A new study has found that roughly 20 percent of the 50 most popular plug-ins for the WordPress platform are vulnerable to common Web attacks.
According to research from security vendor Checkmarx, that figure represents nearly 8 million downloads of plug-ins vulnerable to issues such as SQL injection, cross-site scripting, cross-site request forgery and path traversal. Additionally, the research revealed that seven out of the top 10 most popular e-commerce plug-ins for WordPress are vulnerable to attacks as well—translating to more than 1.7 million downloads - See more at: http://www.eweek.com/security/popular-wordpress-plugins-vulnerable-to-attack-checkmarx-research/#sthash.bZ27CNUY.dpuf
As part of our security policy we don't allow users to install third-party plugins for WordPress without prior review (we do not guarantee that a review will prevent security risks nor create incompatibility issues with your theme). As part of your hosting with us we provide you with a set of popular and reliable plugins to the best of our knowledge. These plugins meets most of our clients needs. If there is a specific plugin that you would like to install we would be happy to review it. Note that not all plugins are compatible with all themes and are often not tested with the latest versions of WordPress. A cost may be incurred to debug a plugin that causes problems with the website functionality.
This policy has not only proven effective in preventing security risks for our clients websites but also ensures that your website will load fast and won't be bogged down by code from multiple plugins.
With the latest research this only confirms our policy is the best options for our clients.
While every line of code has the potential of introducing a vulnerability, Checkmarx found that there was no correlation between the number of lines of code and the vulnerability level of the plug-ins. On the contrary, some plug-ins included only a few thousand lines of code, but had more vulnerabilities than plug-ins containing tens of thousands of lines of code, according to the company's paper. - By Brian Prince
