Blog

Things I write (sometimes with the help of AI 🤖)

2026

2026-05-24 CVE-2026-8679: AudioIgniter IDOR Exposes Private Playlist Data (CVSS 7.5)
2026-05-24 CVE-2026-9011: Ditty Plugin Exposes Non-Public Content to Anyone (CVSS 7.5)
2026-05-19 CVE-2026-8719: AI Engine Privilege Escalation via MCP OAuth (CVSS 8.8)
2026-05-18 CVE-2026-6403: Unauthenticated File Read in Quick Playground (CVSS 7.5)
2026-05-17 CVE-2026-5229: Form Notify Auth Bypass via LINE OAuth Callback (CVSS 9.8)
2026-05-16 CVE-2026-4094: FOX Currency Switcher Config Deletion (CVSS 8.1)
2026-05-15 CVE-2026-3718: ManageWP Worker Unauthenticated Stored XSS (CVSS 7.2)
2026-05-14 CVE-2026-6271: Unauthenticated RCE in Career Section Plugin (CVSS 9.8)
2026-05-13 CVE-2026-8181: Auth Bypass to Admin Takeover in Burst Statistics Plugin (CVSS 9.8)
2026-05-12 CVE-2026-3892: Motors Plugin Arbitrary File Deletion (CVSS 8.1)
2026-05-11 CVE-2026-5395: Fluent Forms <= 6.2.0 IDOR Exposes Form Entries (CVSS 8.2)
2026-05-10 CVE-2026-7330: Stored XSS in Auto Affiliate Links Plugin
2026-05-09 CVE-2026-6929: JoomSport Unauthenticated SQL Injection (CVSS 7.5)
2026-05-08 CVE-2026-5396: Fluent Forms Authorization Bypass via form_id (CVSS 8.2)
2026-05-07 CVE-2026-42668: Omnisend WooCommerce Account Takeover (CVSS 7.5)
2026-05-06 CVE-2026-4029: Unauthenticated DB Export in WP Database Backup (CVSS 7.5)
2026-05-05 CVE-2026-6320: Arbitrary File Read in Salon Booking System
2026-05-04 CVE-2026-5324: Unauthenticated XSS in Brizy Page Builder
2026-05-03 CVE-2026-5063: Stored XSS in NEX-Forms via Form Submission
2026-05-02 CVE-2026-4019: Unauthenticated Private Post Content Disclosure In Complianz Plugin
2026-05-01 CVE-2026-31431: Copy Fail — A Decade-Old Linux Kernel Privilege Escalation
2026-04-30 CVE-2026-6741: Critical Privilege Escalation in LatePoint Plugin (CVSS 8.8)
2026-04-29 CVE-2026-5364: Unauthenticated Arbitrary PHP Upload in CF7 Drag and Drop Plugin
2026-04-28 CVE-2026-6393: Authenticated Missing Authorization in BetterDocs Plugin
2026-04-27 CVE-2026-5428: Authenticated Stored XSS in Royal Elementor Addons Plugin
2026-04-26 Mailpit: Capture & Inspect Emails Locally for WordPress, Laravel, and PHP
2026-04-25 CVE-2026-3844: Unauthenticated Arbitrary File Upload To RCE in Breeze Cache Plugin (CVSS 9.8)
2026-04-24 CVE-2026-4388: Unauthenticated Stored XSS in Form Maker by 10Web Plugin
2026-04-23 AI Writes the Code Now. What Happens To QA?
2026-04-22 CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
2026-04-21 CVE-2026-2262: Easy Appointments Data Exposure via REST API
2026-04-20 CVE-2026-5478: Path Traversal File Read in Everest Forms
2026-04-19 CVE-2025-14868: CSRF File Deletion in Career Section Plugin
2026-04-18 CVE-2026-2834: Unauthenticated Stored XSS in Token of Trust Plugin
2026-04-17 CVE-2026-4365: Arbitrary Quiz Answer Deletion in LearnPress (CVSS 9.1)
2026-04-16 CVE-2026-5231: Stored XSS via utm_source in WP Statistics
2026-04-15 CVE-2026-4880: Barcode Scanner Plugin Privilege Escalation
2026-04-14 CVE-2026-3017: PHP Object Injection in Smart Post Show
2026-04-13 CVE-2025-15027: Privilege Escalation in JAY Login & Register (CVSS 9.8)
2026-04-12 CVE-2025-68043: Missing Authorization in LottieFiles Plugin (CVSS 9.8)
2026-04-11 CVE-2026-3124: Download Monitor Unauthenticated IDOR To Order Theft
2026-04-10 CVE-2026-3360: Tutor LMS Unauthenticated Billing Overwrite (CVSS 7.5)
2026-04-09 CVE-2026-3296: PHP Object Injection in Everest Forms (CVSS 9.8)
2026-04-08 CVE-2026-2942: Arbitrary File Upload in ProSolution WP Client
2026-04-07 CVE-2026-4003: CVSS 9.8 Privilege Escalation in Users Manager PN
2026-04-06 CVE-2025-15488: Unauthenticated Code Injection in Responsive Plus
2026-04-05 Cloudinary AI Skill for SQA: Auto-Upload Screenshots Explained
2026-04-04 CVE-2026-1233: Hardcoded MySQL Credentials in TTS Plugin
2026-04-03 axios Supply Chain Attack: Malicious Versions Deploy a RAT
2026-04-02 CVE-2026-5130: Debugger & Troubleshooter Unauthenticated Account Takeover
2026-04-01 Hello, World
2026-03-31 CVE-2026-4267: Unauthenticated Reflected XSS in Query Monitor Plugin
2026-03-30 CVE-2026-4257: SSTI to RCE in Contact Form by Supsystic
2026-03-29 CVE-2026-4987: Unauthenticated Payment Bypass in SureForms
2026-03-28 CVE-2026-3584: Kali Forms Unauthenticated RCE & Admin Takeover
2026-03-02 CVE-2026-1357: Unauthenticated RCE in WPvivid Backup Plugin (CVSS 9.8)
2026-03-01 CVE-2026-27384: Unauthenticated RCE in W3 Total Cache
2026-02-09 কীভাবে ভোট জালিয়াতি করবেন?
2026-01-27 Zikr When Waking Up - ঘুম থেকে জেগে উঠার সময়ের যিক্‌রসমূহ
2026-01-26 The Excellence of Zikr - যিক্‌রের ফযীলত
2026-01-16 সূরা আলে ইমরানের শিক্ষাসমূহ
2026-01-15 What Is WCAG? Web Accessibility Guidelines Explained
2026-01-14 CVE-2026-23550: CVSS 10 Privilege Escalation in Modular DS
2026-01-14 How Much Can Your Kid Earn? Financial Lessons for Parents
2026-01-13 A Tester's Guide to Letter Cases
2026-01-12 What Is Stochasticity? A Plain-English Explanation
2026-01-11 Personal Domain as Digital Ownership: Why It Matters
2026-01-10 WordPress Action and Filter Hooks: A Developer's Guide
2026-01-05 Custom Winter Theme for Disabled Sites on xCloud [Tutorial]
2026-01-03 যখন আল্লাহ কাউকে ভালবাসেন

