The best or the worst? – Pros and Cons in WordPress…

It’s no secret that today WordPress is the most popular content management system on the Internet, and probably the most common one for the use of SEO since the system’s algorithms and statistics are the best nowadays.

The WordPress UI is pretty great too! combining accessibility with compatibility and many expanding options regarding editing and so on, providing a Top-Notch experience for the users, helping Non-Professionals to perform tasks that, otherwise, require deeper understanding in coding.

WordPress has many advantages such as :

  • The adding of extensions – WordPress itself doesn’t come with any capabilities that provide us with options regarding SEO, but it supports the option of adding many extensions regarding it.
  • Diversity – there are many templates and styling options available to us, making it easy for us to edit our Articles or Webpages for example, as we see fit and differentiate it from others similar to it, plus, who doesn’t like attractive pages designed just for us?
  • Simplicity – as mentioned before, using WordPress require far less understanding in coding languages such as HTML, CSS and so on, using it feels similar to using Microsoft Word and others like it (although remember, they are not the same).

On the other hand, we know our world is not perfect, and our Websites can always be vulnerable to all sorts of attacks, and imagine yourself that millions use WordPress meaning they are all equally vulnerable, so let’s have a look at the “Bad things” that can happen to us while using the WordPress and why they could occur :

  • SQL Injection due to improper sanitization in WP_Meta_Query (Severity level rated as 7.4 – high) – due to the lack of proper sanitization we may be exposed to blind SQL Injection, in patch 5.8.3 this problem has been fixed which proves us once again how important it is to update, this vulnerability can be exploited in sites that use and older version of WordPress.
  • Stored Cross Site Scripting (XSS, Severity level rated as 8.0 – high) – “WordPress About Author” plugin with a version lower or equal with 1.3.9 is at vulnerable to this vulnerability, an attacker can access the admin panel, and there, by “Adding” a new post under “About Author” he inserts a Payload instead of a valid post title a code such as `"><script>alert(1)</script>`.

After being saved it affects all of the admin panel and the pages related to it, after that the output may contain data\information that is stored in the database!

As we can see, it’s easy to use, yet, it’s not that easy to use it in a secured way that prevents malicious attackers (who are probably just jealous of your beautiful site) from exploiting all sorts “Breaches”.

Our tools at Kayran can analyze and help you to better protect yourselves, preventing those attacks from happening in the first place!

“WordPress-yourselves” to safety!, choose Kayran.

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »