Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Out of 45000 Total WordPress Plugins, 8800 Are Vulnerable

 

 

The WordPress is the most used Content Management System. Millions of websites are using this PHP and MySQL based CMS. If you are also using WordPress for your websites, then this news could make you a little bit worry. There are around 48000 plugins which are available on the official website of WordPress and security firm RIPS Technologies has scanned a directory of 45000 plugins. The security experts of RIPS Technologies found that more than 8800 official plugins of WordPress are vulnerable to the various type of cyber-attacks. A static code scan has been analyzed by the security researchers of RIPS on all that plugins which contains at least one PHP file.

 

Description

RIPS Technologies is providing security solutions from 2003 by finding out the security vulnerabilities in PHP based applications. To check the security of WordPress plugins, the security team of RIPS technologies downloaded all the plugins of WordPress from its official website. Then they conducted a scan with the help of their static code analyzing tool RIPS. The results were a little bit shocking because every second well-known plugin was vulnerable. All the scanned plugins were based on PHP and they contain at least one PHP file. From the scanned plugins, around 14000 plugins contains 2-5 PHP files and 10500 plugins are larger plugins because they contain more than 500 lines of PHP code.

 

Total Number Vulnerabilities

The security researchers of RIPS technologies discovered total 67,486 security vulnerabilities. If we talk out larger plugins, 43 percent of them contains medium level vulnerabilities. 

 

 

  • Low Level Vulnerabilities (1426 Plugins)
  • Medium Level Vulnerabilities (4612 Plugins)
  • High Risk Vulnerabilities (2799 Plugins)
  • Critical Vulnerabilities (41 Plugins)
  • Safe Plugins (36000 Plugins)

 

XSS and SQL Vulnerabilities

According to RIPS technologies, 68 percent plugins are vulnerable to the various type of Cross Site Scripting (XSS Attack) and 20 percent plugins are vulnerable to SQL Injection Attack. It means, there is a need to use more advanced security methods to protect these plugins from such type of attacks. As you know, SQL Injection Attack and XSS Attack are at the top of the OWASP top 10 attacks list.

 

Rest of the plugins are vulnerable to other well-known cyber-attacks and attackers could easily exploit all of them. The developers should understand the risk of these vulnerabilities. Millions of websites are based on WordPress and a single successful plugin exploit may put all the websites at risk.

 

Also Read: 

WordPress Plugin ‘WP Marketplace’ Exploited By Hackers to Upload a Backdoor!

Be Alert, Scammers Are Sending “Fake Lottery Emails” On The Behalf of Reserve Bank of INDIA

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.