Security Wordpress Plugin Report

CHECKMARX The Security State of WWORDPRESS' Top 50 Plugins Summary: Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities. Hackers can exploit these vulnerable applications to access sensitive information such as personally identifiable information , health records and financial details. Other vulnerabilities allow hackers to deface the sites or redirect them to another attacker-controlled site. In other cases, hackers can take control of the vulnerable sites and make them part of their botnet heeding to the attacker's instructions. Background and Motivation: WORDPRESS is Popular: 18% of the Web 60,000,000 WWORDPRESS Websites 18% WWORDPRESS is being attacked For example TimThumb LFI vulnerability: 1.2 Million Recently Compromísed 200.000 Recent Redirects Methodology: Checked top 50 most downloaded plugins in Wordpress twice Checked top 10 most downloaded e-commerce plugins We scanned for only 5 high risk vulnerabilities. SQL Injection (SQLİ) Cross Site Scripting (XSS) Cross Site Request Remote/ Local File Forgery (CSRF) Inclusion (RFI/ LFI) Path Traversal Findings: 20% of 50 Plugins are vulnerable 20% 7 of 10 eCommerce Plugins are vulnerable Plugin X 300,000 Lines of a Plugin Y 1000 lines of a code Code No correlation between length of code and vulnerability Plugin Types Vary 0.ו1ו11ו0ו01011100 li ."וםוl OCIOII00101100CICIII0001010110010 0 ו001וו1001001000סוםו וו.ו 010ווו0 ו.0!וו(00Iו-וו1100ו1 010| Il.00ו00.ו(0001iו.וו10101100 00ויוIו0I0IID10100/ו11!-ו!..ווו0 1D01|IDOIDIDICOIO1101101011000101|| Social Networks Content Site eCommerce Management Development Only Six Plugins were Fixed Fixed: O BuddyPress Woo COMMERCE W3 TOTAL CACHE bb) bbPress Super Cache Web Performance Optimization for WordPress W3 Total Cache E-COMMERCE Recommendation for Web Admins: WORDPRESS Download plugins only from reputable sources. For WordPress, this means WordPress.org Verify the security posture of the plugin by scanning it for security issues June S m. T e, M Ma 12 13 15 18:19: 20: 21 22 74:25 26 27 33 Ensure all your plugins Remove any are up to date unused plugins Recommendation for PLugin Developers: Can it! Run the plugin through a Integrate security within the plugin development code scanner to ensure that it stands up to a security standard Other Platform Developers: Although this research was conducted against WordPress plugins, it is important to recognize that many other platform providers suffer from similar problems. All app marketplaces - whether Web or mobile - which provide the platform for building plugins and extensions run the risk of vulnerable extensions on their site. POLICE Enforce a security policy on apps that enter the marketplace. Authorize only apps that passed the security bar. Contact УСНЕСКМARX Source Code Analysis Made Easy North America 2576 Broadway, Suite 155 New York, NY 10025, USA Tel: +1-917-470-9501 EMEA Azrieli Towers Circular Building - 22nd floor 132 Menahem Begin St. TetAviv, ISRAEL Tet: +972-3-7581800 Email: [email protected] To start your free Source Code Analysis Trial go to checkmarx.com/register