• Tue. Aug 16th, 2022

The 50 Most Attacked WordPress Plugins

ByGavin Chahal

Aug 6, 2022
The 50 Most Attacked WordPress Plugins 1

WordFence not too long ago printed an article mentioning the 50 Most Attacked WordPress Plugins. Any such sensational article is fascinating however must be put into perspective…

Top-50 plugins wordpress attaques

The staff of WordFence was primarily based on the statistics of the websites of their prospects. Any such statistics is troublesome to search out and confirm.

But it’s a good indicator, we discover among the many plugins talked about some nice classics (revslider – Revolution Slider or Wp-Filemanager). The amount of assaults can be very vital, at least 20 million assaults recorded…

Let’s have a look at how this prime 50 was made:

This week, we dug deep into our information and we publish the 50 most attacked WordPress plugins within the final 7 days. The next information is predicated on the next parameters:

  • Within the final week Wordfence blocked 20,644,496 assaults throughout all of the websites it protects.
  • 20,622,975 of those assaults had been from IPv4 addresses and 15,160 of those assaults had been from IPv6 addresses.
  • Of the roughly 1.5 million energetic websites that WordFence protects, 581,689 of these websites have acquired assaults up to now week.

The next is the record of plugins that acquired essentially the most assaults over the previous week (2016-08-10-16). We present on this desk the “slug” of the plugin which corresponds to the identify of the distinctive listing that the plugin makes use of when it’s put in in your WordPress.

PLUGIN Variety of websites attacked Complete Assaults IPs Sort
recent-backups 182,525 351,014 3,467 LFI
wp-symposium 149,860 242,715 3,460 Shell
google-mp3-audio-player 138,282 307,743 2,032 LFI
db-backup 129,519 287,043 2,189 LFI
wptf-image-gallery 107,000 131,938 2,846 LFI
wp-ecommerce-shop-styling 103,471 131,011 2,887 LFI
candidate-application-form 103,017 127,359 2,820 LFI
wp-miniaudioplayer 91,546 196,557 1,381 LFI
ebook-download 88,461 189,640 1,408 LFI
ajax-store-locator-wordpress_0 86,051 119,192 1,396 LFI
hb-audio-gallery-lite 82,041 105,618 1,505 LFI
simple-ads-manager 70,683 166,131 6,476 Shell
reef slider 53,549 145,626 407 Shell
inboundio-marketing 53,063 112,696 874 Shell
wpshop 51,609 111,546 830 Shell
dzs-zoomsounds 51,089 225,032 731 Shell
reflex-gallery 49,853 111,624 699 Shell
wp-mobile-detector 38,764 115,235 800 Shell
formcraft 25,192 52,604 668 Shell
sexy-contact-form 19,076 50,649 316 Shell
filedownload 12,584 19,400 353 LFI
plugin-newsletter 11,982 23,887 451 LFI
simple-download-button-shortcode 11,558 21,502 427 LFI
pica-photo-gallery 11,059 16,587 262 LFI
tinymce-thumbnail-gallery 10,972 16,429 263 LFI
material press 10,814 16,235 333 LFI
wp-filemanager 10,756 16,634 331 LFI
history-collection 10,427 24,371 607 LFI
s3bubble-amazon-s3-html-5-video-with-adverts 10,312 24,011 595 LFI
simple-image-manipulator 7,268 8,272 448 LFI
ibs-mappro 5,555 18,738 448 LFI
image-export 5,442 6,047 266 LFI
abtest 5,431 5,885 297 LFI
wp-swimteam 5,119 5,433 238 LFI
contus-video-gallery 4,921 17,866 345 LFI
sell-downloads 4,393 4,746 240 LFI
fireplace folder 4,268 4,619 230 LFI
thecartpress 4,164 4,534 274 LFI
advanced-uploader 4,066 4,351 203 LFI
aviary-image-editor-add-on-for-gravity-forms 3,548 5,749 247 Shell
wp-post-frontend 1,811 16,690 294 Shell
[Retiré]* 1,716 2,133 65 Shell
mdc-youtube-downloader 1,039 5,517 199 LFI
document_manager 915 4,450 148 LFI
paypal-currency-converter-basic-for-woocommerce 797 1,133 129 LFI
justified-image-grid 788 17,852 35 LFI
cherry-plugin 539 3,919 31 Shell
aspose-cloud-ebook-generator 531 720 25 LFI
gwolle-gb 331 406 46 LFI
PLUGIN Variety of websites attacked Complete Assaults IPs Sort

*The plugin on this itemizing was eliminated earlier than publication. It incorporates a shell kind obtain vulnerability. This vulnerability doesn’t exist within the present model of the plugin. Since this flaw is undocumented, it’s technically a zero day vulnerability, regardless that the flaw has been fastened within the new model of the plugin, we have now determined to take away the identify of this plugin.

These information are merely a sign of the sort/quantity of assaults on the plugins of web sites utilizing Wordfence and will not be consultant sufficient over a broad spectrum. This provides no indication {that a} plugin on this record is kind of “safe” than one other. There is no such thing as a information on the success or failure of the assault and at last, these statistics are solely primarily based on 7 days.

Ultimately, if I stay skeptical concerning the panel, it’s nonetheless a very good indicator! WordPress websites are recurrently attacked, all WordPress websites are – huge and small. My recommendation of the day, keep updated!

To safe your website, begin by establishing 15 apparent safety measures and observe the RSS feed of WordPress safety vulnerabilities.

Supply : https://www.wordfence.com/top-50-attacked-wordpress-plugins-week/


close

Leave your vote

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.