WP Courses LMS < 2.0.44 — Authenticated Stored XSS via 'Video Embed Code'

Introduction While reviewing WordPress learning-management plugins, I focused on inputs that render inside lesson or course pages—especially fields intended for HTML or embeds. These areas often re...

Oct 1, 2021 Infosec, CVE, Research

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

Introduction I was reviewing appointment-booking plugins to check how they render merchant-defined data back into admin/listing views. Fields like “service name,” “duration,” and “price” often look...

Oct 1, 2021 Infosec, CVE, Research

[English] OSCP Certification Exam Experience

Update: Since 2022, Offensive Security (OffSec) updated the PEN-200 materials by adding Active Directory content and removing Buffer Overflow (BoF) from the exam, so some suggestions in this post a...

Aug 27, 2021 Infosec, Certification

[Bahasa] Pengalaman Ujian Sertifikasi OSCP

Update: Semenjak tahun 2022, Offensive Security (OffSec) melakukan update terhadap materi PEN-200 dengan menambahkan materi Active Directory dan menghapus Buffer Overflow (BoF) pada exam, sehingga ...