Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Can Templates have Vulnerabilities?

  • Please log in to reply
1 reply to this topic

#1 WhightKnight


  • Members
  • 54 posts
  • Local time:02:53 PM

Posted 08 March 2013 - 02:53 PM

I am attempting to secure my website running WordPress on it. I am interested in keeping the website as secure as possible. To do this, I plan on updating WordPress as soon as new patches come out. I also plan on regularly updating modules because I know that they too can have vulnerabilities.


My question is do I have to worry about vulnerabilities within WordPress themes. Are there ways to exploit a website by holes in the coding of a specific type of template/theme?


Thank you.

BC AdBot (Login to Remove)


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,754 posts
  • Gender:Male
  • Local time:08:53 PM

Posted 08 March 2013 - 03:54 PM

WordPress Themes can contain code (.php files), thus in theory they can contain bugs that are vulnerabilities.


FYI: I host my blog (http://blog.didierstevens.com) on wordpress.com. It is free and I don't have to update it, Wordpress does that for me.

I do pay a yearly fee of around $30 to make my blog accessible via blog.didierstevens.com (otherwise it would be only accessible via didierstevens.wordpress.com).

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users