Development of Nuclei Templates for Security Vulnerabilities Detection in WordPress

Main Article Content

Nguyen Quang Dung

Abstract

Nowadays, WordPress has become a widely used content management system (CMS) due to its accessibility, attractive interface, and high customizability. This popularity has also made WordPress a prime target for cyberattacks exploiting vulnerabilities in its core system or related themes and plugins. Therefore, WordPress application security is always a concern for programmers and users. A variety of application security scanning tools have been developed and can be used to scan for WordPress security vulnerabilities, among which Nuclei stands out for its easy and flexible extensibility. Each template in Nuclei acts as a plugin that enables Nuclei to execute and detect a security vulnerability. The templates are developed in a declarative programming manner.


This thesis develops several templates for Nuclei to scan for WordPress security vulnerabilities. After an overview of WordPress and Nuclei, the thesis focuses on WordPress-related vulnerabilities, CVEs, and the development of templates to detect these vulnerabilities and CVEs. These templates were tested in a local environment, demonstrating 100% effectiveness in identifying targeted vulnerabilities. They have since been published for public use, contributing to the broader cybersecurity community in enhancing WordPress application security. This thesis develops several templates for Nuclei to scan for WordPress security vulnerabilities. After an overview of WordPress and Nuclei, the thesis focuses on WordPress-related vulnerabilities, CVEs and the development of templates to detect these vulnerabilities and CVEs.

Article Details

Section
Articles