On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform.
With WordPress adding application passwords for REST API authentication, we discuss the benefits coming with this capability in WordPress version 5.6.
We also consider the ramifications of the critical, wormable RCE bug patched by Microsoft, and how attackers are actively attacking the recent
Click here to continue reading this article.