Following the news that the WordPress has patched three security flaws – including an SQL injection problem, Paul Farrington, Manager, EMEA Solution Architects at Veracode commented below.
Paul Farrington, Manager, EMEA Solution Architects at Veracode:
“It is absolutely imperative that all users of WordPress 4.7.2 upgrade immediately to the new version. Despite having been around for over a decade and regularly featuring on the OWASP Top 10 list (the widely accepted standard for application security), both SQL injections and cross scripting vulnerabilities continue to expose enterprises to large-scale breaches and brand damage. The 2015 TalkTalk breach only serves as a reminder of the severity of this attack vector.
“One challenge that WordPress faces is that it is written in PHP, which Veracode’s research has found to have a higher number of vulnerabilities than other scripts. Our research found that four out of five applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, an industry-standard security benchmark. Given the volume of PHP applications developed for the top three content management systems (CMS) – WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise fresh concerns over potential security vulnerabilities in millions of websites.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…