|
|
|
|
|
|
by BjornW
1692 days ago
|
|
|
There are multiple attack vectors I can think of, although most can be mitigated using other security measures. I don't want to rely on audits only off course. To give you an example: using the WordPress environment as a stepping stone to gain more access, running client-side software without out permission (stealing data from visitors, our resources e.g. crypto miners), defacement/fake-news, etc. |
|
|
In my experience, if you really want to make your infrastructure more secure, you need to explicitely define what it is you want to avoid.
Taking your first point: You say "using the WordPress environment as a stepping stone to gain more access". What type of stepping stone would this be? How can malicious JS on the WP instance escalate its privileges?