The Pagely Blog.Articles and insights covering topics of interest to our clients and the WordPress community.

The Short History of Unauthenticated Site Options Update Vulnerabilities

Robert Rowley

2019 is coming to an end. Over the last year Pagely’s security team noticed a trend in WordPress related attacks targeting unauthenticated changes to a WordPress website's options table. The attack is specific to WordPress, but in its boiled down essence, this vulnerability would fall under Broken Access Controls/Elevation of Privilege (OWASP Top 10, 2017 A5). In laypersons terms: the application lacks proper authorization checks before performing a sensitive action.…

Read the full article.

New posts to your inbox.

Opt-in to receive our newsletter.