Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress

On this week's episode of Think Like a Hacker, we chat about the cross-site request forgery vulnerability found in the Child Theme Creator by Orbisius and how attackers could potentially use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform. We also discuss the benefits of adding application passwords for REST API authentication planned for WordPress version 5.6.

We also consider the ramifications of the critical, wormable RCE bug patched by Microsoft, and how attackers are actively attacking the recent zerologon vulnerability that was patched in August.