WordPress Vulnerabilities Now Available For All To See
The popularity of WordPress to power sites around the world has meant that it is increasingly becoming a target for hackers looking to exploit the information held within WordPress sites. Now a new sit has been launched showing that it may be easier than you think to be able to hack WordPress after all.
Security researcher Ryan Dewhurst has decided to show everyone just where the weaknesses and vulnerabilities in WordPress lie to try and warn people of potential dangers while also shaming developers of plugins who fail to protect their software correctly to safeguard users.
Ryan Dewhurst has launched a website that can be accessed by the public called WPScan Vulnerability Database and on it he lists all of the vulnerable data on the site.
He set up the site with a £5,000 backing from BruCON, a not for profit annual security conference held in Belgium.
According to a report by Forbes, Ryan Dewhurst said: “This should be useful to security professionals (ethical hackers) to be able to look up what plugins, etc., have vulnerabilities during penetration tests,” Dewhurst said over email. “It should also be useful to people who run WordPress web sites to check if they are vulnerable. Also it may help in shaming third-party developers to do a better job in future in terms of the security of their software.”
Of course the information could be used by hackers to also cause trouble on the site but most wanting to cause damage will have already found their way in, especially when you see just how many vulnerabilities there are on WordPress and through the plugins available to use with the site.
In total there are 29 pages of vulnerabilities listed in association with plugins however there are actually only three pages of concern for the core WrdPress codebase.
WordPress have not come out looking too bad from the scan as it is mainly the plugins that seem to be the problem, however there are according to Dewhurst, a number of vulnerabilities that WordPress are refusing to patch “Because they don’t think the risk of the issue is worth the effort in fixing it.” Now that everyone can see just where all the problems lie then perhaps WordPress will be changing their mind on that stand point.