Security Links
The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users' email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. Additionally, the plugin returns authentication cookies in the response, which can be used to access the account directly.
#BINARY-EXPLOITATION
x86matthew

Blog about Windows NT.

https://www.x86matthew.com/
RET2 Wargames

Our industry-leading platform is the most effective solution for learning modern binary exploitation through a world-class curriculum developed by RET2. Acquire the skills necessary to perform independent vulnerability research.

https://wargames.ret2.systems/
Nightmare

An intro to binary exploitation / reverse engineering course based around ctf challenges.

https://guyinatuxedo.github.io/
Crackmes

This is a simple place where you can download crackmes to improve your reverse engineering skills. If you want to submit a crackme or a solution to one of them, you must register. But before that, I strongly recommend you to read the FAQ. If you have any kind of question regarding the website, a crackme, feel free to join the discord chat.

https://crackmes.one/
Modern Binary Exploitation

Course materials for Modern Binary Exploitation by RPISEC.

https://github.com/RPISEC/MBE
Offensive Security & Reverse Engineering Course

This repository is for the Offensive Security and Reverse Engineering Course. I used to teaching at Champlain College and currently sharing it for free online (check the YouTube channel for the recordings).

https://github.com/ashemery/exploitation-course
CTF Workshop

Challenges for Binary Exploitation Workshop.

https://github.com/kablaa/CTF-Workshop