WordPress plugin "Profile Builder Pro" (versions before 3.14.5) is susceptible to Unauthenticated PHP Object Injection (CVE-2026-7647). In this blog post, we discuss how we discovered and exploited the vulnerability using a novel POP chain, how AI helped in the process, taking a final look at targets in the wild.
Introduction Happy 2026, two months late and with a new design for my blog! 🥳 It had been quite a while since I last posted anything on my blog, and recently I have been trying to find a function...
Multiple vulnerabilities in vtenext 25.02.1 and prior versions allow unauthenticated attackers to bypass authentication through three separate vectors, ultimately leading to remote code execution on the underlying server.
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.
Having well-organized notes is crucial for penetration testing, OSCP preparation and exams, CTFs, etc. They help you quickly identify previously exploited vulnerabilities and map the interconnections between machines within a network. In this video, I'll show you how I take effective notes using Obsidian's Canvas and Excalidraw, and how I structure them.
This blog post shows a recent penetration test I performed for some customers' Salesforce applications (also called Salesforce Communities), in which I exploited some common and other lesser-known flaws, which eventually led to an account takeover vulnerability. I will show some plugins and in-depth techniques to facilitate the enumeration of the target and the discovery of these flaws, and I will link to other excellent resources that I have found very useful for delving into the Salesforce attack surface and on which I have relied to conduct tests and write this article.
Let's have a chat with the guys from Meethack Torino. We talk about the communities in Italy, what the activities are, but also the difficulties and successes.
In this video, we discuss a CVE recently discovered by Mattia (0xbro). The CVE in question is CVE-2023-47444, and was found in opencart, an open source e-commerce written in PHP.
In OpenCart versions 4.0.0.0 to 4.0.2.3, authenticated backend users having common/security access and modify privileges can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
This article presents the analysis of Digital Private Vault Android application, highlighting some bad practices and vulnerabilities in the product that can be exploited to completely subvert the purpose of the vault, finally exposing the secrets stored inside it.