WordPress vulnerabilities up 20 percent in 2018

walden, system, systems, walden systems, rita, firewall, port, forward, up, protect, intrusion, security, traffic, DMZ, block, protection, walden systems, walden, systems, network, fire, wall, hack, intrusion, cisco, router, network, switch, hub, IoT, traffic, marriot, data breach, passport, drupal, cms, wordpress, increased attacks,  vulnerabilities
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Vulnerabilities in WordPress, a popular content management system, is up 20 percent in 2018, according to new web application bug research. Researchers at Imperva continued to see a trend of increasing web application vulnerabilities. The number of new vulnerabilities found in web apps in 2018 was 17,142, in 2017, 14,082 vulnerabilities were found. According to Imperva's data more than half of the vulnerabilities have a public exploit available to hackers, and a third of web application vulnerabilities don't have any solution, workaround or patch.

The most common vulnerabilities are related to injection, such as SQL injection, command injection and object injection. Injection vulnerabilities made up almost 20 percent of the total vulnerabilities in 2018. That comes as hackers looks into new stealthy code-injection techniques to embed malware variants such as Trickbot and TurnedUp inside infected systems.


Cross site scripting bugs also grew and is becoming the second most common vulnerability. Cross site scripting vulnerabilities doubled in 2018 compared to 2017. It's no surprise that WordPress is a target for hackers since it is the most popular with 59 percent of all CMS websites using it. The increase in security vulnerabilities is interesting because there new plugins were only up 3 percent in 2018. Almost all the WordPress vulnerabilities are related to plugins that extend the functionality and features of a website or a blog. The top vulnerable plugins include Event Calendar, Ultimate Member, Coming Soon Page, Ninja Forms and Duplicator Pro.

Anyone can create a plugin and publish it, WordPress is open source, easy to manage, and there is no enforcement or any proper process that mandates minimum security standards so WordPress plugins are prone to vulnerabilities. Wordpress patched a lot of these vulnerabilities in 2018. A critical privilege escalation vulnerability that could allow a hacker to inject malware, place ads and load custom code on was patched.

In December, WordPress 5.0 users were told to update their CMS software to fix a number of serious bugs. This happened less than a week after version 5.0 was released. While WordPress has the most number of vulnerabilities, it isn't as severe as other vulnerabilities. Drupal bugs had a larger impact and were used in mass attacks that targeted hundreds of thousands of sites during 2018. Last year a highly-critical Drupal bug, Drupalgeddon 2.0, affected an estimated 1,000,000 sites running the CMS despite a patch being released.