WordPress Penetration test | WordPress.org

BenRacicot
(@benracicot)

8 years, 9 months ago

I have been making the case to move from Joomla/ModX to WordPress for my company’s main website rebuild. However they are extremely security conscious and have challenged me to build out a base WP installation along side the local (WAMP) built intranet and lock it down the best I can. They will then attack the installation with enterprise level penetration testing software. Such tools as kali.org have been named…

I’m looking for any and all advice in how to fight back to prove WP a winner in secure CMS’s.

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter BenRacicot
(@benracicot)

8 years, 9 months ago

I have installed WP locally via WAMP and am finding a possible XSS vulnerability with ZAP. On pages with http://website/?page_id=4-2 on a local installation I’m getting the warning that the original page content is modified with this 4-2 parameter. Any insight from WP devs would be great! Thanks.

Thread Starter BenRacicot
(@benracicot)

8 years, 9 months ago

It seems that when permalinks are set to Day and name and cookies are not hardened with httponly a possible XSS vulnerability may exist where content may be manipulated via 4-2 parameter in the URL.

*ZAP reports that content on a page has been changed from the original when a 4-2 parameter is placed in the URL.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘WordPress Penetration test’ is closed to new replies.

In: Plugins
2 replies
1 participant
Last reply from: BenRacicot
Last activity: 8 years, 9 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics