Following the news that more than 1 million websites running the WordPress content management system may be vulnerable to hackers stemming from a “severe” SQL injection bug in NextGEN Gallery, a WordPress plugin. Mike Pittenger, President of Security Strategy at Black Duck Software commented below.
Mike Pittenger, President of Security Strategy at Black Duck Software:
“We’re seeing another example of a WordPress plug-in vulnerability. This type of issue – running old and vulnerable versions of open source – made WordPress one of the main suspects in the Panama Papers breach (along with Drupal and Outlook Web Access).”
“The issue here isn’t that another vulnerability has been disclosed, it’s the fact that many organisations are negligent in monitoring these vulnerabilities and upgrading to remediate the issue.”
“Unlike many open source vulnerabilities, where an organisation may not even be aware that they are using the vulnerable component, WordPress is more straightforward. It’s not likely an organisation is unaware they are using WordPress. However, if they are not on a support agreement, they are responsible for monitoring these issues themselves, including pulling in updated plug-ins, when required.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…