Wordpress Security: CVE Vulnerabilities
Common Vulnerabilities and Exposures (CVE) represent a reference point for the identification of security vulnerabilities. Each vulnerability or exposure is assigned a unique identifier (CVE-ID), thus facilitating security management and the comparison of different security tools that address the same issues.
To help you interpret the CVE vulnerability report that we have sent you, we provide the following guide. This report contains critical information for the security of your WordPress website and will help you take action to protect it.
- Server name: This is the unique identifier of your server where the vulnerability was found. It is useful if you manage multiple servers.
- Domain: Indicates the domain name affected by the vulnerability.
- Path: Shows the specific location within your domain where the vulnerability was detected. This can be useful for identifying affected plugins or themes.
- CVE Code: This is the unique identifier assigned to the known vulnerability. You can use this code to search for more details online.
- Score: Represents the severity of the vulnerability on a scale from 1 to 10. A higher score indicates a greater urgency to take corrective action.
- Risk: This field classifies the vulnerability risk level as Low, Medium, or High, helping you prioritize the actions to take.
- Description: Provides a default summary of the vulnerability to help you understand the issue.
- CVE Link: Contains an external link where you can find more detailed information about the vulnerability.
- Current Version: Shows the version of the plugin, theme, or WordPress core that you are using and that contains the vulnerability.
- Fixed Version: Indicates the version in which the vulnerability has been fixed. You should update to this version or a later one to mitigate the risk.
Example .csv file:
In some cases, a large number of hosting accounts with vulnerabilities may be detected, which can make a complete review of all cases difficult. In this situation, we recommend creating a pivot table in the .csv file to view the data in a more visual way.
If you are using Microsoft Excel, to create a pivot table, you only need to select all the cells containing information, then go to “Insert” and click on “Pivot Table”:
Next, you will be asked to confirm the data for the new pivot table before creating it. You can choose to create it in a new worksheet or an existing one:
When you click ‘Accept’, the pivot table will be created in the worksheet you selected and will allow you to add filters to display the data you want:
From here, you can select which field the table should filter by. If you want to count the TOTAL number of vulnerabilities detected by domain, we recommend keeping the fields shown in the previous screenshot selected, with the ‘CVE Code’ in ‘Values’ as shown in the image. You only need to drag the field into the corresponding section, and the table will count that value. Example of the pivot table result:
If you do not have Microsoft Excel, which requires a license to use, below we explain how to create the pivot table in LibreOffice.
Select the tables you want to include in the pivot table (we recommend selecting all tables that contain any information) and click on “Insert” and then “Pivot Table”:
When you click there, you will be asked to confirm the data before creating the table. If all the data is correct, click “OK” to continue:
Next, you will be asked to enter the fields you want to use to create this pivot table. As with the instructions provided for Microsoft Excel, if you want to count the TOTAL number of vulnerabilities detected in domains and their paths, we recommend dragging the fields shown below, with the ‘CVE Code’ in the ‘Data Field’ section and the ‘Row Fields’ as shown in the image. You only need to drag the field to the appropriate section:
When placing the ‘CVE Code’ in the ‘Data Field’, LibreOffice automatically assigns the ‘Sum’ function because it is usually used to dynamically add numbers. Since this is a value that we do not want to sum but rather count, you must double-click on that same option, that is, double-click on “Sum – CVE Code” shown in the previous screenshot:
When you do so, a window will open allowing you to edit the function of the data field. Here, you must select the second option, “Count”, and click “OK”:
You will return to the previous window, but from there you can verify that the ‘Data Fields’ area already has the Count function assigned. Once this change has been made, you can click OK to proceed with creating the table. Below is an example of a pivot table created in LibreOffice:
If you need assistance performing these updates or if you prefer our team of experts to take care of your website's security, we invite you to hire our specialized WordPress consulting service. We Update Your WordPress
Related Articles
How to view security warnings
From our control panel, you can directly access the "Security Alerts" section to monitor detected vulnerabilities in your hostings. This section provides you with a detailed overview of the most recent vulnerabilities affecting your WordPress ...Plugins to increase the security of our Wordpress
Many plugins/themes and even outdated versions of WordPress may contain security vulnerabilities in their own code, which can allow malicious code to be injected into WordPress files. You can significantly increase your WordPress security by ...How to update WordPress, Plugins and Themes
Keeping WordPress up to date, along with its plugins and themes, is crucial to ensure the security, stability, and performance of your website. Frequent updates help protect your site against security vulnerabilities, fix bugs, and add new features ...How to set up Sucuri plugin for Wordpress
Sucuri is a powerful security plugin specifically designed for WordPress websites. It provides comprehensive protection against online threats such as malware, brute-force attacks, code injection, and more. Additionally, it includes a Web Application ...We update your Wordpress
Do you want to update your WordPress and don’t know how? Are you not sure whether your WordPress needs to be updated? At cdmon we offer an update service that can help you update your WordPress to the latest version. What actions will the cdmon team ...