Following the news that more than 1 million websites running the WordPress content management system may be vulnerable to hackers stemming from a “severe” SQL injection bug in NextGEN Gallery, a WordPress plugin. Mike Pittenger, President of Security Strategy at Black Duck Software commented below.
Mike Pittenger, President of Security Strategy at Black Duck Software:
“We’re seeing another example of a WordPress plug-in vulnerability. This type of issue – running old and vulnerable versions of open source – made WordPress one of the main suspects in the Panama Papers breach (along with Drupal and Outlook Web Access).”
“The issue here isn’t that another vulnerability has been disclosed, it’s the fact that many organisations are negligent in monitoring these vulnerabilities and upgrading to remediate the issue.”
“Unlike many open source vulnerabilities, where an organisation may not even be aware that they are using the vulnerable component, WordPress is more straightforward. It’s not likely an organisation is unaware they are using WordPress. However, if they are not on a support agreement, they are responsible for monitoring these issues themselves, including pulling in updated plug-ins, when required.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…