WordPress and plugins require updates to close vulnerabilities, but we will explain the most dangerous types of vulnerabilities.
What are the most dangerous vulnerabilities in WordPress?
WordPress contains between 2,000 and 5,000 PHP programming files, including the WordPress mainframe, themes, and plugins.
These programs may contain vulnerabilities due to programmer error or lack of knowledge, although the probability is very low.
The most dangerous vulnerabilities are those that allow external parties to make changes to the database or files via the Internet without any kind of authentication.
A database is a system that holds dynamically generated and rewritable data that is separate from the program files that store the content and settings of WordPress posts.
In some cases, these vulnerabilities are intentionally embedded in programs downloaded from illegal sites that offer free downloads of paid themes and plug-ins.
Are vulnerabilities dangerous just because they exist?
Vulnerabilities are not dangerous just because they exist. The most dangerous vulnerabilities are those that are known to hackers in a way that allows them to know that the vulnerability exists, how they can use it, and how they can find out that the vulnerability is on the site.
Furthermore, if a vulnerable WordPress version or plugin is used on a large number of sites and is also present on your site, the possibility of tampering with your site becomes much greater.
The longer a vulnerability is discovered, the more likely it is to be exploited by hackers, and the longer it is left unchecked, the greater the security problem.
The vulnerability of WordPress has been publicized by NPOs such as JVN in Japan to alert people of the vulnerability.
Examples of specific vulnerable programs
Let’s take a look at what specific programs are vulnerable.
1 Example of a vulnerability that allows database rewriting from the outside without authentication
$user = $_POST['user']; $sql = "SELECT FROM wp-user where user_name = '". $user."'"; $wpdb->query($sql);
This program is a program that receives data and searches the database for it in a process called $_POST. In addition to the process of sending data directly from the outside to this program and searching the database, arbitrary SQL statements can be connected and executed.
For example, you could create a wordpress admin user.
This kind of method of attacking database vulnerabilities is called SQL injection.
2 Examples of vulnerabilities that allow files to be tampered with from the outside without authentication
$data = $_POST['data']; $filename = $_POST['filename']; file_put_contents($filename,$data);
This program receives data in a process called $_POST and writes out text with the filename and data received.
It is possible for a hacker to write a program on the server with an arbitrary file name and contents, so it is possible to write an illegal PHP program and make it accessible and usable from a browser.
Such a vulnerability is called file upload arbitrariness, and if this vulnerability is exploited, it is possible to embed a backdoor or do anything that can be done on the server, including rewriting the database.
3 Examples of vulnerabilities that allow files to be viewed externally without authentication
Another common example of a vulnerability is a vulnerability that can be exploited in plugins that allow image and file previews from the admin panel, and the ability to receive and display preview files via $_POST.
$filename = $_POST['filename']; $contents = file_get_contents($filename); echo $contents;
If such a vulnerability exists in the plugin, wp-config.php, which contains the database connection information of WordPress, can be viewed by an external party, which can leak IDs and passwords for database connections.
ーー
About 1000 patterns of dangerous vulnerabilities can be inspected for free ↓.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
(1 scan for free version, unlimited for paid version)
How can I prevent hackers from taking advantage of my vulnerabilities?
The easiest way to prevent hackers from exploiting vulnerabilities is to keep your WordPress system up-to-date and remove unused plugins and themes.
Programmers are also constantly updating their programs to address vulnerabilities.
Reference
5 free WordPress security measures