{"id":1713,"date":"2013-06-20T15:20:49","date_gmt":"2013-06-20T21:20:49","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=1713"},"modified":"2013-06-20T15:20:49","modified_gmt":"2013-06-20T21:20:49","slug":"checkmarx-website-running-outdated-and-insecure-version-of-wordpress","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2013\/06\/20\/checkmarx-website-running-outdated-and-insecure-version-of-wordpress\/","title":{"rendered":"Checkmarx Website Running Outdated and Insecure Version of WordPress"},"content":{"rendered":"<p>In yet another sad sign of how bad internet security is these days, a security company named Checkmarx released findings on <a href=\"http:\/\/www.checkmarx.com\/wp-content\/uploads\/2013\/06\/The-Security-State-of-WordPress-Top-50-Plugins3.pdf\">security vulnerabilities in WordPress plugins (PDF)<\/a> while running their own website on an outdated an insecure version of WordPress:<\/p>\n<p><a href=\"https:\/\/www.whitefirdesign.com\/wordpress-version-check\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1714\" alt=\"Checkmarx Website is Running WordPress 3.4.1\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2013\/06\/checkmarx-website-wordpress-version.png.png\" width=\"500\" height=\"150\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2013\/06\/checkmarx-website-wordpress-version.png.png 500w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2013\/06\/checkmarx-website-wordpress-version.png-300x90.png 300w\" sizes=\"auto, (max-width: 500px) 85vw, 500px\" \/><\/a><\/p>\n<p>Checkmarx has failed to apply the last two security update releases of WordPress. <a href=\"http:\/\/wordpress.org\/news\/2012\/09\/wordpress-3-4-2\/\">WordPress 3.4.1<\/a>, which was release in September of 2012, and <a href=\"http:\/\/wordpress.org\/news\/2013\/01\/wordpress-3-5-1\/\">WordPress 3.5.1<\/a>, which was released in January.<\/p>\n<p>In their report one of their recommendations is keeping plugins up to date:<\/p>\n<blockquote><p><strong>3. Ensure all your plugins are up to date<\/strong><br \/>\nDo not ignore all those notification emails of an upgraded plugin version. You can even use a<br \/>\npurposeful WordPress plugin that notifies admins on updates to other installed plugins.<br \/>\nThere are also third party services which provide a plugin update notification and<br \/>\nmanagement offering.<\/p><\/blockquote>\n<p>How is it that security companies that seem to understand <a href=\"http:\/\/www.whitefirdesign.com\/resources\/secure-your-website-from-hackers.html\">basic security practices<\/a> fail to take them with their own websites?<\/p>\n<p>Also, on Checkmarx&#8217;s website they tout they are a member of the Open Web Application Security Project (OWASP), which we recently noted also<a title=\"OWASP Website Running Outdated and Insecure Version of MediaWiki\" href=\"http:\/\/www.whitefirdesign.com\/blog\/2013\/04\/19\/owasp-website-running-outdated-and-insecure-version-of-mediawiki\/\"> runs their website on outdated and insecure software<\/a>.<\/p>\n<h2>Another Security Recommendation for WordPress Plugins<\/h2>\n<p>Checkmarx&#8217;s report is missing one important step that should be taken related to security of WordPress plugins. Currently if a plugin in the WordPress.org Plugin Directory is found to have a security vulnerability and it is not fixed the plugin is removed from the Plugin Directory. Unfortunately anyone who is already using the plugin is not provided any alert that the plugin is known to be insecure. We have been <a href=\"http:\/\/www.whitefirdesign.com\/blog\/2012\/07\/02\/should-wordpress-alert-for-installed-plugins-with-known-vulnerabilities\/\">pushing for this situation to be handled properly for some time<\/a>. Until an alert is added in WordPress itself, you can get a more limited version of this functionality using our <a href=\"http:\/\/wordpress.org\/extend\/plugins\/no-longer-in-directory\/\">No Longer in Directory plugin<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In yet another sad sign of how bad internet security is these days, a security company named Checkmarx released findings on security vulnerabilities in WordPress plugins (PDF) while running their own website on an outdated an insecure version of WordPress: Checkmarx has failed to apply the last two security update releases of WordPress. WordPress 3.4.1, &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2013\/06\/20\/checkmarx-website-running-outdated-and-insecure-version-of-wordpress\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Checkmarx Website Running Outdated and Insecure Version of WordPress&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,35,32],"tags":[],"class_list":["post-1713","post","type-post","status-publish","format-standard","hentry","category-bad-security","category-outdated-web-software","category-wordpress-plugins"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/1713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=1713"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/1713\/revisions"}],"predecessor-version":[{"id":1716,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/1713\/revisions\/1716"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=1713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=1713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=1713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}