On July 13th two critical SQL Injection vulnerabilities were reported and patched in the WooCommerce and WooCommerce Blocks WordPress plugins. SQL Injection vulnerabilities allow attackers to ‘piggyback’ on SQL queries, usually allowing the attacker to read, write and edit database data. Although SQL Injection vulnerabilities can sometimes be difficult to exploit manually, tools such as…More
Author Archives: wpscanteam
Interview with a WordPress Hacker: m0ze
Over the past 10 years that WPScan have been cataloging WordPress vulnerabilities, we have had many hundreds of independent security researchers contribute to our WordPress vulnerability database. Today, we talk to m0ze, a long time WPScan vulnerability database contributor, who shares his thoughts on the state of WordPress security today. Please introduce yourself.My name is…More
WordPress 5.7.1 Security and Maintenance Release
Today, April 15th, 2021, WordPress released version 5.7.1, a security and maintenance release that reportedly patches two security vulnerabilities.
The WordPress release announcement lists the following two security vulnerabilities as being patched in version 5.7.1:
Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8. Thanks Mikael Korpela for reporting a data exposure vulnerability within the REST API.
Let’s take a closer look at these vulnerabilities and see what other information we can find out about them.
Zerodium Offers $300,000 for WordPress Exploits
Zerodium, a company that buys security exploits to then resell to government entities, tripled its price for WordPress Remote Command Execution (RCE) exploits.
In a tweet sent out on Friday, April 9th, Zerodium announced that they had temporarily tripled the price they pay out to security researchers for WordPress RCE exploits. Increasing the payout from $100,000 to $300,000.
Covid Test Centres Leak Personal Information via WordPress API
WooCommerce Customers Manager WordPress Plugin – Multiple Security Vulnerabilities
A member of the WPScan research team discovered two security vulnerabilities within the premium WooCommerce Customers Manager WordPress plugin, versions less than 26.6.
The following two vulnerabilities were identified and added to our WordPress vulnerability database:
- Authenticated Reflected Cross-Site Scripting – CVSS: 7.1 (High)
- Arbitrary User Account Creation/Update via CSRF – CVSS: 8.8 (High)
WordPress Configuration File Backups
What are Configuration File Backups?
WordPress has a special file named wp-config.php that stores sensitive configuration information for your website.
By default, the
wp-config.php file stores the following information:
- MySQL settings
- Secret keys
- Database table prefix
Developers can also store other sensitive information in the file.
WordPress Version Control Files
What are version control files?
When developers write code they often use version control software, such as SVN or Git, to help manage their work.
When version control software is used, it often uses a hidden folder to store data about the source code being written. As this folder is hidden, it often can’t be viewed and therefore inadvertently ends up on your website.
WordPress SSL/TLS HTTPS Encryption
What is SSL/TLS HTTPS Encryption?
Not so long ago the web’s communications were mostly un-encrypted, allowing anyone who could eavesdrop on the traffic to read them. In recent years, the web has seen a dramatic change from mostly being un-encrypted to encrypted.
When your website has HTTPS enabled all communication traffic from your user’s computers to your website are encrypted. This prevents any attackers, whether they be in a coffee shop trying to steal payment details, or nation state governments, from reading your user’s communications.
Not only does HTTPS offer your users more security, search engines like Google also rank websites that use HTTPS higher than those that don’t, resulting in more traffic from Google and others.
WordPress Secret Keys
What are WordPress Secret Keys?
WordPress secret keys are random long bits of text that are stored in the
wp-config.php file. They help with encrypting and hashing important data within WordPress. They are used to help secure your authentication cookies and to create secure numbers to protect against attacks.
WordPress have their own WordPress Secret Key Generator that will output random secret keys for you, like the ones below: