Identifying WordPress Vulnerabilities-WPScan-II


In the last blog we were discussed about Exploring WordPress Vulnerabilities using WPScan and how a scanning perform to identifying WordPress vulnerable themes,plugins,users etc. 

 

This time we explore the risks that WPScan can identify and some of the reporting methods offered by the WPScan team.

 Firstly we can focus the symbols that can display on a WPScan result.


        [!] - specific component of a site is being vulnerable to exploitation

        [!] - Warning

        [i] - Informational

        [+] - Sections

        [*] - chapter xyz(No color,bold) 

        [?] -Question/ Interaction

As you can see red color symbol  is dangerous, because it is refers to a specific component of a site being vulnerable to exploitation.

Normally  WPScan shows number of identified vulnerabilities in the scan result.

 

We can use that to verify our site contain vulnerable components.

All right.Now we know the result background.Let's examine some examples to identify vulnerabilities.

In this example you can see red color [!] alert which specify components that can being vulnerable.

This time WPScan identified two vulnerabilities in the Yoast SEO plugin.

First one is for "Authenticated Race Condition" and according to the changelog, "Race Condition which leads to command execution, by users with SEO Manager roles." According to WPScan database this issue was fixed in 9.2.

Second one is for "Authenticated Stored XSS" and it is describe vulnerability in Cross-Site Scripting.