April 10, 2020 at 3:15 pm
#33583
Zaid Sabih
Moderator
Hello Basmejer,
HTTPS does not protect websites from vulnerabilities, it just encrypts the communication.
Wordpres have been vulnerable to XSS a number of times before but the latest release does not have any public ones, also the plugins used on wordpress websites can introduce vulnerabilities.
As for hooking users to beef through XSS, that is covered in the course, did you get there yet?