WordPress plugins is found to be vulnerable in a recent research held by CheckMarx. As we know that WordPress is the most renowned open source platform provides content management structure to almost 18% websites across the world. CheckMarx being a company works on the concept of identifying the technical and logical code vulnerabilities has conducted research on June18, 2013 to find the security condition of 50 top most downloaded WordPress plugins and 10 best ecommerce plugins.
What was the Research about? A research made on 50 most downloaded plugins and 10 top most downloaded plugins related to E-commerce.
Which Scan Tool CheckMarx Used: CheckMarx ran the scan tool that revealed vulnerability like SQL Injection (SQLi), Cross-site scripting (XSS), Cross Site Request Forgery (CSRF), Remote/ Local File Inclusion (RFI/LFI), and Path Traversal in top WordPress plugins and ecommerce plugins.
What CheckMarx revealed: The findings revealed by CheckMarx were really shocking compared to the last scan that was done in January 2013.
- Around 20% plugins out of 50 are vulnerable.
- 7 out of 10 most famous E-commerce plugins are vulnerable.
- Absent of correlation between line of codes and vulnerability level of the plugins.
- Only 6 plugins were entirely updated in last 6 months.
Recommendation: CheckMarx has recommended suggestion to web admin after this shocking result.
- Always download plug-in from reliable source like if you want WordPress plug-in then go to WordPress website rather to surf any other website.
- Run a static source code analysis tool if you have a source code. This will let you know about to check its health status and offers recommendation for it.
- Check that plug-in is updated and remove any unused or inactive plug-in.
- For plug-in developers, CheckMarx suggest to add security with plugins.
- Run security code scanners to know whether it complies with security standard.
- The research also points out to other application development platform and advice them to enforce security policy on application and authorize only apps that comply with security policy.
These security breaches within the plugins allow hackers to use the platform for massive viruses and malware infections. The problems explained in detail in the CheckMarx’s Report.
Want to publish this infographic on your own website?
Copy and paste this code into your blog post or web page: