New QIDs for Identifying Content Management Systems (CMS) and Plugins

Document created by Dave Ferguson Employee on Dec 4, 2017Last modified by Dave Ferguson Employee on Dec 5, 2017
Version 2Show Document
  • View in full screen mode

A Content Management System (CMS) is a platform for quickly creating and deploying web applications.  Three of the most popular CMSs are WordPress, Joomla, and Drupal.  Many third-party plugins that provide various useful capabilities are available for these CMSs as well.  Unfortunately, these platforms and plugins have historically been full of security holes and there's little sign of that slowing down for either WordPress, Joomla, or Drupal.  


One thing we heard from multiple WAS customers was that they had no good way of knowing which CMSs were running across their enterprise.  This becomes a big problem when a security advisory is published about a severe vulnerability in (for example) WordPress itself or a popular WordPress plugin.  The security team needs to know if that vulnerable version of WordPress or the plugin is running anywhere in their environment so they can quickly get it patched.


To help our customers in this scenario, WAS engine 4.4 includes new informational QIDs to identify and report if WordPress, Joomla, or Drupal versions are found on the target web application during a scan. Additional QIDs are provided to report when various CMS plugins are found on the scanned web app.  WAS does not provide information about specific vulnerabilities that may be present, only the name & version number of the CMS and/or CMS plugins that were found.  Nevertheless, this goes a long way toward solving the problem according to our customers.


The following informational QIDs are now used to report when a particular CMS is found on the target web app.


  • QID 150177 - WordPress CMS Version Detected
  • QID 150182 - Joomla CMS Version Detected
  • QID 150183 - Drupal CMS Version Detected


The following informational QIDs are for reporting when a CMS plugin is detected on the target web app:


  • QID 150184 - WordPress Plugins Detected
  • QID 150185 - Joomla Plugins Detected
  • QID 150186 - Drupal Plugins Detected

If your organization's entire web application portfolio is being scanned with Qualys WAS on a regular basis as recommended, you now have quick access to vital information regarding your exposure to various CMS instances.  You don't need to view individual scan reports.  Simply navigate to the Detections area of WAS and search on one of the QIDs above.  All instances where that CMS was detected will be returned, allowing you to take appropriate action.


Note these new QIDs are informational in nature and would therefore be reported for discovery scans as well as vulnerability scans, assuming the QIDs are enabled in the option profile.