1 min read

One in five WordPress plugins is vulnerable

Alexandra GHEORGHE

December 16, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
One in five WordPress plugins is vulnerable

8,800 WordPress plugins carry at least one severe security vulnerability, according to a new study.

An extensive analysis of 47,959 WordPress plugins – almost the entire WordPress ecosystem – shows “every second larger plugin contains at least one medium severity issue”.

Experts from RIPS Technologies scanned plugins hosted in the official WordPress repository and found that almost 4,500 large plugins – those with more than 500 lines of code – contain at least one medium severity issue, such as cross-site scripting.

In fact, cross-site scripting (XSS) issues affect more than 68% of flawed plugins and just over 20% are SQL injections.

XSS vulnerabilities have been around since the birth of the modern web and are still among the most prevalent threats affecting websites. Big companies such as Yahoo, Ebay, PayPal, Youtube and Twitter have suffered XSS attacks. Yahoo has been so plagued that it open-sourced a set of XSS filters so other webmasters could review it.

“Cross-site scripting vulnerabilities are quite serious in WordPress because they can be used, for example, to inject PHP code through the template editor. Luckily, they do require interaction with an administrator though,” the blog post reads.

Fortunately, overall, there are more secure plugins than others. Roughly 36,000 plugins are not affected by any vulnerabilities, and around 1,000 have small issues. Only 2,800 have high-severity holes.

WordPress is not as insecure as its reputation would suggest”, the company added. “Rather it is a top target due to its incredible prevalence. Yes, there are a lot of vulnerabilities in the WordPress ecosystem, but most of them are in a small percentage of the plugins. While many plugins do not contain vulnerabilities at all because of their small size, the ones that do have issues, have a lot of them.”

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read
$5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees $5 Million Worth of Bored Ape NFTs Stolen by Scammers Pretending to Return Gas Fees
Silviu STAHIE

May 05, 2022

1 min read