Skip to content

About WordPress <3.5 vulnerability. There is a possibility of site hijacking


Webmasters using WordPress 3.5 or lower versions are encouraged to update to the latest version as soon as possible, but here are the specific vulnerabilities that have been used in WordPress 3.5 and earlier. I will explain whether it is included in.

User ID is admin

In older versions of WordPress, the initial superuser (administrator) username was fixed at admin to simplify input. Because of this, hackers often only have to predict passwords, and obtaining a simple password makes it easy to crack administrative privileges.
In addition, when the password is incorrect, the user name is displayed as it is on the login screen, which is also an important hint for hackers who want to take administrator privileges.


Vulnerability to embed malicious code encoded in base64 in comments

WordPress 3.5 and below has a vulnerability that makes it easy to embed malicious code in comments, and this vulnerability is very famous. Are there multiple unintelligible string comments in your WordPress?

If such a large number of comments are generated, it is necessary to be careful because there is a possibility of a hacker attack using this vulnerability.

Use the pingbuck function as a springboard for DDos attacks

Pingbuck is a function to notify that another blog is linked from your blog.
WordPress 3.5 and below versions are vulnerable to using this feature to deliver notifications to hackers where they want.

This can be a stepping stone for DDos attacks. Has the server been accessed abnormally when you check the server log? In this case, it may be a stepping stone for DDos attacks and spam emails.

We ’ve discussed the most dangerous vulnerabilities here, but the other vulnerability lists are Published here . Please check if you are interested.

Comments are closed.