Premium Issue: How I Obtained 2 CVEs in 45 Minutes: A Guide
Discover how I found 2 CVE's over a single weekend by auditing WordPress plugins, and how you can get started.
As a security researcher, I was involved in numerous responsible disclosure engagements from 2016 to 2019, which led to the publication of over 30 CVEs. Unfortunately, when my email account was closed, I lost access to many of these records, and the write-ups were also deleted from the internet.
To compensate for this loss, I decided to challenge myself to find a few CVEs in the shortest time possible, so that I could add them to my CV. In this blog post, I'll share my experience and explain how I found two CVEs in approximately 45 minutes.
Approaches for Quick CVE Discovery
I considered several strategies for efficient vulnerability discovery, including:
Smart fuzzing open-source applications using tools like American Fuzzy Lop (AFL);
Purchasing hardware, such as routers, and auditing their web panels;
Auditing WordPress plugins for vulnerabilities.
Conducting black-box audits of random applications on the internet;
I chose option 3, as it appeared to be the most viable based on my personal experience, and it would also complement this blog post. Additionally, this approach is beginner-friendly—focusing on discovering vulnerabilities in less popular WordPress plugins.