OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 WSTG-INFO-09 ISO27001-A.14.1.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
WordPress is a free and open source content management. The application is built around PHP and MySQL. The main feature of WordPress includes a template system and plugin architecture. The primary users of WordPress include blogging, basic mailing list, forums, online store and many more. More than 60 million websites are using WordPress. WordPress is also used in other fields like PDS(Pervasive Display System)
WordPress has many bugs which can be exploited by an attacker to disable the web application completely. The attacker can use various attacks like SQL injection, cross-site scripting and many more to compromise the web application. Even though WordPress fixes all the issues, it had in the previous versions. However, for every bug fixed, there is a chance that a new one will arise. So, to fix the vulnerabilities in WordPress, it is better to keep WordPress updated to the latest version.
For attacking a WordPress based web application, the attacker will follow the following steps:-
- Information gathering: The attacker will gather info about the web application. The information includes WordPress version used and many more.
- Directory indexing: The attacker will scan the directory files for gathering more information about the wordpress based application. The attacker will scan folders like /wp-content/, /wp-content/plugins/, /wp-content/themes/, /uploads/ and /images/.
- User enumeration: The attacker will try to discover the application’s users. The attacker will then exploit the application for the passwords.
- Attacking the Users: The attacker will try various attacking methods like brute force wp-login, capturing results through non-secure login and many more to get more information about the users.
- Attacking the application: The attacker will use attacks like XSS, SQL injection and many more to attack the web application.
- Attacking the server: After gaining access to the web application, the attacker will use attacks like brute-force management accounts to get passwords of SSH server, Cpanel, database management, phpmyadmin database management service and many more. The common method is:-
The impact include:-
- Many WordPress versions are vulnerable to SQL injection. An attacker can read, write and modify any data/ tables from the database. The attacker can also execute commands on the underlying operating system.
- The WordPress vulnerabilities can be exploited to extract sensitive information from the server. At worst case, an attacker might get access to the application’s source code.
- The attacker might get complete access and control of the web application.
- The vulnerability might cause attacks like web cache poisoning, cross user defacement and many more.
Mitigation / Precaution
Beagle recommends the following fixes:-
- Update WordPress to the latest version. Updating WordPress might fix all the bugs in the previous versions of WordPress.
- If updating WordPress is a no-go for the application, install the patch released by WordPress to fix the vulnerability.