The State of WordPress Security
Does WordPress really need an introduction? It is by far the most popular blogging software on the planet and it is also abused for other tasks frequently. A large percentage of the World Wide Web is WordPress1. Plugins from the community are an integral part of most WordPress sites, therefore this blog post will cover the complete WordPress ecosystem and not just the core. To do this we downloaded all 47,959 plugins that are available from the official WordPress repository and analyzed them with our static code analyzer RIPS! Shockingly, about every second larger plugin contains at least one medium severity issue. But is it really that bad? Read on to find out!
Statistics
Before we start analyzing the vulnerabilities, let us have a look at the general statistics to understand what the results really indicate. Our scan includes all plugins that are hosted in the official WordPress repository2 and have at least one PHP file. If there are releases, we use the latest release, otherwise we use the code from the trunk3. There are 44,705 plugins that fulfill this criteria. The average amount of files per plugin is 8.43 and the average amount of lines per plugin is 602. As concluded from the
Source: https://managewp.org/articles/14044/the-state-of-wordpress-security
source https://williechiu40.wordpress.com/2016/12/19/the-state-of-wordpress-security/