Skip to content

burn3d0ut/wordpress-vulnerability-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
docker
docker
 
 
documentation
documentation
 
 
exploits
exploits
 
 
scripts
scripts
 
 
vulnerable-components
vulnerable-components
 
 
README.md
README.md
 
 

Repository files navigation

WordPress Vulnerability Lab

WordPress Security Docker Python

A Docker-based environment for safely testing, reproducing, and studying historical security vulnerabilities in WordPress core, plugins, and themes.

Overview

This project provides a controlled environment for security researchers, developers, and students to explore WordPress vulnerabilities in a safe, isolated setting. The lab includes:

  • Multiple WordPress versions with known security flaws
  • A collection of vulnerable components (plugins and themes)
  • Documentation describing each vulnerability
  • Exploit scripts to demonstrate the vulnerabilities
  • Docker containerization for easy setup and reset

Features

  • Isolated Environment: All vulnerabilities are contained within Docker containers, preventing any risk to your host system
  • Scalable Architecture: Easily add new WordPress versions or vulnerable components
  • Detailed Documentation: Each vulnerability includes analysis of the vulnerable code and exploitation techniques
  • Hands-on Learning: Practical examples help understand both the technical details and impact of each vulnerability

Installation

Prerequisites

  • Docker and Docker Compose
  • Git
  • Basic knowledge of command line operations

Setup Instructions

  1. Clone the repository:

    git clone https://github.com/burn3d0ut/wordpress-vulnerability-lab.git
cd wordpress-vulnerability-lab

  2. Start the environment:

    cd docker
docker-compose up -d

  3. Access the WordPress instances:

  4. Complete the WordPress setup process for each instance

  5. Install the vulnerable components from the vulnerable-components directory

Resetting the Environment

To reset the environment to its initial state:

./scripts/reset-environment.sh

Adding Vulnerable Components

Using SVN to Download Specific Plugin/Theme Versions

The WordPress plugin and theme repositories can be accessed via SVN, allowing you to download specific versions:

# For plugins
svn export https://plugins.svn.wordpress.org/plugin-name/tags/version-number plugin-name-version

# For themes
svn export https://themes.svn.wordpress.org/theme-name/version-number theme-name-version

Note: While SVN provides access to historical versions, there's no guarantee that these versions haven't been modified or sanitized after their initial release. Some vulnerabilities might have been retroactively patched in the repository.

Educational Purpose

This project is intended for educational purposes only. Use this knowledge to:

  • Understand how vulnerabilities work
  • Learn secure coding practices
  • Improve your security testing skills

Disclaimer

This lab should only be used for legitimate security research and education. Do not use these techniques against any systems without explicit permission. The author is not responsible for any misuse of the information or tools provided in this repository.

About

A Docker-based environment for testing WordPress vulnerabilities

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages