The Short History of Unauthenticated Site Options Update Vulnerabilities

Robert Rowley

Over recent years Pagely’s security team noticed a trend in WordPress related attacks targeting unauthenticated changes to a WordPress website's options table. The attack is specific to WordPress, but in its boiled down essence, this vulnerability would fall under Broken Access Controls/Elevation of Privilege (OWASP Top 10, 2017 A5). In laypersons terms: the application lacks proper authorization checks before performing a sensitive action. Over the course of the year, reports…

Read the full article.

New posts to your inbox.