Explore novel exploitation techniques in WordPress through this conference talk from OWASP AppSec EU 2018. Delve into a fundamental design flaw in the WordPress core that led to severe security issues, including SQL injection vulnerabilities and a new type of PHP object injection. Examine how a custom design of prepared statements contributed to these vulnerabilities. Analyze the characteristics of this specific occurrence and learn how to identify similar issues in other PHP projects. Gain insights into new and generic exploitation techniques, as well as guidance for WordPress and other developers on preventing these security problems. Understand the implications of WordPress's wide adoption, its reliance on legacy code, and the challenges of implementing modern best practices. Learn about the exploitation of outdated cores and plugins, and the ongoing efforts to secure the platform despite the intrinsic features of the PHP language.