I've been using the [Ghost](https://ghost.org/) platform for some time now and it is without doubt my favourite. One thing, however, that has been some what of a pain, is the lack of automation in terms of updates.

Due to a lack of input sanitization in the `includes/instalinker-admin-preview.php` file, it is possible to utilise a reflected XSS vector to run a script in the target user's browser and potentially compromise the WordPress installation.

This past week, I have been working on a new module for Metasploit which required a change to one of the core library files. As a result, I had to update the RSpec tests for that particular module. This was my first time running the unit tests in Metasploit, as I had previously not had to change any library files, however, it didn’t go as smoothly as anticipated!

Due to a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php, it is possible to update any WordPress option as an authenticated non-admin user, which can in turn lead to privilege escalation and remote code execution.

If you are attempting to use an Arduino Nano on a Windows machine and having no luck finding drivers automatically, chances are it is due to a counterfeit FTDI chip which unfortunately does not work with the automatic driver finding functionality in Windows.