UPDATED 16:55 EDT / JULY 03 2013

NEWS

Your WordPress Plug-Ins May Be Vulnerable, Says Checkmarx Research

In this Web 3.0 era, WordPress is one of the most popular blogging content management systems (CMS). Most websites are based and created on this platform as it is not only easy to use, but offers several capabilities as well.

Recently, Checkmarx Research Labs released a report on vulnerabilities discovered in WordPress plug-ins and the plug-in process. According to this report, more than 20 percent of the 50 most popular WordPress plug-ins are vulnerable to common web attacks, such as SQL Injection. In addition, 7 out of the 10 most popular e-commerce plug-ins contain vulnerabilities.

WordPress accounts for 18 percent of websites on the web, which equates to around 60 million websites. Apparently, popularity of the CMS platform makes it vulnerable and also a very large target for attacks. Checkmarx started the research in early 2013 and performed two scans of the top 50 most downloaded plug-ins.

During the first scan in early January 2013, 18 vulnerable plug-ins were discovered which amounted to 18.5 million downloads. The second scan was performed in June 2013 on the 10 most downloaded e-commerce plug-ins, which revealed vulnerability due to high risk and impact severity. Some of the common vulnerabilities include SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Remote/ Local File Inclusion, and Path Traversal.

Here are some other findings from the report:

  • 20 percent of the 50 most popular WordPress plug-ins are vulnerable to common web attacks. This amounts to nearly 8 million downloads of vulnerable plug-ins.
  • 7 out of the top 10 most popular e-commerce plug-ins are vulnerable to common web attacks. This amounts to more than 1.7 million downloads of vulnerable e-commerce plug-ins.
  • Only six plug-ins were completely fixed in a six-month time period – although all plug-ins updated their versions during this time.

So what should you do? Keep a check on which plug-ins you are installing and make sure they are verified. And don’t forget to update your plug-ins and scan them regularly.

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.

Cookies

We employ the use of cookies. Find out more.