Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
2 posts ← reset filters
CVE-2026-6456 exposes a critical privilege escalation in the WordPress Account Switcher plugin through a loose comparison flaw in its REST API. Here's how it works and what to do right now.
CVE-2026-3985 exposes a high-severity SQL injection in the Creative Mail WordPress plugin via the checkout_uuid parameter, affecting all versions up to 1.6.9. Here's how it works and what to do now.