wp-plugin-rest-auth-bypass

Community

Find unauthenticated write access in WP plugin REST endpoints.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

WordPress plugins often expose unauthenticated state-changing REST API endpoints that standard WordPress security scans miss, allowing attackers to publish unauthorized content, modify site settings, or leak sensitive data without valid credentials.

Core Features & Use Cases

  • Plugin Namespace Enumeration: Discovers all third-party plugin REST namespaces on a target WordPress site, filtering out core WordPress namespaces to focus on custom plugin routes.
  • Route Mapping & Vulnerability Identification: Maps all routes for each plugin namespace and flags unauthenticated POST, PUT, PATCH, and DELETE endpoints that accept requests without authentication.
  • Exploit Validation: Tests identified endpoints for common exploit vectors including unauthorized content publishing, settings modification, and hidden endpoint data leakage.
  • Use Case: For penetration testers assessing WordPress site security, this skill quickly finds exploitable plugin REST API flaws that would be missed by generic WordPress vulnerability scanners.

Quick Start

Use this skill to scan a target WordPress site for unauthenticated write access in plugin REST API endpoints and validate potential exploitability.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: wp-plugin-rest-auth-bypass
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#wp-plugin-rest-auth-bypass

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.