WordPress turns out to be easy Pickings for Hackers
According to a recent study conducted by Checkmarx, WordPress, which is one of the Internet's most widely used tools, is a haven for hackers. The shocking results of this study revealed that approximately 30 per cent of the tool's 50 top plug-ins have at least one critical flaw making it vulnerable to hackers each. This makes WordPress a popular target for hackers.
With around 60 million users, representing around 18 per cent of all sites currently on the Web, it is also a huge target promising rich pickings. According to Maty Siman, Chechmarx founder/ CTO, the reason WordPress is such an attractive and easy target for cyber criminals is the fact that writing plug-ins for it is so easy.
Speaking to TechNewsWorld, Siman stated that while the total number of plug-ins written for the tool (more than 25,000) is obviously good, it also has some serious implications when it comes to security. He estimates that there are a minimum of two critical security vulnerability advisories per week concerning WordPress plug-ins.
The study in question began around six months ago, scanning the tool's 50 top plug-ins. The amount of results turned out to be overwhelming, so it was decided to limit the scan to finding the most critical vulnerabilities. The five issues looked for included cross-site scripting and request forgery; pass reversal, SQL injection and file inclusion.
The resulting data was ultimately more meaningful, but shocking none-the-less. It appears that 30 per cent (or 15 plug-ins) of the 50 scanned plug-ins featured at least one, but often several, of these vulnerabilities. Siman indicated that figures like this leave little wonder why WordPress is highly popular as a hacking target.
The problem is the fact that it is so easy to hack into WordPress opens up a world of opportunities for hackers. Once 'in', hackers are subsequently able to hack into millions of users' sites. The implications of this are scary to say the least.
WordPress is, by the way, not the only popular tool to suffer at the hands of cyber criminals. It does, in fact, join a long line-up of tools with huge bull's eye targets all over them, including, among others, Java Oracle and Adobe Reader.
It seems that much more stringent security checks are required to keep every one of these tools safe if they do not wish to lose their popularity among users. Let's face it, it Checkmarx can find these vulnerabilities; the tools should be able to find them before offering plug-ins to users. It may require a little effort, but should surely be well worth it.
© Copyright 2021