Researcher goes public with WordPress CSP bypass hack

John Leyden

01 June 2022 at 16:40 UTC

Updated: 01 June 2022 at 17:00 UTC

Technique skirts web security controls

A security researcher has discovered a neat, albeit partially developed, technique to bypass CSP (Content Security Policy) controls using WordPress.

The hack, discovered by security researcher Paulos Yibelo, relies on abusing same origin method execution.

This technique uses JSON padding to call a function. That’s the sort of thing that might allow the compromise of a WordPress account…

More Info


Check Also

Morphii Pro and Pro+ for WordPress Plugin Upgrades Now Available

Morphii Pro and Pro+ Plugin “Moprhii makes the feedback experience a little more fun and …

Leave a Reply

Your email address will not be published. Required fields are marked *