WordPress plugin vulnerabilities more than doubled in 2021

What just happened? Third-party WordPress plugin vulnerabilities increased significantly in 2021, and many of them still have known public exploits. Cybersecurity firm Risk Based Security said 10,359 vulnerabilities were reported to affect third-party WordPress plugins at the end of last year, of which 2,240 were disclosed in 2021. That’s a 142 percent increase compared to 2020, but the bigger concern is the fact that 77 percent of all known WordPress plugin vulnerabilities – or 7,993 of them – have known public exploits.

A closer look revealed that 7,592 WordPress plugin vulnerabilities are remotely exploitable while 4,797 have a public exploit but no CVE ID. For organizations that only rely on CVEs for mitigation prioritization, the latter means that more than 60 percent of vulnerabilities with a public exploit won’t even be on their radar.

Another issue Risk Based Security touched on for organizations is their focus on criticality rather than exploitability.

The firm notes many organizations categorize vulnerabilities with a CVSS severity score below 7.0 as not being high priority, and thus don’t address them right away. That’s a problem considering the average CVSS score for all WordPress plugin vulnerabilities is 5.5.

Risk Based Security and others have observed malicious actors favoring vulnerabilities not with high severity scores, but rather those that can be easily exploited. Given the data and observations, perhaps it would be wise for some organizations to reconsider their threat management protocols.

Image credit: Justin Morgan

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
How Are High Mortgage Rates Affecting the Spring Homebuying Season? thumbnail

How Are High Mortgage Rates Affecting the Spring Homebuying Season?

It’s the season of new beginnings and fresh starts: Spring cleaning, the outdoors, weddings, gardening and… real estate. But in a housing market marked by high mortgage rates, low housing inventory and steep home prices, we still haven’t seen a typical spring homebuying season. Though mortgage application volume is higher than it was last fall
Read More
Youtube Music non-Premium users can use the background playback function thumbnail

Youtube Music non-Premium users can use the background playback function

Lenovo 網店星級電腦巡禮 Win11達人道場 iOS/iPadOS 15 Biz.IT Excellence 新聞 全部WWDCiOSAndroidWindowsmacOS社交網絡資安.私隱人工智能區塊鏈未來科技VR/AR/XR 資安.私隱Twitch 被黑客入侵 程式碼及用戶資料被網上公開 手機Google 宣布 10 月 19 日舉行 Pixel 6 系列網上發表會 新聞Now Sports Plus 680 台播F1、UFC 香港電競總會賽事獨家播 VR/AR/XRCanon 發表首個 VR 拍攝系統 EOS VR SYSTEM 電腦 全部筆記簿電腦桌面電腦電競產品DIY 硬件屏幕儲存裝置電腦周邊家居網絡 DIY 硬件ASUS 戀上貓頭鷹 推出 RTX 3070 Noctua Edition 顯示卡 電腦周邊開學必備 ! HP Smart Tank 智醒供墨系統多合一打印機 筆記簿電腦Apple 今個月搞發表會發表 M1X MacBook Pro ?!…
Read More
Renderingar på Vivo NEX5 thumbnail

Renderingar på Vivo NEX5

Vivo kommer med stor sannolikhet visa upp ett nytt flaggskepp inom en snar framtid. Nu ser det ut som att ett koncept skapats som kan visa hur den här modellen kan se ut. Det ser ut som att den kommer få en rund del för kamerorna på baksidan. Vidare ser det ut som att modellen…
Read More
Index Of News