Search Go hack yourself with Detectify

An EASM blog from Detectify

Updates on the security status of WordPress and Yoast

January 26, 2016

WordPress is amazing, we can’t argue with that. It’s efficient, powerful, and functional. However, given that it is the most popular Content Management System (CMS) in use, it is also the most vulnerable CMS platform out there.

The WordPress Pingback Vulnerability – Check old campaign sites!

The WordPress Pingback vulnerability allows an attacker to use your WordPress instance as a proxy server. The vulnerability itself is pretty old, but still the reason behind many DDoS attacks. It can be used to camouflage criminal behaviour and make it appear to originate from your service or gain access to internal networks.

SOLUTION: All default installations of WordPress 3.5 come with the vulnerable feature enabled, so we recommend you to run scans on old campaign sites to see if they are affected. If they are, make sure to reconfigure your WordPress version.

With great websites, come great plugins… and more vulnerabilities

Are you using the SEO plugin Yoast to increase search engine traffic? Many plugins have vulnerabilities, and Yoast has had both SQL injections and CSRF vulnerabilities in the past. This is yet another reminder of how important it is to update your plugins on a regular basis.