Security News > 2022 > January > WordPress Bugs Exploded in 2021, Most Exploitable

Last year brought forth much more than a Ben Affleck-Jennifer Lopez reunion - analysts found the number of exploitable WordPress plugin vulnerabilities exploded.

Researchers from RiskBased Security reported they found the number of WordPress Plugin vulnerabilities rose by triple digits in 2021.

"10,359 vulnerabilities were reported to affect third-party WordPress plugins at the end of 2021," RiskBased Security's team explained.

The report found that 7,592 WordPress vulnerabilities are remotely exploitable; 7,993 have a public exploit; and 4,797 WordPress vulnerabilities have a public exploit, but no CVE ID. In other words, organizations that rely on CVEs won't have any visibility into 60 percent of the publicly known WordPress plugin exploits, the team said.

The right response to the emerging WordPress attack surface, according to the RiskBased team, is a fundamental shift away from prioritizing resources based on how critical a risk is to the organization to instead focusing on the most easily exploitable bugs.

"On average, the CVSSv2 score for all WordPress plugin vulnerabilities is 5.5, which by many current VM frameworks is considered a 'moderate' risk, at best," the RiskBased Security team advised.

News URL

https://threatpost.com/wordpress-bugs-exploded-2021-exploitable/177553/