via pluginvulnerabilities.com => original post link
A recent SecurityWeek headline claimed that a Ferrari website was put at risk by a WordPress plugin: “WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers”. While a WordPress plugin was involved, it shouldn’t have been the focus of the headline. Instead, a failure by Ferrari to do basic security was the real cause of the issue.
The body of the story gets closer to the truth as it says that the vulnerable Ferrari website was “running a very old version” of the vulnerable plugin in question. How old? It doesn’t say. The closest it gets to that is mentioning a CVE id, CVE-2019-6715, which suggests this might be a vulnerability from 2019. The CVE record says that the vulnerability impacts versions “before 0.9.4”. Version 0.9.4 of the plugin was released on April 4, 2014. So Ferrari hadn’t updated the plugin in nine years. [Read more]