3 Most Vulnerable WordPress Plugins

WordPress Dangerous Plugins

Sucuri put out it’s first ever, Website Hacked Report, a study of 11,845 compromised websites that it was asked to investigate. The most revealing fact was that 3 vulnerable WordPress plugins account for a quarter of all attacks on WordPress sites.

According to Sucuri, a 78% of attacks were directed towards sites with the WordPress Content Management System (CMS) platform.

Content Management System distribution

WordPress Plugins

A high number of those attacks came through vulnerable WordPress plugins. Very rarely were there attempts to access vulnerabilities in the WordPress core.

One-quarter of all of the attacks came from 3 outdated plugins: RevSlider, GravityForms, and TimThumb

WordPress Dangerous Plugins

You may remember RevSlider being suspected as the responsible vulnerable WordPress plugin behind the infamous Panama Papers.

It’s surprising to see such high numbers since developers released security fixes for all three over a year ago. Even with TimThumb, the security fix was released four years ago but there are WordPress websites still using the vulnerable version.

The simple explanation for this is that some developers embed plugins into custom themes. In these themes, users can manage their content from one main control panel but it stops them from accessing plugins from the plugin manager. As such, developers are forced to frequently re-issue the theme with upgraded plugins and have users download it again, which most don’t.

Core WordPress

With core updates, WordPress is in a fairly good position compared to other CMS. 56% of WordPress sites have outdated core versions, Joomla has 85%, Drupal has 81%, and Magento has a shocking, 97%.

This speaks to a website owner’s ability to keep up with current vulnerabilities. Staying up to date is a difficult task.

Website owners are turning to other applications, such as Firewalls, to give them time to respond to threats or hiring dedicated hosting services to monitor these problems.

WordPress Security Outdated Core

Take a look through the whole Sucuri report for more details.

If you’ll take one thing from this report, keep updated versions of your WordPress CMS and your WordPress plugins. At Jumbo WP, we manage that for you so you’ll always be up to date.

Recommended Posts