Security Expert Reacted On Facebook For Wordpress Vulnerabilities

Two severe vulnerabilities have been patched in Facebook for WordPress Plugin, which has been installed on over 500,000 websites.  An attacker exploiting the most severe vulnerability could supply the plugin with PHP objects for malicious purposes, and upload files to a vulnerable website and achieve Remote Code Execution (RCE). 

Experts Comments

March 26, 2021
Jayant Shukla
CTO and Co-Founder
K2 Cyber Security

The latest vulnerabilities found in the Facebook for WordPress plugins are a good reminder to check the security of your WordPress plugins, which starts with making sure your plugins are up to date, that you’ve only installed the plugins you actually need, and to think about application security for your WordPress deployment. 

 

Plugins for WordPress are typically written in PHP, a language that’s particularly vulnerable to the OWASP Top 10 Web Application Risks.  Runtime application security

.....Read More

The latest vulnerabilities found in the Facebook for WordPress plugins are a good reminder to check the security of your WordPress plugins, which starts with making sure your plugins are up to date, that you’ve only installed the plugins you actually need, and to think about application security for your WordPress deployment. 

 

Plugins for WordPress are typically written in PHP, a language that’s particularly vulnerable to the OWASP Top 10 Web Application Risks.  Runtime application security provides protection for well-known problems like zero day attacks and the OWASP Top 10.  The Facebook plugin vulnerability is a Remote Code Execution (RCE) vulnerability, which is one of the most dangerous vulnerabilities, because it gives the attacker the ability to run almost any code on a hacked site. Some of the largest past data breaches, like the Equifax attack, started with an RCE attack.

 

Additional support for runtime application security was added in late 2020, when NIST SP 800-53 was published. The revised security and privacy framework included two major updates that offer insights into how security pros can improve their application security. The new framework includes requirements for both runtime application self-protection (RASP) and interactive application security testing (IAST).

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.