tldr; On their own, these two vulnerabilities in JupiterX Core wouldn’t have been very impactful or likely to get a bounty; but by chaining them together, the exploit could be escalated from a simple SVG upload to full Remote Code Execution (RCE).

tldr; Server-Side Template Injection (SSTI) is one of my favorite vulnerabilities, but rarely do I see it outside of CTF competitions… The WPML Multilingual CMS Plugin for WordPress used by over 1 million sites is susceptible to an Authenticated (Contributor+) Remote Code Execution (RCE) vulnerability through a Twig server-side template injection.

tldr; Reported ~300 vulns in WordPress plugins and themes, made about ~$27k. Have made some of my write-ups public and am working on a WordPress hacking workshop as an introduction to bug bounty.

Unauthenticated Remote Code Execution (RCE) by chaining multiple vulnerabilities in the Anti-Malware Security and Brute-Force Firewall GOTMLS WordPress Plugin

The Ninja Forms Contact Form Plugin for WordPress is susceptible to an SQL injection vulnerability when processing data export requests.