CVE-2025-13997: Unauthenticated API Key Disclosure in King Addons for Elementor
A King Addons for Elementor issue where API keys were exposed in rendered page source.
cve
wordpress
information-disclosure
case study
CVE-2025-13587: Two-Factor Authentication Bypass in Two Factor via Email
A WordPress 2FA plugin issue where token handling could let a user skip the email second factor.
cve
wordpress
2fa
authentication
case study
CVE-2024-6288: Reflected XSS in Conversios WooCommerce Tracking
A reflected cross-site scripting issue in the Conversios WooCommerce tracking plugin.
cve
wordpress
xss
woocommerce
case study
CVE-2023-6875: POST SMTP Mailer Authorization Bypass to Admin Account Takeover
My POST SMTP Mailer authorization bypass finding, the proof-of-concept flow, and why the impact was high.
bug bounty
cve
wordpress
case study
CVE-2023-7048: CSRF to Contact Lead Export in My Sticky Bar
A My Sticky Bar CSRF issue that could trigger contact lead CSV export from an administrator's browser.
cve
wordpress
csrf
information-disclosure
case study
dCTF 2021: Behind The Scenes
Solving a dCTF image challenge by using Depix and carefully cropping pixelated text.
ctf
dctf
forensics
writeup
dCTF 2021: Company Leak
Using ZIP internals and bkcrack to approach a nested encrypted archive challenge.
ctf
dctf
crypto
writeup
dCTF 2021: Discord PingPong
Investigating a Go Discord bot binary and recovering the path to the challenge flag.
ctf
dctf
reverse engineering
writeup
dCTF 2021: My First CTF
Notes from my first live CTF: the team, the search trail, and a few side discoveries from the weekend.
ctf
dctf
retrospective
dCTF 2021: Injection
Finding a Flask/Jinja SSTI, reading source files, and decoding the final password.
ctf
dctf
web
writeup
dCTF 2021: Leak Spin and DevOps vs SecOps
Finding two dCTF flags through GitHub pages, branches, and GitHub Actions artifacts.
ctf
dctf
osint
writeup
dCTF 2021: Simple Web
Solving a simple web challenge by changing an authorization parameter in the request.
ctf
dctf
web
writeup
dCTF 2021: Strong Password
Cracking a ZIP password with John the Ripper and learning from a command-line nuance.
ctf
dctf
crypto
writeup
dCTF 2021: This one is really basic
Solving a recursive base64 challenge with a small decoding script.
ctf
dctf
crypto
writeup
dCTF 2021: Very Secure Website
Solving a PHP loose comparison challenge with a magic hash.
ctf
dctf
web
writeup