Comments on: Top WordPress sites vulnerable 6 wks after plugin patch released

By: yepi 10

yepi 10 — Sun, 28 Jul 2013 16:17:00 +0000

this information, I think I need they

By: Adam Seabrook

Adam Seabrook — Sat, 27 Jul 2013 00:43:00 +0000

In our search level engine we are still tracking 81,186 sites running vulnerable versions of W3 Total Cache https://meanpath.com/f/Eievp6

By: Kizi 10

Kizi 10 — Sat, 13 Jul 2013 13:51:00 +0000

I think so. I find that it is what in fact observed.

By: Robert Abela

Robert Abela — Thu, 13 Jun 2013 20:11:00 +0000

Very good analysis but not surprised! Every website we work on is typically running outdated software / applications / server software, and not talking about WordPress only.

By: Conor

Conor — Thu, 13 Jun 2013 17:11:00 +0000

Sure, why not do the update for them? You have access to their servers.

By: frank goossens (futtta)

frank goossens (futtta) — Thu, 13 Jun 2013 16:35:00 +0000

Checking for the readme-file and parsing out the version is pretty straigthforward for any plugin;
http://hackertarget.com/wp-content/plugins/w3-total-cache/readme.txt

By: madddddddddddd

madddddddddddd — Thu, 13 Jun 2013 16:32:00 +0000

In reply to Dan DeFelippi.

it isn’t entirely reliable for finding all vulnerable sites, but i highly doubt it includes any false positives… someone would have to update their site to send incorrect headers…

By: Dan DeFelippi

Dan DeFelippi — Thu, 13 Jun 2013 13:59:00 +0000

Checking for X-Powered-By isn’t entirely reliable. I turn it off on my sites. But it’s a good indicator of poorly or improperly configured sites which are more likely to be vulnerable.