RIPS’s analysis showed that nearly 36,000 of the plugins did not have any vulnerabilities and 1,426 had only low severity flaws. Medium severity bugs have been identified in more than 4,600 plugins, while high and critical security holes have been found in 2,799 and 41 plugins, respectively.
Sponsored by Moscom.com Managed WordPress Hosting.
A total of 67,486 vulnerabilities have been discovered in the plugins, which indicates that the applications that do have flaws have a lot of them. Experts noted that a majority of plugins don’t have weaknesses due to their small size (i.e. have fewer lines of code).
As for the types of vulnerabilities affecting these plugins, unsurprisingly, more than 68% are cross-site scripting (XSS) issues and just over 20% are SQL injections. XSS flaws can pose a serious risk in the case of WordPress websites, but exploiting them requires administrator interaction. SQL injections, on the other hand, can be exploited without user interaction and attacks can be automated.