Beruflich Dokumente
Kultur Dokumente
Md. Maruf Hassan Touhid Bhuiyan Saikat Biswas Md. Hasan Sharif
Daffodil International University, Daffodil International University, Daffodil International University Daffodil International
Dhaka, Bangladesh Dhaka, Bangladesh Dhaka, Bangladesh University, Dhaka, Bangladesh
maruf.swe@diu.edu.bd t.bhuiyan@daffodilvarsity.edu.bd saikatbiswas440@gmail.com hasan543@diu.edu.bd
AbstractGiven the increasing need of clients for web In a recent research, the most popular WordPress CMS has
applications, the use of content management systems (CMS) is on been found to contain a vulnerability called WordPress content
the rise. Nowadays, the most popular CMS is WordPress. Almost injection vulnerability. In our study, we develop a detection
32% of all CMS applications are developed in WordPress. tool that will help detect this vulnerability. In this paper, we
However, in a recent study, versions 4.7.0 and 4.7.1 of the briefly discus the WordPress content injection vulnerability and
WordPress CMS have shown to have a vulnerability called
WordPress content injection vulnerability [1][2] This paper aims
its detection techniques, besides providing preventive
to discuss the WordPress content injection vulnerability and measures.
provide a detection system to identify this vulnerability using This paper is structured into eight sections. Section 2 contains
preventive techniques that help to keep the web application user a literature review. Section 3 gives a background to the
more secure. In our research, we study almost 200 CMS web WordPress content injection vulnerability and its impact on
applications and find most of these applications to be vulnerable websites. After developing the detection tools, we provide the
owing to a default vulnerable page and fewer updated versions. detection process in Section 4. Using the tools, we collect data
To help avoid this vulnerability, we provide tools that can detect and perform data analysis in Section 5. The causes of the
this vulnerability. Based on our research, we develop a tool that
content injection vulnerability and the various preventive
detects the WordPress content injection vulnerability and provide
preventive techniques. techniques are provided in Section 6. The conclusion of the
research is provided in Section 7. Finally, Section 8 provides
KeywordsWordPress content injection vulnerability; CMS; outlook for future research.
Detection Tools; prevention
B. Version-based Analysis:
In our analysis, we found that 106 vulnerable websites had
Graph 03: Levels of risk caused by WordPress content
WordPress version 4.7.0 and 71 websites had version 4.7.1.
injection vulnerability
This is the result we got from our research, but this ratio can
vary in other cases. Therefore, we have to take proper
measures to be safe from this vulnerability. D. Access-based Result:
We found 140 vulnerable websites with specific access to a
page or post. On the other hand, we were able to get full
access in 37 web applications.