Skip to main content
Customer Support Customer Support

Malware targets 30 unpatched WordPress plugins

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

January 6, 2023 By Christopher Boyd 

 

If you make use of plugins on your WordPress site (and you probably do), it’s time to take a good look at what’s running under the hood. Ars Technica reports that unpatched vulnerabilities being exploited across no fewer than 30 plugins.

A long list of plugin problems

If you own or operate a website there is a very good chance it uses WordPress. More than 40 precent of websites use a version of it, and it's used on more websites that all other website Content Management Systems (CMS) combined. One of the reasons it's so popular is that it can be easily extended by adding plugins, of which there are tens of thousands.

 

>> Full Article <<

 

    4 replies

    kleinmat4103
    Popular Voice
    Forum|alt.badge.img+6
    • kleinmat4103
    • Popular Voice
    • 512 replies
    • January 9, 2023

    Yikes. Scary to see WooCommerce on this list. We have quite a few clients using that plugin. It’s a pretty popular plugin.

    ProTruckDriver
    Jasper_The_Rasper
    TripleHelix
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix
    TylerM
    Administrator
    Forum|alt.badge.img+25
    • TylerM
    • Sr. Security Analyst & Community Manager
    • 1272 replies
    • January 9, 2023

    Wordpress I feel like is #1 concern when it comes to unsecure websites

    ProTruckDriver
    Jasper_The_Rasper
    TripleHelix
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix
    russell.harris
    Popular Voice
    Forum|alt.badge.img+5

    Sooo many use it for its ease of use but don’t think about the security 

    "The only problem with troubleshooting is that sometimes trouble shoots back!"
    TylerM
    1 person likes this
    • TylerM
      TylerM
    kleinmat4103
    Popular Voice
    Forum|alt.badge.img+6
    • kleinmat4103
    • Popular Voice
    • 512 replies
    • January 10, 2023

    I think you’re right @TylerM. Though kind of the same way Windows is the #1 target for computer security.

     

    I think Wordpress is like most things in technology. In order to keep it secure, you need to keep it patched. The caveat is you also have to keep all your plugins patched as well. This is where it is important to only use plugins that are in active development. I’ve seen so many sites where the plugins are “updated,” but have several plugins that were abandoned years ago.

     

    It’s like having the latest version of Adobe Flash installed. Sure, it’s updated, but it hasn’t been touched in years.

     

    Wordpress has followed a similar path as Microsoft has with Windows patching. They now force Wordpress updates. Most plugins have the option to configure auto-updates. The ones that don’t probably shouldn’t be installed anyway.

     

    Unfortunately, too many people pay a developer to throw up a website and never touch it again. Developer got paid and is out of the picture, so no one maintains the site. It’s a recipe for disaster.

     

     

    ProTruckDriver
    TylerM
    Jasper_The_Rasper
    4 people like this
    • ProTruckDriver
      ProTruckDriver
    • TylerM
      TylerM
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix

    Reply


    Terms & Conditions