No description, website, or topics provided.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


This project serves to demonstrate a few novel ideas for how to exploit vulnerabilities in Wordpress plugins that allows for delivering a XSS payload through a CSRF vector, and doing so by delivering the minimal viable set of code to the browser. Rather than spraying a target, we can determine the presence of a plugin on a target on demand. This allows for a more sneaky delivery of our payload.