WordPress Vulnerabilities Security Overview
As per the below pie chart, WordPress plugins are the biggest source of WordPress security vulnerabilities. So far there are 1,305 WordPress plugins vulnerabilities in the WPScan Vulnerability Database. That accounts to 54% of the global WordPress vulnerabilities count. Then there are 344 (14.3%) WordPress themes vulnerabilities and 758 (31.5%) WordPress core vulnerabilities.
Type of WordPress Vulnerabilities
The most popular vulnerability types in WordPress core, plugins and themes are Cross-site Scripting and SQL Injection. This is not surprising considering these 2 vulnerabilities have been listed in the OWASP Top 10 since its inception.
Statistics of WordPress Core Vulnerabilities
The below graph highlights the top 10 most vulnerable WordPress core versions, with versions 3.0 and 3.0.1 leading the pack with 15 vulnerabilities each. In second place, with 13 vulnerabilities each there are WordPress version 3.5, 3.5.1 and 3.6.
Top 10 Most Vulnerable WordPress Plugins
Here are some worrying facts about the Top 10 most vulnerable WordPress plugins:
- 5 of them are commercial plugins
- These plugins were downloaded around 21 million times
- 1 of these plugins is a WordPress security plugin
Why are these worrying facts? I would not be surprised if a commercial plugin is vulnerable. Again I am not saying such plugins should be bullet proof as it and all the other plugins will never be. After all I would expect that a plugin written from security people to help WordPress users keep their WordPress secure to have fewer vulnerabilities.
Top 10 Most Vulnerable WordPress Themes
The below graph highlights the top 10 most vulnerable WordPress themes with the highest one having only 3 vulnerabilities under its name.
Are These WordPress Vulnerabilities Statistics Accurate?
These statistics are based on the information stored in the WPScan Vulnerability Database. There are many other vulnerable WordPress plugins and themes out there. In conclusion, this gives us a good overview of the state of WordPress vulnerabilities.
HAVE A LOOK AT OUR MAINTENANCE PACKAGESMonthly Maintenance Packages