2021-04-25 00:00:00

Securitycommunity|Patchstack|plugin|report|vulnerability|Wordpress

Security report: over 70 million Wordpress sites are running vulnerable plugins and themes

In the world of cyber crime getting access to web sites that are powered by a popular software like Wordpress opens doors to large scale attacks or perhaps to ransomware revenue. Wordpress has over 40% market share of web site software which makes it a very attractive target. A new report from security consultancy Pathstack has some alarming statistics: more than 70 million web sites that are built on Wordpress are running plugins and themes that are known to be vulnerable.

Here are the highlights from Pathstack's Security vulnerabilities of WordPress ecosystem in 2020 report:

  • Altogether 582 vulnerabilities were discovered in 2020 in Wordpress.
  • Only 22 security problems were in the core Wordpress software, 82 vulnerabilities were in themes, and 478 in plugins.
  • In other words, 99.22% of known security issues are in third party plugin modules that extend the functionality of Wordpress.

Patchstack has categorised the security holes in Wordpress into five types. This is the top 5 ranking by vulnerability type:

  1. Cross-Site Scripting (XSS) - 211 cases
  2. SQL injection (SQLi) - 53
  3. Cross-Site Request Forgery (CSRF) - 38
  4. Sensitive Information Disclosure - 29
  5. Arbitrary File Upload - 16
  6. Other - 131
cross-site scripting attack diagram by incapsula.com

Are the results a worrying sign, or business as usual?

The report writers analyzed 50 000 Wordpress web sites for their plugins and themes. On average, a Wordpress site has 23 plugins. 4 out of those 23 plugins were outdated, waiting for the admin to update them.

I never would have thought that a web site needs so many plugins to function. I believe one of our sites had nine or ten plugins a couple of years ago, but we have cut it down to seven now. Our other sites have even less plugins. The lure of plugins that add functionality to a site that then may bring more visitors to the pages is, however, understandable.

With 70 million Wordpress sites that are running vulnerable plugins, it is also understandable that professionals in the Wordpress community are worried. Patchstack conducted a survey among 400 professionals, and 70% of them said they were increasingly concerned about the security of their web sites because of third party plugins.

The quality of third party plugins is a major issue that the large Wordpress community and the core product developer Automattic can't escape anymore. There maybe a committee already planning a solution - if so, please communicate. Everyone wants plugins to their sites, many small businesses have been established to develop plugins, but security is lacking.

The scale of the problem is so large that it may lead to nasty large scale consequences. After reading and reviewing the book This is how they tell me the world ends by Nicole Perlroth, I have been convinced that every individual, every business, every organization, every public office must be prepared for the moment their computer systems are hacked. Anyone, anywhere can be an accidental or carefully chosen, unintended or intended target.

News discovered via Wptavern.

News

2025-07-10 13:26:00

Behavior rules are being documented as town-specific or national-level regulation in European countries, especially in the south where sun seeking tourists may forget that the town belongs to local people who simply want to live in their home town. #travel #Europehttps://klaava.com/nitpickers-travel-journal-behave-or-else-unwritten-cultural-rules-in-europe/


But there are three fortresses on the other side of border.

2025-07-08 16:06:04

But there are three fortresses on the other side of border.


Border town safety net.

2025-07-07 18:24:59

arihak

Border town safety net.


News

2025-07-07 16:16:00

Instead of fumbling with plastic chips, you download a mobile profile directly onto the secure micro-chip already soldered inside most recent phones (think iPhone XR and newer, Google Pixel 3+, Samsung Galaxy S20 series and up). #phone #travelhttps://klaava.com/esim-the-tiny-tech-that-makes-big-adventures-stress-free/


News

2025-07-01 16:15:00

Canyon road is a magnet for cyclists and motorists.#photography #travelphotography #europeflic.kr/p/2rdW4Mfhttps://flic.kr/p/2rdW4Mf


The historic center of Krakow in Poland features castles, churches, palaces ... and tourists.

2025-06-23 13:31:04

The historic center of Krakow in Poland features castles, churches, palaces ... and tourists.


A man with his donkey.

2025-06-19 15:54:21

arihak

A man with his donkey.


News

2025-06-19 15:11:00

An eye-catching place for a painting.#streetphotographyhttps://wordpress.org/photos/photo/9536554ee4/


News

2025-06-15 15:33:00

There are many ways to classify the best countries for road trips, and that is why we are going to take a look at a few different types of ways to select the best here. #roadtrip #Europehttps://klaava.com/which-countries-in-europe-are-the-best-for-road-trips/


News

2025-06-11 16:24:00

Let's go.#streetphotographyflic.kr/p/2r3EuJNhttps://flic.kr/p/2r3EuJN


News

2025-06-04 18:08:00

A #photographer has been using sunglasses with a camera and loudspeakers for 8 months: "I quite enjoy them, and they’ve quickly become my daily wear as far as sunglasses are concerned."https://fstoppers.com/artificial-intelligence/ray-ban-meta-glasses-photographers-perspective-701899


News

2025-06-02 14:42:00

Today, digital nomads recognize the benefits but also risks of their lifestyle. An extensive study among traveling workers reveals the highs and lows of the nomad life. #remotework #digitalnomadhttps://klaava.com/digital-nomads-feel-powered-by-their-lifestyle-but-recognise-inevitable-downsides-as-well/


Aland archipelago

2025-05-30 16:59:41

Aland archipelago


Highway across a swamp.

2025-05-30 11:14:51

arihak

Highway across a swamp.


News

2025-05-26 16:29:00

Flower market, but she is selling fruit trees.#streetphotographyhttps://unsplash.com/photos/TfQ6uYmI9QQ


News

2025-05-22 14:19:00

In Spain, the Balearic government asked influencers to help ease pressure on overcrowded hotspots by promoting less-visited areas. Instead, influencers have unintentionally drawn large crowds of tourists to remote, ecologically sensitive locations. #photography #selfiehttps://petapixel.com/2025/05/21/spanish-islands-ban-influencers-after-4000-tourists-flock-to-tiny-beach-for-selfies/


News

2025-05-18 18:23:00

Most travelers already knew that south Europe is the warm and sunny zone of #Europe, and this ranking confirms it. Spain and Italy have most cities in the top 30, followed by France and Portugal. #travelhttps://klaava.com/sunniest-cities-in-europe/


Popular sight in Sevilla

2025-05-16 17:51:34

Popular sight in Sevilla


News

2025-05-14 16:03:00

Bordeaux is ready for hot summer days.#streetphotographyhttps://pixelfed.social/p/arihak/827854641319295061


Cooling zone.

2025-05-13 12:38:47

arihak

Cooling zone.