Tweet
Plugins for WordPress, or more specifically - free WordPress plugins, are a real primordial soup of flaws and vulnerabilities, many of which allow threat actors to completely take over the target website, and many of which - never get patched.
This is the grim conclusion in a report from Patchstack, a company that provides threat intelligence and security tools for the popular website builder platform.
According to the report, the number of vulnerabilities linked to WordPress grew 150% in 2021 compared to the previous year. Of those vulnerabilities, only 0.58% are in WordPress core, the actual website builder. More than nine in ten (91.38%) were found in free plugins, and 8.62% in commercial plugins.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Almost a third (29%) of the critical flaws found in WordPress plugins never get patched. The good news is that the plugins that don’t get patched, are eventually thrown out of the plugin repository. The report said nine plugins never received patches, and were subsequently removed.
Last year, the company discovered five vulnerabilities of critical severity, affecting a total of 55 WordPress themes. One of them abused file upload features, which was a particularly dangerous finding. Among the plugins, Patchstack found 35 critical vulnerabilities, two of which were present in four million websites.
The most popular flaw to be reported, Patchstack further found, was cross-site scripting (XSS), followed by “mixed” cross-site request forgery, SQL injections, and arbitrary file uploads.
Read more
The average WordPress site has 18 installed components, at least one of which carries in it, a dangerous vulnerability. The report says the number is down, compared to the average 23 plugins installed the year before.
Of all the vulnerable plugins, the most popular targets last year were OptinMonster, PublishPress Capabilities, Booster for WooCommerce plugin, and Image Hover Effects Ultimate plugin.
Almost half (43.2%) of all websites on the internet are powered by WordPress.
[ul]
[li]Here’s our list of the best web hosting providers out there[/li][/ul]
Via: BleepingComputer
Continue reading…
This is the grim conclusion in a report from Patchstack, a company that provides threat intelligence and security tools for the popular website builder platform.
According to the report, the number of vulnerabilities linked to WordPress grew 150% in 2021 compared to the previous year. Of those vulnerabilities, only 0.58% are in WordPress core, the actual website builder. More than nine in ten (91.38%) were found in free plugins, and 8.62% in commercial plugins.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]XSS the most popular flaw[/HEADING]
[HEADING=1]XSS the most popular flaw[/HEADING]
Last year, the company discovered five vulnerabilities of critical severity, affecting a total of 55 WordPress themes. One of them abused file upload features, which was a particularly dangerous finding. Among the plugins, Patchstack found 35 critical vulnerabilities, two of which were present in four million websites.
The most popular flaw to be reported, Patchstack further found, was cross-site scripting (XSS), followed by “mixed” cross-site request forgery, SQL injections, and arbitrary file uploads.
Read more
800,000 WordPress sites still vulnerable to simple takeover attacks
WordPress update fixes a series of high-severity vulnerabilities
WordPress plugin vulnerability exposed millions of websites to attack
WordPress update fixes a series of high-severity vulnerabilities
WordPress plugin vulnerability exposed millions of websites to attack
Of all the vulnerable plugins, the most popular targets last year were OptinMonster, PublishPress Capabilities, Booster for WooCommerce plugin, and Image Hover Effects Ultimate plugin.
Almost half (43.2%) of all websites on the internet are powered by WordPress.
[ul]
[li]Here’s our list of the best web hosting providers out there[/li][/ul]
Via: BleepingComputer
Continue reading…