Last active
April 18, 2017 10:44
-
-
Save bhowe/bb06c56f0fab931a25c0e8d430abffa5 to your computer and use it in GitHub Desktop.
Most common Wordpress Plugin (Software) vulnerabilities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Insecure file upload handling (this is the cause of the most exploited type of vulnerability, arbitrary file upload) | |
| Deserialization of untrusted data | |
| Security issues with functions accessible through WordPress’ AJAX functionality (those are a common source of disclosed vulnerabilities these days) | |
| Persistent cross-site scripting (XSS) vulnerabilities in publicly accessible portions of the plugin | |
| Cross-site request forgery (CSRF) vulnerabilities in the admin portion of plugins | |
| SQL injection vulnerabilities (the code that handles requests to the database) | |
| Reflected cross-site scripting (XSS) vulnerabilities | |
| Lack of protection against unintended direct access of PHP files |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment