WordPress powers a massive portion of the modern web, making its ecosystem a primary target for security researchers and malicious actors alike. While WordPress core security has matured significantly over the years, the sprawling directory of third-party plugins remains a highly fragmented and vulnerable landscape. Automated scanners frequently fail to detect complex logical flaws, privilege escalations, or authorization bypasses in these plugins. This gap leaves critical assets exposed to zero-day exploits. The "WordPress plugin vulnerability research" project addresses this specific challenge by offering a structured, manual auditing methodology designed to uncover high-impact vulnerabilities that automated tools routinely miss.