Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


WordPress vulnerabilities more than doubled last year

Image Description

Security vulnerabilities affecting different WordPress plugins saw a 142% increase in 2021 compared to the year before, experts have revealed.

Analyzing the state of the WordPress ecosystem, which includes some 58,000 free plugins, as well as “tens of thousands” more available for purchase, Risk Based Security say the spike in the vulnerabilities to hit 2,240 is “alarming”.

However, what’s even more concerning, is the exploitability of these vulnerabilities. Of all the known flaws, more than three-quarters (77%) are exploitable (have known public exploits). 

Addressing the biggest threats first

While the majority of these flaws are exploitable, the average CVSSv2 score for all of them is 5.5, which creates a potential problem. Most organizations tend to deprioritize vulnerabilities with a severity score less than 7.0, which is not something they should do.

Of the vulnerabilities with known exploits, 7,592 are remotely exploitable, 7,993 have a public exploit, while 4,797 have a public exploit, but no CVE ID. For organizations relying on CVE/NVD, this is particularly concerning, as they’ll be unaware of 60% of issues with known public exploits.

“To fully understand the impact of these vulnerabilities, organizations will need to adopt a risk-based approach,” the researchers conclude. “Although some WordPress plugins claim to have over 500,000 installs, it doesn’t necessarily mean that all enterprises use them. Security teams will need to have knowledge of their assets, comprehensive vulnerability intelligence for all known issues, and detailed metadata, that allows them to examine factors like exploitability, to then contextualize the risk it poses to their environment.”

When triaging the threats, security pros should start with remotely exploitable ones first, then move on to those with a public exploit and have a known solution. If WordPress plugin issues affect important assets, these should be triaged first. 

“By remediating these types of issues, organizations can best protect themselves against potential attacks while saving time since solution data is available. This risk-based approach will prove to be more effective than traditional Vulnerability Management models based on severity,” the researchers conclude.


12 Jan 2022



Other Blog

  • Mimecast may also have been a victim of the SolarWinds hack campaign

    A sophisticated threat actor has compromised a certificate used by Mimecast for Microsoft authentication.

    Read More
  • Acer launches five portable 11th Gen Intel Tiger Lake laptops in India

    Acer has launched five new laptops in India across the Swift 5, Swift 3 and Aspire lineups with Intel 11th gen CPUs.

    Read More
  • Mobile POS to account for half of digital payments by 2024

    According to new research, POS mobile payments will soon account for half of all digital payments.

    Read More
  • LG could reveal a flexible monitor at CES 2021, with movie and gaming modes

    The display will be able to change from flat to curved at the touch of a button.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us