90% of WordPress vulnerabilities affect only third-party software

A report by web security firm Parchstack mentions that the vast majority of the nearly 600 WordPress vulnerabilities reported during 2020 end up negatively impacting plugins and themes developed by third parties. This report is based on the database that collects all the information about the security flaws detected in this content management system (CMS).

WordPress is present on at least 40% of websites around the world, so these flaws can really seriously impact affect affected users.

The analysis showed that of the 582 unique flaws detected, more than 96% impact software developed by third parties; In addition, more than 450 flaws only affect popular plugins, while only 22 vulnerabilities impact the WordPress core.  

The researchers also mentioned that around 50,000 websites employ some 23 vulnerable plugins: “With each plugin installed on a website the chances of exploiting vulnerabilities increase; to make matters worse, administrators often let the updates go by, further increasing the risk of exploitation.”

Common security flaws include cross-site scripting (XSS) errors, SQL injections, cross-site request forgery (CSRF), and arbitrary file upload.

Experts say that, according to reports filed through wordPress’ rewards program in 2021, a significant increase in the number of flaws discovered compared to the same period of 2020 has been detected. A survey of nearly 500 members of the cybersecurity community also shows an increase in the number of reports on third-party plugins and topics.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.