Recent reports have shown a concerning uptick in WordPress vulnerabilities, highlighting the need for regular checks and a maintenance plan. According to a report from SolidWP dated 24th April, 358 new vulnerabilities were detected within one week, including three in themes and 355 in plugins. This rise is part of a broader trend observed over the past year, where the severity and frequency of vulnerabilities have dramatically increased. Wordfence’s weekly intelligence report also corroborates this trend, documenting 190 vulnerabilities in just one week, spanning 155 plugins and two themes.
In this blog, we will see what’s causing this increase in vulnerabilities across WordPress.
What’s causing WordPress vulnerabilities
- Cross-Site Scripting (XSS) Vulnerabilities
Cross-Site Scripting (XSS) is the most common type of vulnerability with over 53% of all new vulnerabilities in 2023 being related to XSS. These vulnerabilities happen when a website’s forms don’t clean up user input well. This makes it easy for hackers to put harmful code into pages that other people can see.
- Abandoned Plugins
Another increasing risk in the WordPress security field is the rise of deserted plugins. These are plugins that creators no longer update or maintain, making them highly susceptible to misuse. Between the years 2022 and 2023, there has been a massive increase in reported abandoned plugins from 147 to a shocking number of 827. WPScan data shows that 97% of vulnerabilities in their database are from plugins and themes, with only 4% from core software. Over 3,000 WordPress sites were compromised due to slow patching of the XSS vulnerability CVE-2023-6000 in Popup Builder, affecting versions 4.2.3 and older, used by over 80,000 sites.
- Theme Vulnerabilities
Themes make up a smaller part of vulnerabilities, contributing 5.45% in 2022. Like plugins, themes can also have issues with outdated code or lack of maintenance, which can lead to cyber attacks. Over 25,000 websites were impacted by a vulnerability in the Bricks WordPress theme, where threat actors exploited a flaw to deploy malware.
- Core Software Vulnerabilities
Even if the WordPress core is secure, it was still related to 1.3% of all vulnerabilities in the year 2022. While these might be fewer, they have a high potential for causing harm and need quick fixing via regular updates. A severe SQL injection vulnerability (CVE-2024-27956) in the WP Automatic plugin, affecting versions before 3.9.2.0, highlights the critical nature of maintaining updated core software.
How to Safeguard WordPress Site
Despite the increasing number of vulnerabilities, there are proactive measures available to mitigate these risks. You have to ensure that all the plugins and themes are up-to-date and have been tested for the current version of WordPress.
Putting in strong security measures along with a maintenance plan will protect your website from potential threats. By making an investment in the security of your WordPress website, you are not only safeguarding your digital assets, but also instilling trust and confidence among your visitors.
Instead of viewing security measures as optional, consider them as fundamental components of your website maintenance plan. It’s important to stay ahead of the curve as vulnerabilities change. Partnering with a reputable WordPress agency can provide the expertise and support needed to navigate the complex realm of website security.
Your Security, Our Priority
For WordPress site owners, security must be at the forefront. It’s crucial to pay attention to the latest reports about WordPress vulnerabilities in themes and plugins. You should have a maintenance plan for safeguarding your digital presence against the evolving threats in today’s cybersecurity landscape.
At AWESEM, we understand the difficulties associated with handling and updating WordPress security. We offer customized assistance that is aimed at tackling your unique requirements, making sure your website stays safe and efficient.
Reach out to us today.
