A thing I noticed working day by day on WPScan’s vulnerability database is that many of the Wordpress (plugins) vulns disclosed are far less than the actual number of exploitable plugins. A quick trip on the official directory and a little browsing over the svn repositories will point out a lot of trivial bugs which might be worth an advisory. I am talking about low hanging fruits like unsophisticated xss and basic sqli.
