WordPress stands unrivaled in popularity as a content management system, holding an impressive 60% of the global market share. In fact, about 35% of all websites on the internet are powered by WordPress. Its widespread use isn’t hard to understand; WordPress offers a versatile platform that suits a wide range of online needs, from small personal blogs to large corporate websites.

However, this popularity also attracts cybercriminals. While the core of WordPress is well-secured, third-party plugins can become vulnerabilities that malicious actors exploit. Plugins with a large number of installations are particularly attractive targets, as exploiting them can affect a vast number of sites.

Here’s a rundown of recent security issues found in popular WordPress plugins:

File Manager: In September 2020, a critical vulnerability was discovered in the File Manager plugin, affecting over 700,000 sites. This flaw allowed unauthorized users to execute code and upload harmful scripts. Although a fix was quickly released, many sites remain at risk due to delayed updates.

Page Builder by SiteOrigin: Over a million sites use this plugin, which was found to have vulnerabilities in May 2020 that could allow attackers to gain administrative access or insert backdoors. A fix was issued promptly, but the risk persists until updates are applied.

GDPR Cookie Consent: This plugin, active on over 800,000 sites, had a vulnerability that could enable cross-site scripting and privilege escalation attacks. The issue was patched in February, but sites must update to be protected.

Duplicator: A popular plugin for migrating and backing up WordPress sites, Duplicator had a flaw that could let attackers download sensitive files. The issue was fixed shortly after its discovery.

Site Kit by Google: This plugin, used on over 300,000 sites, had a severe flaw that could allow attackers to take over the associated Google Search Console. An update was released in May following the discovery in April 2020.

InfiniteWP Client: With this plugin, which allows management of multiple WordPress sites from a single server, a vulnerability was found that could bypass authentication. An update was quickly made available.

In summary, while plugins enhance WordPress functionality, they can also introduce security risks. The swift response of plugin developers to patch vulnerabilities is crucial. To safeguard against these risks, site owners should promptly apply updates and stay informed about potential vulnerabilities.

Previous articleStrategies for Enhancing the Security of Your WordPress Site
Next articleEssential Metrics for the Success of an Office Add-in Development Firm