I spoke at conference Kolesa Conf’21 several days ago with topic “Hacking up-to-date WordPress”.
Speech about typical mistakes of young developers, when they mixing up development and production environments. Also, presentation shows that cross-site scripting (XSS) almost always will lead to client-side request forgery, and most times to remote code execution (RCE) even in the case with freshest WordPress.
On Youtube:
My presentation in PDF: