2021-04-25 00:00:00

Securitycommunity|Patchstack|plugin|report|vulnerability|Wordpress

Security report: over 70 million Wordpress sites are running vulnerable plugins and themes

In the world of cyber crime getting access to web sites that are powered by a popular software like Wordpress opens doors to large scale attacks or perhaps to ransomware revenue. Wordpress has over 40% market share of web site software which makes it a very attractive target. A new report from security consultancy Pathstack has some alarming statistics: more than 70 million web sites that are built on Wordpress are running plugins and themes that are known to be vulnerable.

Here are the highlights from Pathstack's Security vulnerabilities of WordPress ecosystem in 2020 report:

  • Altogether 582 vulnerabilities were discovered in 2020 in Wordpress.
  • Only 22 security problems were in the core Wordpress software, 82 vulnerabilities were in themes, and 478 in plugins.
  • In other words, 99.22% of known security issues are in third party plugin modules that extend the functionality of Wordpress.

Patchstack has categorised the security holes in Wordpress into five types. This is the top 5 ranking by vulnerability type:

  1. Cross-Site Scripting (XSS) - 211 cases
  2. SQL injection (SQLi) - 53
  3. Cross-Site Request Forgery (CSRF) - 38
  4. Sensitive Information Disclosure - 29
  5. Arbitrary File Upload - 16
  6. Other - 131
cross-site scripting attack diagram by incapsula.com

Are the results a worrying sign, or business as usual?

The report writers analyzed 50 000 Wordpress web sites for their plugins and themes. On average, a Wordpress site has 23 plugins. 4 out of those 23 plugins were outdated, waiting for the admin to update them.

I never would have thought that a web site needs so many plugins to function. I believe one of our sites had nine or ten plugins a couple of years ago, but we have cut it down to seven now. Our other sites have even less plugins. The lure of plugins that add functionality to a site that then may bring more visitors to the pages is, however, understandable.

With 70 million Wordpress sites that are running vulnerable plugins, it is also understandable that professionals in the Wordpress community are worried. Patchstack conducted a survey among 400 professionals, and 70% of them said they were increasingly concerned about the security of their web sites because of third party plugins.

The quality of third party plugins is a major issue that the large Wordpress community and the core product developer Automattic can't escape anymore. There maybe a committee already planning a solution - if so, please communicate. Everyone wants plugins to their sites, many small businesses have been established to develop plugins, but security is lacking.

The scale of the problem is so large that it may lead to nasty large scale consequences. After reading and reviewing the book This is how they tell me the world ends by Nicole Perlroth, I have been convinced that every individual, every business, every organization, every public office must be prepared for the moment their computer systems are hacked. Anyone, anywhere can be an accidental or carefully chosen, unintended or intended target.

News discovered via Wptavern.

News

2025-01-15 08:59:00

Not to mention travel – when real life experiences in a destination don’t match the expectations and everything that can go wrong, goes wrong. Well, that’s the beauty of #travel. #Europehttps://klaava.com/nitpickers-travel-journal-travel-lessons-learned-in-2024/


News

2025-01-11 13:25:00

A conclusion from the Traffic Scorecard 2024 results is it takes about double the time to drive along the streets of London (the most congested city in #Europe) than the streets of Munich, which is ranked the 21st most congested European city. #traffic #travelhttps://klaava.com/the-cities-in-europe-where-people-are-stuck-in-traffic-most-often/


A shop dedicated to tasty juice

2025-01-09 14:04:10

arihak

A shop dedicated to tasty juice


in the busy old town center.

2025-01-08 16:16:08

in the busy old town center.


News

2025-01-07 14:56:00

A reminder for keeping your data safe when traveling. Why? It is likely that you have to access your most critical data in risky situations on the road.https://cybernews.com/privacy/how-to-protect-your-sensitive-information-while-traveling/


News

2025-01-02 16:33:00

What about the scenery, you who are hurrying to the other side?#streetphotography#streetphoto


News

2025-01-01 16:06:00

According to a survey, third of travelers are victims of online booking scams. Since it is so convenient to make travel reservations online, that’s what we do. The problem is that we haven’t adopted new methods to avoid online scams. #travel #scamhttps://klaava.com/a-traveler-is-more-likely-to-get-scammed-when-booking-a-trip-than-being-robbed-in-a-destination/


Perhaps road builders had too much time?

2024-12-29 15:19:44

Perhaps road builders had too much time?


News

2024-12-27 18:25:00

#Photography is full of so-called “rules” that can feel overwhelming. However, some of these “rules” are downright myths.https://www.diyphotography.net/debunking-seven-common-myths-photographers-still-believe-in/


What should I read next?

2024-12-25 15:18:22

arihak

What should I read next?


News

2024-12-23 11:34:00

Since #EU #DMA has specified #Apple as a #gatekeeper in #mobile devices, EU considers Apple should implement several iOS connectivity features, predominantly used for and by connected devices. For instance, notifications, automatic Wi-Fi connection, AirPlay, AirDrop, or Bluetooth audio switching.https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-apple-should-take-ensure-interoperability-under-digital-markets-2024-12-19_en


News

2024-12-21 14:51:00

Smartphone users in the US are not impressed with the latest artificial intelligence features on their devices with 73 percent of Apple users and 87 percent of Samsung users unsatisfied, according to a new study. #phone #AIhttps://petapixel.com/2024/12/19/majority-of-smartphone-users-are-unimpressed-with-ai-features-study-finds/


There should be enough ice already to open the hotel

2024-12-20 16:40:17

There should be enough ice already to open the hotel


Hiking on a mountain experience: the end of an ancient tunnel

2024-12-09 14:12:31

arihak

Hiking on a mountain experience: the end of an ancient tunnel


on a hot summer day

2024-12-02 18:47:01

on a hot summer day


Cloudy day in a valley

2024-11-25 16:31:59

arihak

Cloudy day in a valley


In the shade of a lone palm tree

2024-11-25 15:46:29

In the shade of a lone palm tree


an abandoned town?

2024-11-07 18:35:22

an abandoned town?


A quiet moment between heavy rain

2024-10-24 17:34:45

A quiet moment between heavy rain


Everyone loves a pretty mountain scenery

2024-10-24 16:54:02

arihak

Everyone loves a pretty mountain scenery