Vulnerabilities
Vulnerabilities
In January 2007, many high profile Search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring Adsense were targeted and attacked with a WordPress exploit.[9]
A separate vulnerability on one of the project site’s web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.[10]
In May 2007, a study revealed that 98% of WordPress blogs being run are exploitable.[11]
In a June 2007 interview, Stefen Esser, the founder of the PHP Security Response Team, spoke critically of WordPress’s security track record, citing problems with the application’s architecture that make it unnecessarily difficult to write code that is secure against SQL injection vulnerabilities, as well as other problems.[12]