If you’re a WordPress user, your site might not be as safe as you think. The first half of 2015 has seen a colorful variety of exploits that could be used on your website, and an especially high number of serious vulnerabilities exposed in WordPress’s various plugins.
According to reports released by the non-profit Exploit Database (EDB), February received a record nigh number of bug reports, with 62 vulnerabilities reported, significantly higher than the January-June average of 42.5. That month, 64.52 percent of all reported threats were classified as “high risk,” and more than half exploited vulnerabilities in u5CMS and phpBugTracker.
Starting in April, the number of software vulnerabilities in WordPress skyrocketed, from only 3 in March up to 21 in April. With a total 33 reported vulnerabilities, there were more WordPress bugs than all others combined. In May, the number stayed stable at 20 reported WordPress vulnerabilities (out of 36), and in June the number was reduced to 12 of 38.
Whether that trend continues remains to be seen, but in light of the exposed tools of Hacking Team, it’s unlikely. The worst WordPress vulnerabilities targeted a variety of plugins, including plugins for managing ads, analyzing traffic, uploading photos, displaying videos, among others. More vulnerabilities were exposed in WordPress’s All In One WP Security & Firewall. These attack vectors constituted multiple SQL injections and file uploads, and one LFI and one XSS.
Should you feel safe leaving your WordPress site unprotected? Absolutely not. Be sure to protect your site behind Cloudbric’s web application firewall today.