A report by web security firm Parchstack mentions that the vast majority of the nearly 600 WordPress vulnerabilities reported during 2020 end up negatively impacting plugins and themes developed by third parties. This report is based on the database that collects all the information about the security flaws detected in this content management system (CMS).
WordPress is present on at least 40% of websites around the world, so these flaws can really seriously impact affect affected users.
The analysis showed that of the 582 unique flaws detected, more than 96% impact software developed by third parties; In addition, more than 450 flaws only affect popular plugins, while only 22 vulnerabilities impact the WordPress core.
The researchers also mentioned that around 50,000 websites employ some 23 vulnerable plugins: “With each plugin installed on a website the chances of exploiting vulnerabilities increase; to make matters worse, administrators often let the updates go by, further increasing the risk of exploitation.”
Common security flaws include cross-site scripting (XSS) errors, SQL injections, cross-site request forgery (CSRF), and arbitrary file upload.
Experts say that, according to reports filed through wordPress’ rewards program in 2021, a significant increase in the number of flaws discovered compared to the same period of 2020 has been detected. A survey of nearly 500 members of the cybersecurity community also shows an increase in the number of reports on third-party plugins and topics.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.