Page 86 - Cyber Defense Magazine RSA Edition for 2021
P. 86
Some of these third-party plugins have hundreds of thousands or even millions of active installations,
which makes them an attractive target for malicious attacks.
Patchstack, an Estonian cyber-security company has taken an innovative approach to connect bug
bounties and community-driven security research with automated virtual patching to solve that problem.
95% of security vulnerabilities in WordPress ecosystem originate from
third-party plugins
Patchstack is maintaining a free to use vulnerability database for different website components which
covers all security issues of WordPress core, themes and plugins.
When looking at all the vulnerabilities reported in 2020, 95% of the vulnerabilities originate from the third-
party plugins and themes.
In 2020, we surveyed 338 digital agencies who specialize in website development and asked which
threats are they most worried about. The top 3 answers were:
1) Lack of cyber security knowledge
2) Plugin and third-party code vulnerabilities
3) Blocking and preventing attacks
Anyone can create a new plugin and add it to the WordPress repository. While this is very convenient, it
raises many concerns, since the skills of the plugin developers vary.
For the majority of the users, it’s hard to tell which of the plugins are written poorly and which ones are
not.
Businesses are becoming increasingly worried
Coming back to the survey we did in 2020, we also asked if the developers and digital agencies have
witnessed a change in the number of hacking incidents.
We asked: “Have you seen a change in the number of attacks targeted against your websites?” - 157
out of 338 stated that they have seen an increase in the number of attacks against their websites and
just 12 said that the numbers are decreasing instead.
86
