Introducing WPHackCebola, the CloudFest 2023 Codeable experts hackathon project.
Designed to enhance your website’s security, WPHackCebola uses dynamic analysis to detect potential security vulnerabilities in WordPress installations running within containers.
Inspired by the wpgarlic proof-of-concept article, we’ve taken our approach further by simulating bogus requests and identifying where they produce unexpected output.
How it works
With our dynamic tool, you can test your website against vulnerabilities that may exist within your plugins.
Our PHP command analyzes your plugin’s behavior and the data it accesses, including GET and POST parameters. We then inject our tool into your plugin’s cores, allowing us to intercept and retrieve data, send requests, and intercept function properties and return values. This helps us detect any unescaped output or leaked internal data, providing you with greater protection against potential security threats.
Created with ❤ by Codeable Experts @ CloudFest Hackathon 2023
Proudly powered by WordPress and hosted on Indystack