Title:

Vulnerable Wordpress version 3.*.* installed.

Vulnerability:

Why use Wordpress framework?
The primary reason is to accelerate the development. Theme frameworks radically diminish the development time. The advancement time is enhanced on the grounds that all topic structures offer a lot of usefulness and customization alternatives, so the client does not need to code everything themselves.

Wordpress themes or plugin’s has found many vulnerabilities those are exploitable to gain server access, upload vulnerable file/codes, inject cross site scripts, data leakage, data modification. Not updating wordpress themes, plugins with recent updates and using older versions is very vulnerable and esy to exploit. Few vulnerabilities are as listed below:

  1. Imediapixel - Cross-Site Scripting (XSS)
  2. Shotzz - Arbitrary File Upload
  3. Shotzz - Custom Background Shell
  4. dagda - Arbitrary File Upload
  5. WeeklyNews Premium Theme - Cross-Site Scripting (XSS)
  6. SimpleCart - File Upload & Execution
  7. QAEngine Theme - Privilege Escalation

Solution:

    • Ensure usage of secured themes and plugin’s of wordpress. Avoid using themes, plugins with known vulnerabilities.
    • Keep the plugin’s or Wordpress framework version updated at all times.