This article explains how to find old versions of WordPress web servers that have not been patched for WordPress vulnerabilities and how to scan for vulnerabilities in webpages created with WordPress.
What is WordPress Vulnerability?
WordPress is a website creation and management system used by 40% of all websites worldwide. When cyber attackers are deciding which web server to target, they look for old versions of web servers that have not been WordPress vulnerability security patched. Because WordPress is used for various purposes, including personal blogs, corporate blogs, and official corporate websites, the vulnerabilities of WordPress become a major target for hackers. According to MITRE Corporation’s CVE statistics, a total of 344 WordPress vulnerabilities were discovered from 2004 to September 2022, of which actual attackers can exploit 11 CVEs.
Types of WordPress Vulnerability
When classifying all discovered WordPress vulnerabilities, XSS vulnerability was the most common vulnerability with 123 cases, followed by the code execution vulnerability with 48 cases.
- HTTP Response Splitting
- Execute Code
- SQL Injection
- Gain Information
- Denial of Service
- Directory Traversal
- Bypass Something
- Gain Privilege
- File Inclusion
Detecting Websites Built With WordPress
Criminal IP’s Asset Search (https://www.criminalip.io/asset) has a tech_stack filter that can search for the IP addresses of servers with specific technology. Using the tech_stack filter, you can find the IP addresses of websites built with WordPress. In particular, it is possible to find IP addresses of outdated WordPress webpages that have not been WordPress vulnerability patched.
The results show approximately 660,000 active IP addresses of web servers created with WordPress. Under ‘Top Countries’ on the right, you can check the country statistics of IP addresses. Of all the IP addresses, about 258,000 belonged to the US.
Finding web servers that have not been WordPress Vulnerability Patched
The results for all IP addresses discovered include outdated WordPress web servers that have not patched for vulnerabilities, such as SQL Injection Vulnerability and XSS Vulnerability. Both SQL Injection Vulnerability and XSS vulnerability are known to be dangerous vulnerabilities that run malicious scripts and gain WordPress administrator access or even make the site disappear.
By combining a keyword search and tech_stack filter on Criminal IP’s Asset Search (https://www.criminalip.io/asset), you can search for IP addresses with a specific version of WordPress.
[Criminal IP Search 101- How to Find Old WordPress Servers]
If you look at the page source of the website that uses WordPress, the WordPress version is specified in the form of “WordPress X.X.X”. Thus, if you want to search for v4.8.2 WordPress-applied web servers that have not been WordPress vulnerability patched, you can type in “WordPress 4.8.2” tech_stack: wordpress.
There are approximately 134 IP addresses of v4.8.2 applied websites that have not been vulnerability patched. However, because the WordPress administrator setting can prevent the exposure of Meta Tag, we expect there to be a lot more than the results show.
How To Scan For Outdated WordPress Vulnerability
From checking the Domain Search scan results for one of the vulnerable WordPress web servers, we found that it is using the outdated version of WordPress v4.8.2. WordPress vulnerabilities are more vulnerable than ever, as more than 60 have been found, including the latest vulnerabilities, CVE-2022-21663 and CVE-2021-44223.
It is highly likely that the web servers with the old version of WordPress have not been vulnerability patched, so they can become a target for hackers.
Therefore, checking for regular version updates is essential if you are running a personal website, such as a blog, or a company uses a website management system, such as WordPress.
Please check out our article ‘Exposed Redis Commander: The Biggest Contributor to Database Leakage’ regarding how to search vulnerable web servers using favicon and title search.
Source : Criminal IP (https://www.criminalip.io)
Related Article :