Following the news that the WordPress has patched three security flaws – including an SQL injection problem, Paul Farrington, Manager, EMEA Solution Architects at Veracode commented below.
Paul Farrington, Manager, EMEA Solution Architects at Veracode:
“It is absolutely imperative that all users of WordPress 4.7.2 upgrade immediately to the new version. Despite having been around for over a decade and regularly featuring on the OWASP Top 10 list (the widely accepted standard for application security), both SQL injections and cross scripting vulnerabilities continue to expose enterprises to large-scale breaches and brand damage. The 2015 TalkTalk breach only serves as a reminder of the severity of this attack vector.
“One challenge that WordPress faces is that it is written in PHP, which Veracode’s research has found to have a higher number of vulnerabilities than other scripts. Our research found that four out of five applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, an industry-standard security benchmark. Given the volume of PHP applications developed for the top three content management systems (CMS) – WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise fresh concerns over potential security vulnerabilities in millions of websites.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…