Unpatched Wordpress vulnerabilities

Follow

Summary

Wordpress has had many security problems of various levels of importance reported over its lifetime.  Our scanners have detected one of the more serious vulnerabilities.  These vulnerabilities are typically addressed by simply updating your Wordpress installation and plugins to more recent versions.

If you need specific details for the vulnerabilities that our scanners have detected, please ask on your support ticket.

Impact

The impact will depend on the specific Wordpress vulnerability detected in your website.  In some cases, the vulnerability can be used to compromise your website; e.g. vandalize it or steal information such as user details.  In other cases, it can be used to attack the users of your site; e.g. to trick unsuspecting users into revealing passwords, and other information that could be used for identity theft.

Solution

We recommend the following approach:

  • Find out what version of Wordpress your site is currently running.
  • Go to the Wordpress Security Announcement page.
  • Read through the recent announcements, and identify an appropriate version to upgrade to. The most obvious choice would be the most recent version described as a security release.
  • Upgrade by following standard Wordpress upgrade procedures. This includes checking plugin compatibility, and if necessary upgrading or replacing insecure plugins / plugin functionality.
  • Subscribe to a Wordpress security channel to get notifications of vulnerabilities as soon as they become known.

There are a number of resources on the web that deal with keeping Wordpress sites secure.

Have more questions? Submit a request

Comments

Powered by Zendesk