Detection of Wordpress Content Injection Vulnerability
This addresses a critical security issue for web owners and businesses using WordPress, though it is incremental as it focuses on specific versions.
The paper tackled the detection of a content injection vulnerability in WordPress versions 4.7.0 and 4.7.1 by proposing a detection model and implementing a tool called SAISAN, which achieved 92% accuracy when tested on 176 web applications compared to manual testing.
The popularity of content management software (CMS) is growing vastly to the web developers and the business people because of its capacity for easy accessibility, manageability and usability of the distributed website contents. As per the statistics of Built with, 32% of the web applications are developed with WordPress(WP) among all other CMSs [1]. It is obvious that quite a good number of web applications were built with WP in version 4.7.0 and 4.7.1. A recent research reveals that content injection vulnerability was found available in the above two versions of WP [2]. Unauthorized content injection by an intruder in a CMS managed application is one of the serious problems for the business as well as for the web owner.Therefore, detection of the vulnerability becomes a critical issue for this time. In this paper, we have discussed about the root cause of WP content injection of the above versions and have also proposed a detection model for the given vulnerability. A tool, SAISAN has been implemented as per our anticipated model and conducted an examination on 176 WP developed web applications using SAISAN. We achieved the accuracy of 92% of the result of SAISAN as compared to manual black box testing outcome.