The majority of WordPress vulnerabilities, about 67% discovered in 2023, are considered medium. Since they are the most common, it makes sense to understand what they are and when they pose a real security threat. Here are the facts about these types of vulnerabilities that you should know about them.
What is a medium vulnerability?
A spokesperson for WPScan, a WordPress security scanning company owned by Automattic, explained that they use the Common Vulnerability Scoring System (CVSS Scores) to assess the severity of a threat. Ratings are based on a 1-10 numbering system and low, medium, high and critical ratings.
The WPScan spokesperson explained:
“We don’t mark the levels as chances of passing, but the severity of the vulnerability based on FIRST’s CVSS framework. Generally speaking, a medium severity score means that the vulnerability is difficult to exploit (e.g. , SQL injection that requires a highly privileged account) or that the attacker does not gain much from a successful attack (eg, an unauthenticated user can obtain the content of private blog posts).
We generally don’t see them used as much in large-scale attacks because they’re less useful than more severe vulnerabilities and harder to automate. However, they could be useful in more specific attacks, for example, when a privileged user account has already been compromised or an attacker knows that some private content contains sensitive information that is useful to them.
We always recommend updating vulnerable extensions as soon as possible. However, if the severity is medium, there is less urgency to do this, as the site is less likely to be the victim of a large-scale automated attack.
An untrained user may find the report somewhat difficult to digest. We have tried our best to make it as suitable as possible for all audiences, but I understand that it would be impossible to cover everyone without making it too boring or long. And the same can happen with the reported vulnerability. The user consuming the feed would need a basic understanding of their website’s configuration to consider which vulnerability needs immediate attention and which can be handled by the WAF, for example.
If the user knows, for example, that their site does not allow users to subscribe to it. All Subscriber+ vulnerability reports, regardless of severity level, are subject to reconsideration. Assuming the user keeps a constant review of the site’s user base.
The same goes for Contributor+ reports or even Admin levels. If the person maintains a small network of WordPress sites, the admin+ vulnerabilities are interesting to them, as a compromised admin of one of the sites can be used to attack the superadmin.”
Vulnerabilities at the contributor level
Many medium-severity vulnerabilities require contributor-level access. A contributor is an access role that gives the registered user the ability to write and submit content, although they generally do not have the ability to publish it.
Most websites don’t have to worry about security threats that require contributor-level authentication because most sites don’t offer this level of access.
Chloe Chamberland – Threat Intelligence Lead at Wordfence explained that most site owners should not worry about medium severity vulnerabilities that require contributor-level access to exploit because most WordPress sites do not this permission level. He also noted that these types of vulnerabilities are difficult to scale because exploiting them is difficult to automate.
Chloe explained:
“For most site owners, vulnerabilities that require contributor-level access and above to exploit are something they don’t have to worry about. This is because most sites don’t allow logging at the contributor level and most sites do not have contributors on their site.
Additionally, most WordPress attacks are automated and seek high-value returns that are easy to exploit, so vulnerabilities like this are unlikely to be targeted by most WordPress threat actors.
Website publishers should be concerned
Chloe also said that publishers who offer contributor-level permissions may have several reasons to be concerned about these types of exploits:
“The concern about exploits that require contributor-level access to exploit arises when site owners allow contributor-level registration, have contributors with weak passwords, or the site has another plugin installed /theme with a vulnerability that allows contributor-level access in some way, and the attacker actually wants to get into your website.
If an attacker can get their hands on one of these accounts and a contributor-level vulnerability exists, they may have the opportunity to escalate their privileges and do real harm to the victim. Take, for example, a contributor-level Cross-Site Scripting vulnerability.
Due to the nature of contributor-level access, it is highly likely that an administrator would preview the post for review, at which point any injected JavaScript would be executed; this means that the attacker would have a relatively high probability of success due to the administrator’s preview of the post. for publication.
As with any Cross-Site Scripting vulnerability, it can be exploited to add a new administrative user account, inject backdoors, and basically do anything a site administrator can do. If a serious attacker has access to a contributor-level account and has no other trivial way to elevate his privileges, he is likely to take advantage of contributor-level Cross-Site Scripting to gain further access. As mentioned above, you likely won’t see this level of sophistication targeted at the vast majority of WordPress sites, so it’s high-value sites that need to worry about these issues.
In conclusion, while I don’t think the vast majority of site owners need to worry about contributor-level vulnerabilities, it’s still important to take them seriously if you allow user registration at this level in your place, do not apply a single force. user passwords and/or you have a high-value WordPress website.”
Be aware of vulnerabilities
While many of the medium-level vulnerabilities may not be anything to worry about, it’s still a good idea to stay aware of them. Security scanners like the free version of WPScan can give a warning when a plugin or theme becomes vulnerable. It’s a good way to have a warning system to stay on top of vulnerabilities.
WordPress security plugins like Wordfence offer a proactive security posture that actively blocks auto-hacking attacks, and advanced users can fine tune them to block specific bots and user agents. The free version of Wordfence it offers significant protection in the form of a firewall and malware scanner. The paid version provides protection for all vulnerabilities as soon as they are discovered and before the vulnerability is patched. I use Wordfence on all my websites and can’t imagine setting up a website without it.
Security is generally not considered an SEO issue, but it should be considered as one, as failure to secure a site can undo all the hard work done to make a site rank well.
Featured image by Shutterstock/Juan villa torres
[ad_2]
Source link
