WordPress and Drupal flaws found in 300+ UK website CMSes

More than 300 websites belonging to the UK's top 30 biggest companies contain vulnerabilities in their content management systems (CMS).

RiskIQ discovered that over 1,000 websites belonging to the top FTSE 30 companies are hosted on WordPress or Drupal. Vulnerabilities affecting these CMS platforms were found on 307 of the systems.

Using platforms containing flaws exposes businesses to the risk of having important sensitive information accessed and stolen, as CMSs are most often not given the attention they deserve. RiskIQ says, “In many cases they are not tier 1 applications set up and supported by central IT and this can all too often result in a set up and forget approach.”

Ben Harknet, VP of RiskIQ said, “Today's cyber-criminals research an organisation's digital footprint looking for the soft targets to exploit, and content management systems rank high on their list.”

The controversy with the Panama Papers influenced the firm to dig deeper as it's suspected that Mossack Fonseca's CMS, “riddled with unpatched vulnerabilities”, played a key role in the breach.

RiskIQ advises that companies should ensure that any CMS tool is regularly maintained and updated so it won't provide an easy way in for hackers.