via wpwhitesecurity.com => original post link
It’s pretty safe to say that all software has some kind of vulnerabilities. This does not necessarily mean that the software is bad or sub-standard – vulnerabilities can arise for all sorts of reasons – from failed QA processes to environmental incompatibilities or misconfigurations.
Vulnerabilities can be classified into two categories – known and unknown. Known vulnerabilities, such as XSS (Cross-site scripting) and SQL injection, are vulnerabilities that everyone knows of. Reputable software vendors will always check for these vulnerabilities and eliminate them during QA and testing processes.
On the other hand, unknown vulnerabilities are those vulnerabilities that are not known. These may be caused by bugs in the code or something in the environment. Thanks to WordPress having such a large user base, vulnerabilities don’t stay unknown for long. Once a vulnerability is discovered, it is called a zero-day vulnerability until a patch is released.