- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
REGEXSS Demo: How Hackers Exploit Regular Expressions in WordPress | Mat Rollings (Stealthcopter)
In this recorded episode of the Melapress Live Show, we're joined by Matthew Rollings, an Application Security Professional and bug bounty hunter, to explore a vulnerability class – RegexXSS.
Mat breaks down how developers inadvertently introduce cross-site scripting vulnerabilities by using regular expressions to manipulate sanitized HTML and why this subtle mistake has already earned him £20–30k in bug bounties across WordPress plugins.
We will cover:
- What RegexXSS is and why it's a distinct vulnerability class from standard XSS
- How WordPress's built-in sanitization can be bypassed through post-sanitization regex manipulation
- Why regex should never be used to parse or modify HTML, and what to use instead
- Real-world demo: how an attacker can exploit a regex-based deletion to inject a JavaScript payload
- The impact of XSS on WordPress admins, including silent admin account creation
- How Mat uses regex itself to hunt for RegexXSS vulnerabilities across 70,000+ WordPress plugins
This episode is for WordPress developers, plugin authors, and security-conscious site owners who want to understand a widely overlooked vulnerability class before attackers exploit it.
📒 Show notes links:
GitHub page with published reports and hacking plugin: https://github.com/stealthcopter/wordpress-hacking
WP Capture the Flag: https://wpctf.org
👤Learn more about Matthew Rollings:
LinkedIn profile: https://www.linkedin.com/in/mat-rollings
Website: https://sec.stealthcopter.com/
🎙️Learn more about the host:
Robert Abela: https://www.linkedin.com/in/robertabela/
Melapress website: https://melapress.com
Timestamps:
15:20 - What is Cross-site Scripting (XSS)?
18:41 - XSS Attack Demo
21:55 - What are Regular Expressions (Regex)?
30:00 - What is a REGEXSS vulnerability?
35:40 - REGEXSS exploitation demo
👍 Like, comment, and subscribe for weekly conversations on WordPress security, ethical hacking, and developer best practices.
#RegexXSS #XSS #CrossSiteScripting #Regex #RegularExpressions #BugBounty #WordPress #WordPressSecurity #WordPressPlugins
Видео REGEXSS Demo: How Hackers Exploit Regular Expressions in WordPress | Mat Rollings (Stealthcopter) канала Melapress
Mat breaks down how developers inadvertently introduce cross-site scripting vulnerabilities by using regular expressions to manipulate sanitized HTML and why this subtle mistake has already earned him £20–30k in bug bounties across WordPress plugins.
We will cover:
- What RegexXSS is and why it's a distinct vulnerability class from standard XSS
- How WordPress's built-in sanitization can be bypassed through post-sanitization regex manipulation
- Why regex should never be used to parse or modify HTML, and what to use instead
- Real-world demo: how an attacker can exploit a regex-based deletion to inject a JavaScript payload
- The impact of XSS on WordPress admins, including silent admin account creation
- How Mat uses regex itself to hunt for RegexXSS vulnerabilities across 70,000+ WordPress plugins
This episode is for WordPress developers, plugin authors, and security-conscious site owners who want to understand a widely overlooked vulnerability class before attackers exploit it.
📒 Show notes links:
GitHub page with published reports and hacking plugin: https://github.com/stealthcopter/wordpress-hacking
WP Capture the Flag: https://wpctf.org
👤Learn more about Matthew Rollings:
LinkedIn profile: https://www.linkedin.com/in/mat-rollings
Website: https://sec.stealthcopter.com/
🎙️Learn more about the host:
Robert Abela: https://www.linkedin.com/in/robertabela/
Melapress website: https://melapress.com
Timestamps:
15:20 - What is Cross-site Scripting (XSS)?
18:41 - XSS Attack Demo
21:55 - What are Regular Expressions (Regex)?
30:00 - What is a REGEXSS vulnerability?
35:40 - REGEXSS exploitation demo
👍 Like, comment, and subscribe for weekly conversations on WordPress security, ethical hacking, and developer best practices.
#RegexXSS #XSS #CrossSiteScripting #Regex #RegularExpressions #BugBounty #WordPress #WordPressSecurity #WordPressPlugins
Видео REGEXSS Demo: How Hackers Exploit Regular Expressions in WordPress | Mat Rollings (Stealthcopter) канала Melapress
Комментарии отсутствуют
Информация о видео
1 мая 2026 г. 8:20:19
00:58:09
Другие видео канала
How to Effectively Hide Your Login Page
Build Better WordPress Project Workflows | Jennifer Schumacher
Top Security Fears of WordPress Professionals in 2025 🚨 | Melapress Survey
Fixing the Web While Still at University
The Journey from Startup to 70+ Employees
Simple WordPress Security Wins - How to Protect Your WordPress Users' Accounts (for FREE)
Best practices for securing non-technical users in web management
Steps to Recover a Hacked Website
The Importance of Keeping Software Updated to Prevent Hacks
Making WordPress Automation Invisible for Everyday Users
Why Dev Founders Should Spend 50% of Their Time on Marketing
Why You Need Two-Factor Authentication (2FA) Now!
AI-Generated Polymorphic SEO Spam Explained
The Importance of Having a Co-Founder in Business
Melapress WordPress Security Survey 2025
Common Mistakes Agencies Make with WordPress Hosting
Beyond Caching: How WordPress Core Keeps Getting Faster | Weston Ruter (WP Engine)
The hidden costs of developing your own WordPress plugins
Understanding Data Privacy Concerns with AI in WordPress
How Speculative Loading Speeds Up WordPress
How AI Draft Replies and Sentiment Detection Speed Up Human Support
