Vulnerable Plugins
There are twenty items on the list this week, with the vast majority of them related to the Freemius framework disclosure that happened last week. WPVulnDB also has a list of plugins that use Freemius that have been updated. There are three additional plugins in this week's list that were updated for security issues that I spotted.
View this week's vulnerable plugins list.
Other WordPress Security News
Speaking of WPVulnDB, they now offer a plugin to scan your WordPress instance to find vulnerabilities listed in the their vulnerability database.
Sucuri released their Hacked Website Report 2018 earlier this week. Of the 18,302 infected sites they analyzed, 90% were WordPress, an increase from 83% in 2017. 36.7% of those WordPress sites were running an outdated version of WordPress, down from 39.3% in 2017. As in previous years, plugins/themes continue to be the main avenue for compromise. Definitely check out the full report.
Other Security News
Along those same lines, Synk.io released their 2019 State of Open Source Security Report last week. Highlights include:
- Median time from when a vulnerability was added to an open source package until it was fixed was over 2 years
- 78% of vulnerabilities are found in indirect dependencies
- PHP Packagist disclosures grew by 27%
- Top ten most popular docker images each contain at least 30 vulnerabilities
- Open source maintainers want to be secure, but 70% said they lack security skills
As with the Sucuri report, definitely check out the full report.