CheckMarx reports they have analyzed the 50 most popular WordPress plugins and found:
- 20% of the most popular plugins are vulnerable to common Web attacks
- 7 of the 10 most popular eCommerce plugins are vulnerable to common Web attacks
One might guess that less popular plugins are often worse, on average.
Recommendations:
- Only download plugins from WordPress.org
- Keep your plugins up-to-date
- Uninstall unused plugins
- Especially for e-Commerce sites, limit the number of plugins
- Avoid plugins which appear to be long out-of-date or abandoned