Menu
$
Vulnerability Discovery

Security Research

Vulnerability discovery & methodology

Approach

Vulnerability Research Methodology

I find vulnerabilities by looking for trust assumptions.

Every system — software, human, AI — operates on assumptions about what inputs are valid, what users are authorized, and what data is trustworthy. Vulnerabilities exist where those assumptions don't hold.

This sounds straightforward, but it changes how you approach research. Instead of running automated scanners and triaging outputs, I ask: What does this system trust? Why? What happens when that trust is misplaced?

For WordPress plugins, that means examining how they handle user input, how they verify authorization, and where they assume database-sourced data is safe. For container security, it means questioning what the runtime trusts about the images it executes. For AI systems, it means testing what the model trusts about the prompts it receives.

The methodology stays consistent. The substrates vary.

Vulnerability Research

CVE Portfolio

Responsibly disclosed vulnerabilities in WordPress plugins, documented on NVD and MITRE.

CVSS 6.5 — SQL Injection

CVE-2025-9776

Insufficient input sanitization in CatFolders folder management queries.

 CVSS 6.4 — Stored XSS

CVE-2025-12163

User input rendered without escaping in OmniPress admin context.

 CVSS 5.3 — Missing Authorization

CVE-2025-11171

Administrative functions accessible without capability checks in Chartify.

 CVSS 5.3 — Information Exposure

CVE-2025-11174

Sensitive metadata leaked through Document Library Lite API endpoints.

 CVSS 4.3 — IDOR

CVE-2025-12030

Unauthorized access to restricted field data in ACF to REST API via predictable references.

 CVSS 4.3 — CSRF

CVE-2026-1208

Missing nonce verification in Friendly Functions for Welcart allows forged requests.
View All CVE Details →
Specializations

Security Research Focus Areas

Plugin Ecosystem

WordPress Security

The WordPress ecosystem powers over 40% of the web. My research focuses on common vulnerability patterns in plugin architecture: authorization bypasses, injection flaws, and insecure data handling.

Explore WordPress Research → Adversarial AI

AI Security

LLM jailbreaking, prompt injection, agentic AI vulnerabilities, and the psychology that makes AI systems exploitable. Testing machine trust reflexes.

Explore AI Security Research → Isolation & Escape

Container Security

Containers promised isolation. Reality delivered attack surface. Runtime vulnerabilities, escape techniques, and the gap between security assumptions and actual isolation guarantees.

Runtime attestation, runC exploits, eBPF weaponization
Zero-trust container architecture patterns
Explore Container Research → Infrastructure

Cloud Security

Cloud environments introduce complexity that creates vulnerability. Exploitation patterns in AWS, Azure, and GCP — particularly where service integrations create unexpected trust relationships.

Explore Cloud Research →
Process

Disclosure and Testing Methodology

01

Identify Trust

What does the system believe about its inputs, users, and environment?

02

Map Surface

Where can an attacker influence those trusted inputs?

03

Test Boundaries

What happens when trust is violated at the edges?

04

Verify Impact

Can the violation produce meaningful impact?

05

Disclose

Responsible disclosure with complete technical detail.

This methodology applies whether auditing a WordPress plugin or probing an AI system. Find the trust, test the trust, document what breaks.

NEW 2026 Open Source

AATMF Red Teaming Toolkit

Complete AI red teaming toolkit — automated AATMF-R risk scoring, Red-Card YAML scenarios for CI/CD, and crosswalk validation against OWASP LLM Top 10 and MITRE ATLAS.

View on GitHub →