Wordpress Testing Checklists
- CSRF
- XSS
- SQLi
- wpscan
- xmlrpc
- autoexploit
- User Enumeration
- Bruteforce Login Page
- Change Methods
- Look for Clickjacking
- Broken Links
- Links in JS Files
- Enforcement of non-ssl urls
- Manually add parameters for open redirections
- Bruteforce plugin directories
- Upload directory
- Run active scan with spider
- Check with param miner
- Give a try with dorks
- check old time stamp fingerprints
- Links from archives
- Run nmap with vulnerable scripts enabled
- Look for webserver version and exploits
- Look for open ports and services on all ports
- host header injection on 302