WordPress is a globally used platform for content management – that makes it an easy target for hackers to attack. Possibly, websites or blogs that are running on outdated web versions and patches easily cater the cybercriminals with frequent vulnerabilities. World’s high-end open source software releases time-to-time patches to treat the data leaks and other threats.
These updated versions are created to correct the maintenance and security related loopholes on the websites.
The cyber-attacks are the routine part of the cyberspace, but the good part is WordPress does not take long to respond back and provide a solution.
The most recent version, WordPress, 4.9.2 claims to resolve the security and maintenance glitches. But, the claims are only claims because these bugs are never-ending, likewise the dangers caused by them on the credential information.
There were some specific times when the threat level and the red alert beams were intensively high where bugs took over the CMS and caused several bug failures.
Following are some of the top bugs and software failures that marked history in the reign of WordPress:
- 1 Massive Hacking (2007/2008)
- 2 Vulnerabilities that Renewed Security (2009)
- 3 Free Image Utility — TinThumb (2011)
- 4 High-Profile Websites in The Wild (2013)
- 5 Plugins Began to Plug Out (2015)
- 5.1 Jetpack
- 5.2 WordPress SEO
- 5.3 Google Analytics by Yoast
- 5.4 All in one SEO
- 5.5 Gravity Forms
- 5.6 Multiple Plugins from Easy Digital Downloads
- 5.7 UpdraftPlus
- 5.8 WP-E-Commerce
- 5.9 WPTouch
- 5.10 Download Monitor
- 5.11 Related Posts for WordPress
- 5.12 My Calendar
- 5.13 P3 Profiler
- 5.14 Give
- 5.15 Multiple iThemesproducts including Builder and Exchange
- 5.16 Broken-Link-Checker
- 5.17 Ninja Forms
Massive Hacking (2007/2008)
In 2007 and 2008, hackers found a way to get in the blogs that had a bulk of user traffic, they pulled the SEO of those blogs to their personal websites. They redirected the traffic and stole all their passwords and logins as well.
The victims, including TechCrunch, stated that whenever they tried to open their blogs thousands of unknown pages redirected with tons of ads and some adult content. It was caused by a script flaw in the WordPress’s version, 2.1.1, that was not filtering the user input. WordPress released a new version 2.1.2, but it did little to restore its reputation.
The most common reason for the massive hacking was the backdoors created by the hackers. These backdoors are kind of gateways that let hackers enter through the logins and passwords. They sneaked into the credentials to log into the blogs/websites and got complete control over the blog apart from the admin.
The manual update system was considered a prominent issue that prompted the users to update regularly, it was that predicament that pushed many live sites towards the cyber-threat.
Vulnerabilities that Renewed Security (2009)
In 2009, we saw a series of new updates from 2.8 up to 2.8.6 that WordPress brought forward to renew and enhance the security patterns.
This is how bad code reviews or penetration testing affects the reputation and security of even a giant CMS.
Just imagine, the vulnerability was so intense that it required a weekly update, however, these periodic patches tightened the security firewall of WordPress.
Free Image Utility — TinThumb (2011)
No one knew that the image-resizing utility would turn into a way for loading and executing haphazard PHP code on a server. The bug was called a TimThumb vulnerability.
Basically, TimThumb is a crop, zoom, and image resize management tool that made the online portals look attractive as well as interactive.
But to our surprise, the themes provided by the tool came out as a vulnerability attack on the WordPress sites’ owners. Mark Maunder was the first one to detect the bug in TimThumb after getting his website hacked.
Although it is very resourceful too, it paved a way for hackers to get inside the websites and blogs.
TimThumb bug provided the espionages a chance to write files to a directory that was reachable by anyone. These permitted the hackers to upload files and execute code on the sites without the site’s owners knowing. The vulnerability continued till the end of 2014 leaving more than 25 million publishing platforms under threat.
It gives a lesson: Never leave a loophole untested or unchecked.
High-Profile Websites in The Wild (2013)
2013 saw a spate of risks on millions of high-end websites. According to a WP White Security, out of 42,106 WordPress websites, 72.3% were prone to threats, since they were running on obsolete patch versions.
These updates ensured that even a huge and popular website would be inclined to vulnerabilities if not updated.
In another report by an IT company, Checkmarx, the WordPress plugins that were utilized to add e-commerce touch up into the business models are played by vulnerabilities. Also, it added that seven out of ten most popular e-commerce sites have stubborn bugs/vulnerabilities.
Founder and CTO of Checkmarx, Maty Siman, explained: “Every developer can upload their plugin to the WordPress.org market and any user can download that plugin with no security assurance process in place,”
He added, “in certain cases, you can exploit a vulnerability to get full access control to the hosting server, and in many cases, you can get access to other WordPress sites hosted on the same server.”
Plugins Began to Plug Out (2015)
The XSS (Cross-site Scripting) vulnerability damaged a vastly used WordPress plugins gallery, most importantly:
Google Analytics by Yoast
All in one SEO
Multiple Plugins from Easy Digital Downloads
Multiple iThemesproducts including Builder and Exchange
As addressed, the core vulnerability or bug was detected in the WordPress version 4.1.2. Just a single detail mistake by developers cost the website owners for a multiple time.
Wrapping up, we saw how petty mistakes lead to huge damage and deteriorated reputations. It is crucial that WordPress website or blog owners must go for security testing and QA services already to get rid of any bugs and cyber-plagues.
Collaborate with such firms and give your sites a bug-free run.