Mastodawn

Neil Batchelor Feb 10, 2023

Interesting read.... Two percent of WordPress plugins are responsible for 99% of the vulnerabilities.

"The 2022 WordPress Vulnerability Annual Report"
https://ithemes.com/blog/the-2022-wordpress-vulnerability-annual-report/

#WordPress #Security #Vulnerability #WP #Plugin #Plugins

The 2022 WordPress Vulnerability Annual Report

The WordPress Vulnerability Report answers the question, "How secure is WordPress?" The threats increase daily, and 2022 was no exception.

iThemes

Show thread

Ipstenu (Mika E.) 🏳️‍🌈Feb 10, 2023

@nbwpuk Sounds about right, honestly.

Show thread

Neil Batchelor

@ipstenu yeah, true. Unfortunately it's that 2% that give the whole ecosystem a bad rap.

Show thread

Ipstenu (Mika E.) 🏳️‍🌈Feb 10, 2023

@nbwpuk It's complicated.

The 2% aren't necessarily all that bad in the first place -- as the article notes, you gotta upgrade!

But the real heart is ... reasonable reporting.

Instead of finding a bug, privately disclosing, and letting people fix ... they just attack. And worse is when 'reputable security firms' turn around an report "THIS IS A HACK!" before also talking to the plugin person about it.

iThemes is a good one, in my experience.