arrow Products
Glide CMS image Glide CMS image
Glide CMS arrow
The powerful intuitive headless CMS for busy content and editorial teams, bursting with features and sector insight. MACH architecture gives you business freedom.
Glide Go image Glide Go image
Glide Go arrow
Enterprise power at start-up speed. Glide Go is a pre-configured deployment of Glide CMS with hosting and front-end problems solved.
Glide Nexa image Glide Nexa image
Glide Nexa arrow
Audience authentication, entitlements, and preference management in one system designed for publishers and content businesses.
For your sector arrow arrow
Media & Entertainment
arrow arrow
Built for any content to thrive, whomever it's for. Get content out faster and do more with it.
Sports & Gaming
arrow arrow
Bring fans closer to their passions and deliver unrivalled audience experiences wherever they are.
Publishing
arrow arrow
Tailored to the unique needs of publishing so you can fully focus on audiences and content success.
For your role arrow arrow
Technology
arrow arrow
Unlock resources and budget with low-code & no-code solutions to do so much more.
Editorial & Content
arrow arrow
Make content of higher quality quicker, and target it with pinpoint accuracy at the right audiences.
Developers
arrow arrow
MACH architecture lets you kickstart development, leveraging vast native functionality and top-tier support.
Commercial & Marketing
arrow arrow
Speedrun ideas into products, accelerate ROI, convert interest, and own the conversation.
Technology Partners arrow arrow
Explore Glide's world-class technology partners and integrations.
Solution Partners arrow arrow
For workflow guidance, SEO, digital transformation, data & analytics, and design, tap into Glide's solution partners and sector experts.
Industry Insights arrow arrow
News
arrow arrow
News from inside our world, about Glide Publishing Platform, our customers, and other cool things.
Comment
arrow arrow
Insight and comment about the things which make content and publishing better - or sometimes worse.
Expert Guides
arrow arrow
Essential insights and helpful resources from industry veterans, and your gateway to CMS and Glide mastery.
Newsletter
arrow arrow
The Content Aware weekly newsletter, with news and comment every Thursday.
Knowledge arrow arrow
Customer Support
arrow arrow
Learn more about the unrivalled customer support from the team at Glide.
Documentation
arrow arrow
User Guides and Technical Documentation for Glide Publishing Platform headless CMS, Glide Go, and Glide Nexa.
Developer Experience
arrow arrow
Learn more about using Glide headless CMS, Glide Go, and Glide Nexa identity management.

WordPress security vulnerabilities increase by 142%

New data points to an alarming rise in exploit vulnerabilities in the WordPress plugin ecosystem, with businesses urged to change their approach to dealing with them

by Rob Corbidge
Published: 15:06, 20 January 2022

Last updated: 18:08, 20 January 2022
Computer and website locked out by hackers

New data from Risk Based Security (RBS) points to an unusually large rise in the number of vulnerabilities associated with WordPress plugins in the past year, a rise larger than could be expected on previous years' data.

RBS reports that "10,359 vulnerabilities were reported to affect third-party WordPress plugins at the end of 2021. Of those, 2,240 vulnerabilities were disclosed last year, which is a 142% increase compared to 2020".

WordPress is a hugely popular platform, and so of course is exposed like no other similar platform to security threats by sheer volume of installs alone.

Yet, importantly, RBS notes that while organisations focus on critical threats, the majority of the focus towards WordPress plugins by malevolent actors is on security exploits. 

As RBS discovered, the vast majority of WordPress plugin vulnerabilities are exploitable:

  • 7,592 WordPress vulnerabilities are remotely exploitable
  • 7,993 WordPress vulnerabilities have a public exploit
  • 4,797 WordPress vulnerabilities have a public exploit, but no CVE ID

"This intelligence gap is made even worse when considering the state of the WordPress plugin ecosystem. There are over 58,000 free plugins for download, with tens of thousands more available for purchase. Unfortunately, few of them are designed with security in mind, so one vulnerability could potentially affect millions of users," notes RBS.

Exploit attacks such as those using malware created by ALFA TEaM are actually meant to stay undetected as they are simply a conduit for the group's real targets in, for example, the aerospace or energy industries.

Some industry figures are already urging a different approach to security. Mitchell Schneider, principal analyst at Gartner, recently encouraged organisations to make vulnerability management less about mass patching and more about prioritising the most exploitable vulnerabilities.

"There's no inherent correlation between the vulnerability and if threat actors are exploiting them in terms of those severity ratings," Schneider said. "If you take the vulnerabilities in your environment, and focus on the ones that are being exploited in the wild, this will be an exponential improvement in your security posture."

The report from RBS raises questions regarding the understanding of assumed responsibility with regards to open source platforms and the level of ongoing investment required in keeping them current. Open source obviously does not mean free, in terms of cost or responsibility - two key elements in the platform selection process.