Security Flaws Found in 20 Percent of Popular WordPress Plugins
The vulnerabilities could give hackers control over affected sites, and could provide them with access to highly sensitive data.
According to a recent Checkmarx report entitled "The Security State of WordPress' Top 50 Plugins" [PDF file], 20 percent of the 50 most popular WordPress plugins, totalling nearly 8 million vulnerable downloads, are vulnerable to common Web attacks (h/t Softpedia).
The reports also states that seven of the 10 most popular e-commerce plugins, totalling more than 1.7 million vulnerable downloads, are vulnerable to common Web sites.
The vulnerabilities could enable hackers to control or deface affected Web sites, and could also provide hackers with access to personally identifiable information, health records and financial details, according to Checkmarx.
In response, the report offers four key recommendations for Web admins: download plugins only from reputable sources, verify the security posture of the plugin by scanning it for security issues, ensure all your plugins are up to date, and remove any unused plugins.