August 27, 2025

The Most Beautiful Payment Bypass - Is It Not?

Technical analysis of a payment bypass in the Prestashop integration of Stripe.

---

January 29, 2025

Privilege Escalation in Better Find and Replace Plugin

Technical analysis of a subscriber+ privilege escalation in Better Find and Replace plugin <= 1.6.7

---

November 21, 2024

Unauthenticated Arbitrary File Read in Jobify Theme

Technical analysis of an unauthenticated file read vulnerability in Jobify theme <= 4.2.3

---

May 17, 2024

Exploring the Unknown: Beneath the Surface of Unpatched WordPress SSRF

Research on additional vulnerability scenario of the root cause of WordPress Core Blind SSRF.

---

September 26, 2023

Destructuring CVE-2023-26045: NodeBB Code Execution Vulnerability

Technical analysis of CVE-2023-26045 to achieve code execution on NodeBB < 2.8.7

---

February 09, 2023

I Cracked OSWE at 18

My journey and review of AWAE/OSWE (WEB-300) by Offensive Security.

---

November 09, 2022

wpForo Forum Security Advisories

Technical analysis of multiple vulnerabilities found on wpForo Forum plugin in Wordpress.

---

October 16, 2019

Razer OTP Bypass

Technical analysis of how I was able to bypass OTP code requirement in Razer.

---