Surprise! 98% of WordPress security vulnerabilities come from plug-ins

While WordPress is the most commonly targeted Content Management System by hackers, plugins account for up to 98 percent of all vulnerabilities on WordPress sites worldwide, according to a 2018 survey by security firm Imperva. Only 2% are involved in the core of WordPress. WordPress accounts for 28% of the world’s websites, and 59% of the world’s CMS-based websites.

www.ktnetks.com.tw

First, however, the Sucuri Firewall team discovered in late April that WP Live Chat Support contained a resident cross-site scripting vulnerability. Alert Logic followed up in early May by revealing that the 8.0.11 released by the WP Live Chat Support team in May last year was supposed to have patched the CVE‐2018‐12426 vulnerability, but it didn’t really solve the problem, as hackers were still able to upload malicious files to users’ computers. On May 17, however, WordPress shut down the WP Live Chat Support download service. Neither the WordPress nor WP Live Chat Support teams have come up with any instructions. In any case, when using open source platforms or plug-ins, it is important to be careful to select well-reviewed developers.

Surprise! 98% of WordPress security vulnerabilities come from plug-ins

Related Posts

Notes on System Architecture Design (94) — Hardware abstraction layer

The failure of the didSelectItemAtIndexPath method on the collectionView

[TcaplusDB] world youth festival | let the world see our glory!