arrow Products
Glide CMS image Glide CMS image
Glide CMS arrow
The powerful intuitive headless CMS for busy content and editorial teams, bursting with features and sector insight. MACH architecture gives you business freedom.
Glide Go image Glide Go image
Glide Go arrow
Enterprise power at start-up speed. Glide Go is a pre-configured deployment of Glide CMS with hosting and front-end problems solved.
Glide Nexa image Glide Nexa image
Glide Nexa arrow
Audience authentication, entitlements, and preference management in one system designed for publishers and content businesses.
For your sector arrow arrow
Media & Entertainment
arrow arrow
Built for any content to thrive, whomever it's for. Get content out faster and do more with it.
Sports & Gaming
arrow arrow
Bring fans closer to their passions and deliver unrivalled audience experiences wherever they are.
Publishing
arrow arrow
Tailored to the unique needs of publishing so you can fully focus on audiences and content success.
For your role arrow arrow
Technology
arrow arrow
Unlock resources and budget with low-code & no-code solutions to do so much more.
Editorial & Content
arrow arrow
Make content of higher quality quicker, and target it with pinpoint accuracy at the right audiences.
Developers
arrow arrow
MACH architecture lets you kickstart development, leveraging vast native functionality and top-tier support.
Commercial & Marketing
arrow arrow
Speedrun ideas into products, accelerate ROI, convert interest, and own the conversation.
Technology Partners arrow
AWS image
AWS
arrow arrow
Vercel image
Vercel
arrow arrow
Pugpig image
Pugpig
arrow arrow
Poool image
Poool
arrow arrow
Solution Partners arrow
Code Store image
Code Store
arrow arrow
The App Lab image
The App Lab
arrow arrow
Polemic Digital image
Polemic Digital
arrow arrow
Made by Many image
Made by Many
arrow arrow
Industry Insights arrow arrow
News
arrow arrow
News from inside our world, about Glide Publishing Platform, our customers, and other cool things.
Comment
arrow arrow
Insight and comment about the things which make content and publishing better - or sometimes worse.
Newsletter
arrow arrow
The Content Aware weekly newsletter, with news and comment every Thursday.
Knowledge arrow arrow
Customer Support
arrow arrow
Learn more about the unrivalled customer support from the team at Glide.
Documentation
arrow arrow
User Guides and Technical Documentation for Glide Publishing Platform headless CMS, Glide Go, and Glide Nexa.
Developer Experience
arrow arrow
Learn more about using Glide headless CMS, Glide Go, and Glide Nexa identity management.

WordPress security vulnerabilities increase by 142%

New data points to an alarming rise in exploit vulnerabilities in the WordPress plugin ecosystem, with businesses urged to change their approach to dealing with them

by Rob Corbidge
Published: 15:06, 20 January 2022

Rob Corbidge is Head of Content Intelligence at Glide Publishing Platform, applying the latest knowledge about advances and ideas in the publishing industry to our own product and helping clients get the most from their content.

Computer and website locked out by hackers

New data from Risk Based Security (RBS) points to an unusually large rise in the number of vulnerabilities associated with WordPress plugins in the past year, a rise larger than could be expected on previous years' data.

RBS reports that "10,359 vulnerabilities were reported to affect third-party WordPress plugins at the end of 2021. Of those, 2,240 vulnerabilities were disclosed last year, which is a 142% increase compared to 2020".

WordPress is a hugely popular platform, and so of course is exposed like no other similar platform to security threats by sheer volume of installs alone.

Yet, importantly, RBS notes that while organisations focus on critical threats, the majority of the focus towards WordPress plugins by malevolent actors is on security exploits. 

As RBS discovered, the vast majority of WordPress plugin vulnerabilities are exploitable:

  • 7,592 WordPress vulnerabilities are remotely exploitable
  • 7,993 WordPress vulnerabilities have a public exploit
  • 4,797 WordPress vulnerabilities have a public exploit, but no CVE ID

"This intelligence gap is made even worse when considering the state of the WordPress plugin ecosystem. There are over 58,000 free plugins for download, with tens of thousands more available for purchase. Unfortunately, few of them are designed with security in mind, so one vulnerability could potentially affect millions of users," notes RBS.

Exploit attacks such as those using malware created by ALFA TEaM are actually meant to stay undetected as they are simply a conduit for the group's real targets in, for example, the aerospace or energy industries.

Some industry figures are already urging a different approach to security. Mitchell Schneider, principal analyst at Gartner, recently encouraged organisations to make vulnerability management less about mass patching and more about prioritising the most exploitable vulnerabilities.

"There's no inherent correlation between the vulnerability and if threat actors are exploiting them in terms of those severity ratings," Schneider said. "If you take the vulnerabilities in your environment, and focus on the ones that are being exploited in the wild, this will be an exponential improvement in your security posture."

The report from RBS raises questions regarding the understanding of assumed responsibility with regards to open source platforms and the level of ongoing investment required in keeping them current. Open source obviously does not mean free, in terms of cost or responsibility - two key elements in the platform selection process. 

 

Latest articles

a robot signing a ownership of a piece of content
Content Aware media news: July 18, 2024
arrow button
a birthday cake with "150" written on it
Content Aware media news: July 11, 2024
arrow button
Sand castle crumbling
Content Aware media news: July 4, 2024
arrow button

Ready to get started?

No matter where you are on your CMS journey, we're here to help. Want more info or to see Glide Publishing Platform in action? We got you.

Book a demo