What is Attack Surface Mapping?

Bit Discovery have been using the WPScan WordPress security scanner and the WPScan Enterprise API for some time to add WordPress scanning functionality to their offering. We thought that it would be a good idea to introduce our readers to what Attack Surface Mapping is, and how organisations can benefit from it. To do this,…More

2021 Mid-Year WordPress Security Report: A Collaboration Between Wordfence and WPScan

WPScan has collaborated with Wordfence to conduct a 2021 mid-year review on the state of WordPress security. Using vulnerability data from WPScan’s WordPress vulnerability database and attack data from Wordfence’s internal threat intelligence platform, we were able to analyze the current trend of attacks on WordPress and assess the current state of WordPress-based software security. …More

Why Submit Vulnerabilities to WPScan

There are many reasons to submit WordPress core, plugin vulnerabilities and theme vulnerabilities to the WPScan WordPress vulnerability database. We’ve listed just a few below! 1. Responsible Disclosure Our team will help you with the vulnerability responsible disclosure process. Submit the vulnerability details to us and we will ensure that the vulnerability is handled properly.…More

WordPress Vulnerability Statistics for July 2021

In this blog post we are going to look at the vulnerabilities added to the WPScan WordPress Vulnerability Database in July 2021. The vulnerabilities were all hand curated and added to our database by WordPress security experts. The vulnerabilities come from independent security researchers from the security community who submit them to us via our…More

Two Vulnerabilities Fixed in Super Progressive Web Apps WordPress Plugin

The WPScan WordPress security research team identified two serious vulnerabilities affecting the Super Progressive Web Apps WordPress plugin, affecting over 50,000+ WordPress websites. Our users were warned about these vulnerabilities on June 29th, 2021 when they were added to our database. Authenticated (subscriber+) Arbitrary File Upload to RCE Description When the plugin’s Apple Touch Icons…More

Why Admin XSS Is a Valid Security Issue

By default, WordPress allows administrator and editor users to inject JavaScript into pages, posts, comments and widgets. This is because administrator and editor users have the unfiltered_html capability. Here at WPScan it is quite common to receive vulnerability reports via our submission form where the security researcher was not aware that administrator and editor users…More

Coding Mistake Leads to CSRF Bypass in 200,000+ WordPress Websites

In March, the WPScan WordPress security research team discovered Cross-Site Request Forgery (CSRF) protection bypasses in 37 WordPress plugins, affecting over 200,000+ active WordPress websites. The vulnerabilities were responsibly disclosed, resulting in the 37 plugins either being patched or removed from the official WordPress plugin repository. Cross-Site Request Forgery (CSRF) is a vulnerability that can…More

Critical WooCommerce Vulnerabilities

On July 13th two critical SQL Injection vulnerabilities were reported and patched in the WooCommerce and WooCommerce Blocks WordPress plugins. SQL Injection vulnerabilities allow attackers to ‘piggyback’ on SQL queries, usually allowing the attacker to read, write and edit database data. Although SQL Injection vulnerabilities can sometimes be difficult to exploit manually, tools such as…More

Interview with a WordPress Hacker: m0ze

Over the past 10 years that WPScan have been cataloging WordPress vulnerabilities, we have had many hundreds of independent security researchers contribute to our WordPress vulnerability database. Today, we talk to m0ze, a long time WPScan vulnerability database contributor, who shares his thoughts on the state of WordPress security today. Please introduce yourself.My name is…More

WordPress 5.7.1 Security and Maintenance Release

Today, April 15th, 2021, WordPress released version 5.7.1, a security and maintenance release that reportedly patches two security vulnerabilities.

The WordPress release announcement lists the following two security vulnerabilities as being patched in version 5.7.1:

Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8. Thanks Mikael Korpela for reporting a data exposure vulnerability within the REST API.

Let’s take a closer look at these vulnerabilities and see what other information we can find out about them.