1 min read

Admins Never Patch Almost 30% of Critical Vulnerabilities in WordPress Plugins, Study Finds

Silviu STAHIE

March 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Admins Never Patch Almost 30% of Critical Vulnerabilities in WordPress Plugins, Study Finds

A large number of WordPress plugins never receive patches for critical vulnerabilities, leaving the numerous projects and websites that use them at risk of compromise by attackers, according to a new study.

WordPress plugins are essential for any project that aims to provide an optimal experience in the online marketplace. Websites and their backends are often enhanced with plugins, but new features and options also increase the attack surface, and criminals know this.

Different WordPress components are affected differently. For example, only 0.58% of security vulnerabilities originated from WordPress core in 2021, according to a report from Patchstack on the state of WordPress security in 2021.

The reports also underline a problem that became evident in 2021, with vulnerabilities in plugins increasing 150% compared to 2020.

“The WordPress.org repository leads the way as the primary source for WordPress plugins and themes,” said the researchers in the report. “Vulnerabilities in these components represented 91.79% of vulnerabilities added to the Patchstack database.”

“The remaining 8.21% of the reported vulnerabilities in 2021 were reported in premium or paid versions of the WordPress plugins or themes that are sold through other marketplaces like Envato, ThemeForest, Code Canyon, or made available for direct download only,” they added.

The security issues are even worse than this, with 42 percent of WordPress sites using at least one vulnerable component. There are multiple reasons for the sad state of security when it comes to WordPress plugins.

First of all, many websites don’t really have a security budget, so many issues are overlooked or ignored until they become a problem.

The second issue affects all platforms, including apps and operating systems. Often, developers push updates that fix critical vulnerabilities, but it takes a long time before they reach everyone. Some admins simply ignore security updates for months or even years.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researchers Find Thousands of Websites that Record Everything You Type Researchers Find Thousands of Websites that Record Everything You Type
Radu CRAHMALIUC

May 16, 2022

2 min read
Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read