Comment by khaki54

Comment by khaki54 2 days ago

0 replies

View on Hacker News

If you've ever looked at the admin panel of even a minor league, single page Wordpress site you'd probably recognize it as a major risk for any organization instantly. So many of the plugins look like spaghetti, with most you're trusting some random name to not be malicious. Unsurprisingly there are 60,000 CVE related to WP. I get that we all use a dozen node packages that we can't reasonably verify, but WP seems so much more wild west than that. I guess i's fine if you are a low value target, but a commercial CMS is not terribly expensive, and should be mandatory for any government org.