Home / Web Security / Vulnerable WordPress
High Severity

🟠 Vulnerable WordPress / CMS

CWECWE-1104: Using Outdated Components
OWASPA06:2021 Security Misconfiguration

🧠 Description

WordPress or other CMS is outdated, has vulnerable plugins/themes, or uses default credentials. This is one of the most common attack vectors for web applications.

Impact: Full Site Compromise, Backdoors, Defacement, Data Theft

🔍 Detection / Tools

wpscan --url target --enumerate vp
/wp-admin/ (admin panel)
/wp-content/plugins/
/readme.html (version info)

🛡️ Mitigation

✅ Keep WordPress core updated

✅ Update all plugins/themes

✅ Remove unused plugins

✅ Use strong admin passwords

✅ Implement WAF
Back to Web Security