The rapid growth of the internet over the past two decades has been accompaniedby a significant increase in cyberattacks, including ones targeting websites. Among thevast number of websites, approximately 50% are built using popular Content ManagementSystems (CMS) such as WordPress, Shopify, and Wix. Furthermore, websites created usingCMS platforms may be more attractive targets for attackers due to common frameworksand shared vulnerabilities. This study examines the prevalence of security vulnerabilitiesin the category "Vulnerable and Outdated Components" in these CMS-created websiteswith a focus on the WordPress CMS. From scanning one million of the largest websites,version information of WordPress and related extensions is collected and matched againstexploits in publicly available databases (exploit databases). The study finds that approxi-mately 65% of the WordPress websites are up-to-date, and that approximately 1.1% of thelargest websites running WordPress are susceptible to severe vulnerabilities to the Word-Press Core, and more to plugin vulnerabilities. The study also finds that 70% of all severepublic exploits both recently and historically spawn from 3 categories, including cross-sitescripting attacks, cross-site request forgery, and SQL injection. Based on the results gath-ered, a well-designed demonstration showcasing two vulnerabilities is develo
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-202569 |
| Date | January 2023 |
| Creators | Ekstam Ljusegren, Hannes |
| Publisher | Linköpings universitet, Institutionen för datavetenskap |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0021 seconds