1 min read

One in five WordPress plugins is vulnerable

Alexandra GHEORGHE

December 16, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
One in five WordPress plugins is vulnerable

8,800 WordPress plugins carry at least one severe security vulnerability, according to a new study.

An extensive analysis of 47,959 WordPress plugins – almost the entire WordPress ecosystem – shows “every second larger plugin contains at least one medium severity issue”.

Experts from RIPS Technologies scanned plugins hosted in the official WordPress repository and found that almost 4,500 large plugins – those with more than 500 lines of code – contain at least one medium severity issue, such as cross-site scripting.

In fact, cross-site scripting (XSS) issues affect more than 68% of flawed plugins and just over 20% are SQL injections.

XSS vulnerabilities have been around since the birth of the modern web and are still among the most prevalent threats affecting websites. Big companies such as Yahoo, Ebay, PayPal, Youtube and Twitter have suffered XSS attacks. Yahoo has been so plagued that it open-sourced a set of XSS filters so other webmasters could review it.

“Cross-site scripting vulnerabilities are quite serious in WordPress because they can be used, for example, to inject PHP code through the template editor. Luckily, they do require interaction with an administrator though,” the blog post reads.

Fortunately, overall, there are more secure plugins than others. Roughly 36,000 plugins are not affected by any vulnerabilities, and around 1,000 have small issues. Only 2,800 have high-severity holes.

WordPress is not as insecure as its reputation would suggest”, the company added. “Rather it is a top target due to its incredible prevalence. Yes, there are a lot of vulnerabilities in the WordPress ecosystem, but most of them are in a small percentage of the plugins. While many plugins do not contain vulnerabilities at all because of their small size, the ones that do have issues, have a lot of them.”

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fast Company Media Channel Hacked to Send Obscene Notifications to Apple News Fast Company Media Channel Hacked to Send Obscene Notifications to Apple News
Silviu STAHIE

September 28, 2022

1 min read
Adware Sneaks onto Google Play Store and Apple App Store, Researchers Find Adware Sneaks onto Google Play Store and Apple App Store, Researchers Find
Silviu STAHIE

September 27, 2022

1 min read
Hackers Release Stolen Data after French Hospital Refuses to Pay Decryption Ransom Hackers Release Stolen Data after French Hospital Refuses to Pay Decryption Ransom
Silviu STAHIE

September 27, 2022

1 min read