WordPress, the popular blogging and content management application, has spurred growth of a significant market of plug-in applications. But this week the Israeli application security firm Checkmarx warned that many of those plug-ins are riddled with security vulnerabilities.
Some 60 million websites are built using WordPress. Checkmarx said seven of the 10 most popular plug-ins developed by third-party companies contained vulnerabilities, including SQL injection errors and cross-site scripting flaws that attackers could use to gain access to a hosting server and other WordPress sites hosted on the same server.
To be clear, these plug-ins aren't developed by WordPress. But other vendors, Apple being one example, make some effort to police the third-party software being offered for their platforms. Many of these plug-ins are available through the WordPress.org website. WordPress should step in and do the same to protect the WordPress community.