Why you need security and maintenance for your WordPress site

WordPress Vulnerabilities Security Overview

As per the below pie chart, WordPress plugins are the biggest source of WordPress security vulnerabilities. So far there are 1,305 WordPress plugins vulnerabilities in the WPScan Vulnerability Database. That accounts to 54% of the global WordPress vulnerabilities count. Then there are 344 (14.3%) WordPress themes vulnerabilities and 758 (31.5%) WordPress core vulnerabilities.

WordPress vulnerabilities Pie Chart

Type of WordPress Vulnerabilities

The most popular vulnerability types in WordPress core, plugins and themes are Cross-site Scripting and SQL Injection. This is not surprising considering these 2 vulnerabilities have been listed in the OWASP Top 10 since its inception.

Type of Vulnerabilities in WordPress Core, Plugins and Themes

Statistics of WordPress Core Vulnerabilities

The below graph highlights the top 10 most vulnerable WordPress core versions, with versions 3.0 and 3.0.1 leading the pack with 15 vulnerabilities each. In second place, with 13 vulnerabilities each there are WordPress version 3.5, 3.5.1 and 3.6.

Top 10 Most Vulnerable WordPress Core Versions

Top 10 Most Vulnerable WordPress Plugins

Here are some worrying facts about the Top 10 most vulnerable WordPress plugins:

  • 5 of them are commercial plugins
  • These plugins were downloaded around 21 million times
  • 1 of these plugins is a WordPress security plugin

Top 10 Most Vulnerable WordPress Plugins

Why are these worrying facts? I would not be surprised if a commercial plugin is vulnerable. Again I am not saying such plugins should be bullet proof as it and all the other plugins will never be. After all I would expect that a plugin written from security people to help WordPress users keep their WordPress secure to have fewer vulnerabilities.

Top 10 Most Vulnerable WordPress Themes

The below graph highlights the top 10 most vulnerable WordPress themes with the highest one having only 3 vulnerabilities under its name.

The Top 10 Most Vulnerable WordPress Themes

Are These WordPress Vulnerabilities Statistics Accurate?

These statistics are based on the information stored in the WPScan Vulnerability Database. There are many other vulnerable WordPress plugins and themes out there. In conclusion, this gives us a good overview of the state of WordPress vulnerabilities.

HAVE A LOOK AT OUR MAINTENANCE PACKAGES

Monthly Maintenance Packages