Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Top WordPress Plugins Contain Serious Security Vulnerabilities->

Submitted by wiredmikey
wiredmikey (1824622) writes "According to recent analysis of the top 50 most downloaded plugins for the WordPress platform, 18 were vulnerable and could be exploited to infect Websites and distribute malware. Out of the top 10 most popular e-commerce plugins, seven contained serious security flaws. Two were directly from the WordPress team and affected BuddyPress, and several dealt with online payments or interacted with Facebook and other social networks, according to Maty Siman of security firm Checkmarx.

Many of the popular add-ons could be exploited by a number of common attacks, such as SQL injection and cross-site scripting, Checkmarx found, meaning that attackers can easily use an automated exploit kit and point it to a WordPress site and compromise it.

This problem isn't unique to WordPress. While the survey looked at only WordPress plugins because of the platform's popularity, other content management platforms and other Web software suffer similar problems."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Top WordPress Plugins Contain Serious Security Vulnerabilities

Comments Filter:

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"

Working...