm glad I'm not the only one who finds that @PortSwigger Burp Suite "Smart Decode" isn't really that smart.

@darryllane101 Nah, thing is WP tries to access localhost:8000 which is not opened (WP docker runs on :80, bound to :8000 of the host). Only way so far is to bind 80 from the host to the 80 of the docker container, but not ideal :/

Anyone managed to get the WordPress Cron working with a wordpress docker image locally ? keep getting 'Your site could not complete a loopback request' and this is driving me crazy