WordPress Privilege Escalation from an Editor to Administrator
This article is about how a WordPress Editor can use unfiltered HTML and some social engineering to gain administrative access to the WordPress site and pwn the server. My first observation was that editors and administrators can add unfiltered HTML and JavaScript using the custom HTML block while creating a…