WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
Continue reading “How to perform and mitigate a WordPress session donation attack”
☆ Not an expert. Probably wrong.
WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
Continue reading “How to perform and mitigate a WordPress session donation attack”