Wordpress Security: CVE Vulnerabilities
Common Vulnerabilities and Exposures (CVE) represent a reference point for identifying security vulnerabilities. Each vulnerability or exposure is assigned a unique identifier (CVE-ID), making it easier to manage security and compare different security tools that address the same issues.
To help you interpret the CVE vulnerability report we have sent you, we provide the following guide. This report contains critical information for the security of your WordPress website and will help you take action to protect it.
- Server name: This is the unique identifier of your server where the vulnerability was found. It is useful if you manage multiple servers.
- Domain: Indicates the domain name affected by the vulnerability.
- Path: Shows the specific location within your domain where the vulnerability was detected. This can help identify specific affected plugins or themes.
- CVE Code: This is the unique identifier assigned to the known vulnerability. You can use this code to search for more details online.
- Score: Represents the severity of the vulnerability on a scale from 1 to 10. A higher score indicates greater urgency to take corrective action.
- Risk: This field classifies the vulnerability’s risk level as Low, Medium, or High, helping you prioritize the actions to take.
- Description: Provides a predefined summary of the vulnerability to help you understand the issue.
- CVE Link: Contains an external link where you can find more detailed information about the vulnerability.
- Current version: Shows the version of the plugin, theme, or WordPress core you are using that contains the vulnerability.
- Fixed version: Indicates the version in which the vulnerability has been fixed. You must update to this version or a later one to mitigate the risk.
Example of a .csv file:
In some cases, a large number of hostings with vulnerabilities may be detected, which can make it difficult to review all cases thoroughly. In this situation, we recommend creating a pivot table in the .csv file to visualize the data more clearly.
If you are using Microsoft Excel, to create a pivot table, simply select all the cells containing information, go to “Insert” and click on “Pivot Table”:
You will then be asked to confirm the data for the new pivot table before creating it. You can choose to create it in a new worksheet or in an existing one:
When you click ‘Accept’, the pivot table will be created in the selected worksheet and will allow you to add filters to display the data you want:
From here, you can select which fields the table should filter by. If you want to count the TOTAL number of vulnerabilities detected per domain, we recommend keeping the fields shown in the previous screenshot, with the ‘CVE Code’ in ‘Values’ as shown in the image. Simply drag the field to the corresponding section and the table will count that value. Example of a pivot table result:
If you do not have Microsoft Excel, which requires a license, here is how to create a pivot table in LibreOffice:
Select the tables you want to add to the pivot table (we recommend selecting all tables containing any information) and click on “Insert” and “Pivot Table”:
After clicking, you will be asked to confirm the data before creating the table. If everything is correct, click “Accept” to continue:
Next, you will be asked to select the fields you want to use to create the pivot table. As with the Excel instructions above, if you want to count the TOTAL number of detected vulnerabilities in the domains and their paths, we recommend dragging the fields shown below, placing the ‘CVE Code’ in ‘Data Field’ and the corresponding fields in ‘Row Fields’ as shown in the image. Simply drag the field to the appropriate section:
When placing ‘CVE Code’ in the ‘Data Field’, LibreOffice automatically assigns the ‘Sum’ function, as it is commonly used to dynamically add numbers. Since we do not want to sum this value but rather count it, you must double-click that option, meaning double-click on “Sum – CVE Code” as shown in the previous screenshot:
A window will open to edit the function of our data field. Here, select the second option, “Count”, and click “OK”:
We will return to the previous window, where you can verify that the ‘Data Fields’ area now has the Count function assigned. Once this change is made, click OK to proceed with creating the table. Below is an example of a pivot table created in LibreOffice:
If you need assistance performing these updates or prefer our team of experts to handle your website’s security, we invite you to hire our specialized WordPress consulting service. We update your WordPress
Related Articles
How to view security warnings
From our control panel, you can directly access the "Security Alerts" section to monitor detected vulnerabilities in your hostings. This section provides you with a detailed overview of the most recent vulnerabilities affecting your WordPress ...How to update WordPress, Plugins and Themes
Keeping WordPress up to date, along with its plugins and themes, is crucial to ensure the security, stability, and performance of your website. Frequent updates help protect your site against security vulnerabilities, fix bugs, and add new features ...We update your Wordpress
Do you want to update your WordPress and don’t know how? Are you not sure whether your WordPress needs to be updated? At cdmon we offer an update service that can help you update your WordPress to the latest version. What actions will the cdmon team ...How to change the language in Wordpress
On many occasions, we want to modify the language of our Wordpress so that we can work more comfortablely or make any specific configuration. In the following guide we will show how to change the Wordpress language from the administrator: Once we ...How to activate the Application Security Firewall
In the cdmon control panel you can activate or deactivate the application Firewall and view the graph showing the neutralized attack attempts. To activate it, you must access the hosting management section, under 'Security', and enter the Firewall ...