2025

2025-12-31 7 Software Testing Principles Every SQA Engineer Should Know
2025-12-18 SQA Career in WordPress: A Complete Ecosystem Guide
2025-12-13 SQA & DevOps Job Circulars: Updated Collection [2026]
2025-12-13 ISTQB Certification Journey: Tech X Webinar Full Recap
2025-12-09 The Muslim Creator’s Guide to Ethical AI Image Generation
2025-12-08 Essential RSS Feeds for QA & DevOps Engineers [2026]
2025-12-07 Free SMTP Options for SQA & Automation Engineers [2026]
2025-12-07 What Is WordPress? A Complete Beginner's Guide [2026]
2025-12-06 CVE-2025-12352: Arbitrary File Upload in Gravity Forms
2025-12-05 CVE-2025-12493: Local PHP File Inclusion in ShopLentor
2025-12-04 CVE-2025-11749: Privilege Escalation in AI Engine Plugin
2025-12-03 CVE-2025-13597: Arbitrary File Upload in AI Feeds Plugin
2025-12-02 FileMock for SQA Engineers: File Upload Testing Made Easy
2025-12-02 Smart Job Application Strategies for SQA Engineers
2025-12-01 CVE-2025-11457: Privilege Escalation in EasyCommerce Plugin
2025-11-30 BAQC Volunteer Formation Meeting: Notes & Key Decisions
2025-11-30 সন্তানের মৃত্যু কীভাবে মেনে নেবো?
2025-11-30 What Is Sanity Testing? A Beginner’s Friendly Guide
2025-11-28 BAQC SQA Community Meetup: Key Highlights & Takeaways
2025-11-27 কমেন্ট করার আগে ভাবুন - রেজ বেইট কিনা
2025-11-24 WPDeveloper SQA Job Circulars: Previous Openings Archive
2025-11-18 WordPress Bug Bounty: Best Resources for Security Researchers
2025-11-17 3 Powerful AI Prompts for WordPress SQA Engineers
2025-11-12 3 AI Prompts Every SQA Tester Should Use in 2026
2025-11-10 CSS Combinators Explained: Types, Syntax & Use Cases
2025-10-23 প্রাইস কত? ইনবক্স চেক করুন!
2025-10-15 The Soviet Mapmaker’s Secret: Why Post-USSR Peace Failed
2025-10-11 রাশিয়ার ইতিহাস
2025-10-10 লোকমান হাকিমের পরিচয়
2025-10-07 CVE-2025-49844: RediShell Redis Lua Sandbox Escape Explained
2025-10-05 শিশুর সংশোধন - প্রশংসা ও উপদেশ
2025-10-04 দুঃখ ও মুসিবতে ধৈর্যধারণ
2025-10-03 আমাকে জিজ্ঞেস করা কমন কিছু প্রশ্নের উত্তর
2025-10-02 CVE-2025-58246: My Contribution to WordPress 6.8.3 Security
2025-10-01 সন্তানকে তার উপযোগী কাজ দেওয়া আবশ্যক
2025-09-30 বিধর্মীদের উৎসব সংক্রান্ত কিছু প্রশ্নোত্তর
2025-09-29 দাওয়াত, দুআ ও কাচ্চি
2025-09-29 তুমি কি এমন সময় ঘুমাচ্ছ যখন রিজিক বণ্টন করা হচ্ছে?
2025-09-25 শিশুর মৃত্যুতে রাসুলুল্লাহ (সা:) কাঁদতেন এবং শিশুর পরিবারকে সমবেদনা জানাতেন
2025-09-23 Social Media Giveaways in Islam: Are They Permissible?
2025-09-22 Cloudflare Outage: How a React Bug Caused a Thundering Herd
2025-09-20 tag_escape() in WordPress: Secure HTML Escaping Guide
2025-09-19 দুআ তে শব্দচয়ন কেন জরুরি
2025-09-14 Bun Install Deep Dive: Speed & Optimization Secrets
2025-09-13 Atomic Habits: Walk Slowly, But Never Backward
2025-09-12 বাংলাদেশের মেডিক্যাল ও সরকারি সেবায় ডেটা সিকিউরিটির ভয়াবহ চিত্র
2025-09-11 What Is PHP SAPI? A Complete Beginner's Guide [2026]
2025-09-08 আধুনিক পরিবারের সংকট - ইসলামী সমাধান
2025-09-06 Linux seq Command Explained with Examples for Beginners
2025-09-03 Best Articles of September 2025: Monthly Reading Picks
2025-09-03 Binary Search in Practice: Finding Hikmah's User Count
2025-09-02 CVE-2025-58196: XSS in WordPress UiCore Elements Plugin
2025-09-01 CVE-2025-55715: Sensitive Info Exposure Affecting 300K+ Sites
2025-08-28 CVE-2025-54708: Stored XSS in WordPress B-Blocks Plugin
2025-08-28 Escaping vs. Sanitization in WordPress: A Developer’s Guide
2025-08-26 WordPress Security: My July 2025 CVE Contribution Recap
2025-08-26 Vibium - টেস্ট অটোমেশনের নতুন টুল?
2025-08-14 Masjid Fundraising: How to Give Sadaqah Jariyah
2025-06-01 Hetzner Cloud VPS: Why It's a Game Changer for Developers
2025-04-15 Check WordPress Plugin Compatibility with wp-since on xCloud
2025-03-01 10 Common WordPress Mistakes to Avoid (Beginner’s FAQ Guide)
2025-02-16 php.ini Configuration for Nginx and OpenLiteSpeed [Guide]
2025-02-01 What Is SSH? Beginner's Guide to Secure Shell Protocol
2025-01-27 GoAccess Setup Guide for xCloud: Real-Time Web Analytics
2025-01-18 Markdown Cheat Sheet: Quick Reference for All Syntax
2025-01-08 প্রকৃত মুমিনের পাঁচটি গুণ

2024

2024-12-31 Playwright for Beginners: Setting Up Your First Project
2024-12-30 How to Create and Manage Users in Linux: A Beginner’s Guide
2024-12-05 A/B Testing for Beginners: What It Is & How It Works
2024-12-04 সূরা বাকারার আদেশ ও নিষেধসমূহ
2024-12-03 সূরা ফাতিহার শিক্ষাসমূহ
2024-12-01 White Box vs Black Box Testing: A Complete Tester's Guide