Here are the 10 most vulnerable plugins

Plugins are a hacker paradise WordPress was hit hard with security issues in 2018, tripling its vulnerabilities over 2017, according a report just released by cybersecurity company Imperva. But don’t blame the WordPress core: 98% of the vulnerabilities came from third-party plugins.

This is no surprise. As the CMS for a third of all the world’s websites, the WordPress repository is positively brimming with 54,260 plugins. The catch is there are no mandatory security standards.

Imperva’s report identified the following 10 plugins as those with the most security vulnerabilities. Please note that these are not necessarily the most attacked ones:

  • Event Calendar WD
  • Ultimate Member
  • Coming Soon Page
  • GD Rating System
  • Contact Form by WD
  • WPGlobus
  • Form Maker
  • Ninja Forms
  • Affiliates Manager
  • Duplicator Pro

While WordPress vulnerabilities increased dramatically, they were not the most significant. Instead, it was Drupal’s vulnerabilities that caused security breaches in hundreds of thousands of web servers last year. “The simplicity of these Drupal vulnerabilities and their catastrophic impact made them a weapon of choice for many attackers,” the report states.