This covers the full WordPress penetration testing workflow, from discovery and enumeration through credential attacks. It includes specific guidance for WordPress 7.0's new attack surfaces like the AI Connector API and Real-Time Collaboration endpoints. The WPScan commands are comprehensive and well-organized, walking you through theme/plugin enumeration, user discovery, and brute-force techniques including the faster XML-RPC multicall method. Use this when you're doing authorized security assessments of WordPress sites and need a structured approach. The WordPress 7.0 material is forward-looking (dated 2026) but the core methodology is solid for current versions too.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill wordpress-penetration-testing