In this Web 3.0 era, WordPress is one of the most popular blogging content management systems (CMS). Most websites are based and created on this platform as it is not only easy to use, but offers several capabilities as well.

Recently, Checkmarx Research Labs released a report on vulnerabilities discovered in WordPress plug-ins and the plug-in process. According to this report, more than 20 percent of the 50 most popular WordPress plug-ins are vulnerable to common web attacks, such as SQL Injection. In addition, 7 out of the 10 most popular e-commerce plug-ins contain vulnerabilities.

WordPress accounts for 18 percent of websites on the web, which equates to around 60 million websites. Apparently, popularity of the CMS platform makes it vulnerable and also a very large target for attacks. Checkmarx started the research in early 2013 and performed two scans of the top 50 most downloaded plug-ins.

During the first scan in early January 2013, 18 vulnerable plug-ins were discovered which amounted to 18.5 million downloads. The second scan was performed in June 2013 on the 10 most downloaded e-commerce plug-ins, which revealed vulnerability due to high risk and impact severity. Some of the common vulnerabilities include SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Remote/ Local File Inclusion, and Path Traversal.

Here are some other findings from the report:

• 20 percent of the 50 most popular WordPress plug-ins are vulnerable to common web attacks. This amounts to nearly 8 million downloads of vulnerable plug-ins.
• 7 out of the top 10 most popular e-commerce plug-ins are vulnerable to common web attacks. This amounts to more than 1.7 million downloads of vulnerable e-commerce plug-ins.
• Only six plug-ins were completely fixed in a six-month time period – although all plug-ins updated their versions during this time.

So what should you do? Keep a check on which plug-ins you are installing and make sure they are verified. And don’t forget to update your plug-ins and scan them regularly.