{"id":"https://openalex.org/W4400823912","doi":"https://doi.org/10.3390/fi16070256","title":"Behind the Code: Identifying Zero-Day Exploits in WordPress","display_name":"Behind the Code: Identifying Zero-Day Exploits in WordPress","publication_year":2024,"publication_date":"2024-07-19","ids":{"openalex":"https://openalex.org/W4400823912","doi":"https://doi.org/10.3390/fi16070256"},"language":"en","primary_location":{"id":"doi:10.3390/fi16070256","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi16070256","pdf_url":"https://www.mdpi.com/1999-5903/16/7/256/pdf?version=1721376022","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1999-5903/16/7/256/pdf?version=1721376022","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104826675","display_name":"Mohamed Azarudheen Mohamed Mohideen","orcid":null},"institutions":[{"id":"https://openalex.org/I22128151","display_name":"University of Derby","ror":"https://ror.org/02yhrrk59","country_code":"GB","type":"education","lineage":["https://openalex.org/I22128151"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Mohamed Azarudheen Mohamed Mohideen","raw_affiliation_strings":["School of Computing, University of Derby, Derby DE22 3AW, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, University of Derby, Derby DE22 3AW, UK","institution_ids":["https://openalex.org/I22128151"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032997531","display_name":"Muhammad Shahroz Nadeem","orcid":"https://orcid.org/0000-0001-5835-1602"},"institutions":[{"id":"https://openalex.org/I127165138","display_name":"University of Suffolk","ror":"https://ror.org/01cy0sz82","country_code":"GB","type":"education","lineage":["https://openalex.org/I127165138"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Muhammad Shahroz Nadeem","raw_affiliation_strings":["School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK"],"affiliations":[{"raw_affiliation_string":"School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK","institution_ids":["https://openalex.org/I127165138"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016782027","display_name":"James Hardy","orcid":"https://orcid.org/0000-0003-1696-101X"},"institutions":[{"id":"https://openalex.org/I22128151","display_name":"University of Derby","ror":"https://ror.org/02yhrrk59","country_code":"GB","type":"education","lineage":["https://openalex.org/I22128151"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"James Hardy","raw_affiliation_strings":["School of Computing, University of Derby, Derby DE22 3AW, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, University of Derby, Derby DE22 3AW, UK","institution_ids":["https://openalex.org/I22128151"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062718924","display_name":"Haider Ali","orcid":"https://orcid.org/0000-0002-2165-7701"},"institutions":[{"id":"https://openalex.org/I22128151","display_name":"University of Derby","ror":"https://ror.org/02yhrrk59","country_code":"GB","type":"education","lineage":["https://openalex.org/I22128151"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Haider Ali","raw_affiliation_strings":["School of Computing, University of Derby, Derby DE22 3AW, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, University of Derby, Derby DE22 3AW, UK","institution_ids":["https://openalex.org/I22128151"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044589602","display_name":"Umair Ullah Tariq","orcid":"https://orcid.org/0000-0001-8574-8031"},"institutions":[{"id":"https://openalex.org/I74899385","display_name":"Central Queensland University","ror":"https://ror.org/023q4bk22","country_code":"AU","type":"education","lineage":["https://openalex.org/I74899385"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Umair Ullah Tariq","raw_affiliation_strings":["School of Engineering and Technology, Central Queensland University, Rockhampton, QLD 4701, Australia"],"affiliations":[{"raw_affiliation_string":"School of Engineering and Technology, Central Queensland University, Rockhampton, QLD 4701, Australia","institution_ids":["https://openalex.org/I74899385"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087242242","display_name":"Fariza Sabrina","orcid":"https://orcid.org/0000-0002-8455-2499"},"institutions":[{"id":"https://openalex.org/I74899385","display_name":"Central Queensland University","ror":"https://ror.org/023q4bk22","country_code":"AU","type":"education","lineage":["https://openalex.org/I74899385"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Fariza Sabrina","raw_affiliation_strings":["School of Engineering and Technology, Central Queensland University, Rockhampton, QLD 4701, Australia"],"affiliations":[{"raw_affiliation_string":"School of Engineering and Technology, Central Queensland University, Rockhampton, QLD 4701, Australia","institution_ids":["https://openalex.org/I74899385"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103052744","display_name":"Muhammad Waqar","orcid":"https://orcid.org/0009-0007-5882-6541"},"institutions":[{"id":"https://openalex.org/I127165138","display_name":"University of Suffolk","ror":"https://ror.org/01cy0sz82","country_code":"GB","type":"education","lineage":["https://openalex.org/I127165138"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Muhammad Waqar","raw_affiliation_strings":["School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK"],"affiliations":[{"raw_affiliation_string":"School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK","institution_ids":["https://openalex.org/I127165138"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049447247","display_name":"Salman Ahmed","orcid":"https://orcid.org/0000-0003-0290-5367"},"institutions":[{"id":"https://openalex.org/I127165138","display_name":"University of Suffolk","ror":"https://ror.org/01cy0sz82","country_code":"GB","type":"education","lineage":["https://openalex.org/I127165138"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Salman Ahmed","raw_affiliation_strings":["School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK"],"affiliations":[{"raw_affiliation_string":"School of Technology, Business and Arts, University of Suffolk, Ipswich IP4 1QJ, UK","institution_ids":["https://openalex.org/I127165138"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5044589602"],"corresponding_institution_ids":["https://openalex.org/I74899385"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":2.3933,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.89266424,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"16","issue":"7","first_page":"256","last_page":"256"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8873279094696045},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8153924942016602},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6442093849182129},{"id":"https://openalex.org/keywords/zero","display_name":"Zero (linguistics)","score":0.5248558521270752},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.36314430832862854},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2498173713684082},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.12090614438056946}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8873279094696045},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8153924942016602},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6442093849182129},{"id":"https://openalex.org/C2780813799","wikidata":"https://www.wikidata.org/wiki/Q3274237","display_name":"Zero (linguistics)","level":2,"score":0.5248558521270752},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.36314430832862854},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2498173713684082},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.12090614438056946},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.3390/fi16070256","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi16070256","pdf_url":"https://www.mdpi.com/1999-5903/16/7/256/pdf?version=1721376022","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:publications/3daad62b-4844-4ab7-8212-2f1d002a6235","is_oa":true,"landing_page_url":"https://research.edgehill.ac.uk/en/publications/3daad62b-4844-4ab7-8212-2f1d002a6235","pdf_url":null,"source":{"id":"https://openalex.org/S4306402462","display_name":"Edge Hill University Research Information Repository (Edge Hill University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I165525304","host_organization_name":"Edge Hill University","host_organization_lineage":["https://openalex.org/I165525304"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Mohideen, M A M, Nadeem, M S, Hardy, J, Ali, H, Tariq, U U, Sabrina, F, Waqar, M & Ahmed, S 2024, 'Behind the Code: Identifying Zero-Day Exploits in WordPress', Future Internet, vol. 16, no. 7, 256, pp. 1-22. https://doi.org/10.3390/fi16070256","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:pure.atira.dk:publications/95e98faa-a204-4b85-a56e-5ae8b09e5bd1","is_oa":true,"landing_page_url":"https://pure.ulster.ac.uk/en/publications/95e98faa-a204-4b85-a56e-5ae8b09e5bd1","pdf_url":"https://pure.ulster.ac.uk/en/publications/95e98faa-a204-4b85-a56e-5ae8b09e5bd1","source":{"id":"https://openalex.org/S4306402454","display_name":"Ulster University Research Portal (Ulster University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I138801177","host_organization_name":"University of Ulster","host_organization_lineage":["https://openalex.org/I138801177"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Mohamed Mohideen , M A , Nadeem , M S , Hardy , J , Ali , H , Tariq , U U , Sabrina , F , Waqar , M &amp; Ahmed , S 2024 , ' Behind the Code: Identifying Zero-Day Exploits in WordPress ' , Future Internet , vol. 16 , no. 7 , 256 , pp. 1-22 . https://doi.org/10.3390/fi16070256","raw_type":"article"},{"id":"pmh:oai:doaj.org/article:2078f6d7face4f96a04e725d680db577","is_oa":true,"landing_page_url":"https://doaj.org/article/2078f6d7face4f96a04e725d680db577","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Future Internet, Vol 16, Iss 7, p 256 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/fi16070256","is_oa":true,"landing_page_url":"https://doi.org/10.3390/fi16070256","pdf_url":"https://www.mdpi.com/1999-5903/16/7/256/pdf?version=1721376022","source":{"id":"https://openalex.org/S34838331","display_name":"Future Internet","issn_l":"1999-5903","issn":["1999-5903"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Future Internet","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.47999998927116394,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4400823912.pdf"},"referenced_works_count":54,"referenced_works":["https://openalex.org/W1577117059","https://openalex.org/W1679074130","https://openalex.org/W1966809779","https://openalex.org/W2007087405","https://openalex.org/W2011778831","https://openalex.org/W2065890363","https://openalex.org/W2079215333","https://openalex.org/W2109540106","https://openalex.org/W2145027384","https://openalex.org/W2156835762","https://openalex.org/W2167240430","https://openalex.org/W2204102791","https://openalex.org/W2251985815","https://openalex.org/W2292865721","https://openalex.org/W2342408547","https://openalex.org/W2558017483","https://openalex.org/W2565165293","https://openalex.org/W2806377938","https://openalex.org/W2892237651","https://openalex.org/W2914849297","https://openalex.org/W2945870337","https://openalex.org/W2958285686","https://openalex.org/W2965363108","https://openalex.org/W3035999996","https://openalex.org/W3092771185","https://openalex.org/W3093836561","https://openalex.org/W3104241163","https://openalex.org/W3147362533","https://openalex.org/W3153580016","https://openalex.org/W3160628736","https://openalex.org/W3196703627","https://openalex.org/W3209469313","https://openalex.org/W3216519235","https://openalex.org/W4210556785","https://openalex.org/W4210607476","https://openalex.org/W4239529196","https://openalex.org/W4293057307","https://openalex.org/W4293176456","https://openalex.org/W4308113102","https://openalex.org/W4309939034","https://openalex.org/W4310206563","https://openalex.org/W4312266446","https://openalex.org/W4312364151","https://openalex.org/W4315853008","https://openalex.org/W4319594869","https://openalex.org/W4327741033","https://openalex.org/W4386777463","https://openalex.org/W4387491243","https://openalex.org/W4394791261","https://openalex.org/W6638491240","https://openalex.org/W6730865722","https://openalex.org/W6794731373","https://openalex.org/W6842264631","https://openalex.org/W6864257187"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4312814274","https://openalex.org/W4285370786","https://openalex.org/W2296488620"],"abstract_inverted_index":{"The":[0,211],"rising":[1],"awareness":[2],"of":[3,13,94,125,152,166,176,214,253],"cybersecurity":[4],"among":[5],"governments":[6],"and":[7,104,115,179,216,222,236,240,265,283,288],"the":[8,11,39,116,126,131,150,164,184,205,229,250,270,279],"public":[9,40],"underscores":[10],"importance":[12,252],"effectively":[14],"managing":[15],"security":[16,54,255,263,291],"incidents,":[17],"especially":[18,70],"zero-day":[19,28,90,274],"attacks":[20,29],"that":[21,37,147,157],"exploit":[22,35],"previously":[23,88],"unknown":[24,89],"software":[25],"vulnerabilities.":[26,210,275],"These":[27],"are":[30,43,79],"particularly":[31],"challenging":[32],"because":[33],"they":[34,120],"flaws":[36],"neither":[38],"nor":[41],"developers":[42,282],"aware":[44],"of.":[45],"In":[46],"our":[47],"study,":[48],"we":[49,101,144,188],"focused":[50],"on":[51],"dynamic":[52],"application":[53],"testing":[55,86],"(DAST)":[56],"to":[57,139,196,268,285,293],"investigate":[58],"cross-site":[59],"scripting":[60],"(XSS)":[61],"attacks.":[62,84],"We":[63,162],"closely":[64],"examined":[65],"23":[66],"popular":[67],"WordPress":[68],"plugins,":[69],"those":[71],"requiring":[72],"user":[73,181,201,234],"or":[74],"admin":[75],"interactions,":[76],"as":[77,258],"these":[78,95,107,167,209,220],"frequent":[80],"targets":[81],"for":[82,133,149,228,233,242,281],"XSS":[83,108],"Our":[85,247],"uncovered":[87],"vulnerabilities":[91,146,168,221],"in":[92],"three":[93],"plugins.":[96,186],"Through":[97],"controlled":[98],"environment":[99],"testing,":[100,264],"accurately":[102],"identified":[103],"thoroughly":[105],"analyzed":[106],"vulnerabilities,":[109],"revealing":[110],"their":[111],"mechanisms,":[112],"potential":[113,132],"impacts,":[114],"conditions":[117],"under":[118],"which":[119,136],"could":[121,137],"be":[122,197],"exploited.":[123],"One":[124],"most":[127],"concerning":[128],"findings":[129],"was":[130],"admin-side":[134],"attacks,":[135],"lead":[138],"multi-site":[140],"insider":[141],"threats.":[142,297],"Specifically,":[143],"found":[145],"allow":[148],"insertion":[151],"malicious":[153],"scripts,":[154],"creating":[155],"backdoors":[156],"unauthorized":[158],"users":[159],"can":[160],"exploit.":[161],"demonstrated":[163],"severity":[165],"by":[169,208,273],"employing":[170],"a":[171,190],"keylogger-based":[172],"attack":[173],"vector":[174],"capable":[175],"silently":[177],"capturing":[178],"extracting":[180],"data":[182],"from":[183],"compromised":[185],"Additionally,":[187],"tested":[189],"zero-click":[191],"download":[192],"strategy,":[193],"allowing":[194],"malware":[195],"delivered":[198],"without":[199],"any":[200],"interaction,":[202],"further":[203],"highlighting":[204],"risks":[206,271],"posed":[207,272],"National":[212],"Institute":[213],"Standards":[215],"Technology":[217],"(NIST)":[218],"recognized":[219],"assigned":[223],"them":[224],"CVE":[225],"numbers:":[226],"CVE-2023-5119":[227],"Forminator":[230],"plugin,":[231],"CVE-2023-5228":[232],"registration":[235],"contact":[237],"form":[238],"issues,":[239],"CVE-2023-5955":[241],"another":[243],"critical":[244,251],"plugin":[245],"flaw.":[246],"study":[248],"emphasizes":[249],"proactive":[254],"measures,":[256],"such":[257],"rigorous":[259],"input":[260],"validation,":[261],"regular":[262],"timely":[266],"updates,":[267],"mitigate":[269],"It":[276],"also":[277],"highlights":[278],"need":[280],"administrators":[284],"stay":[286],"vigilant":[287],"adopt":[289],"strong":[290],"practices":[292],"defend":[294],"against":[295],"evolving":[296]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2024-07-20T00:00:00"}