https://safirsoft.com WordPress plugin vulnerabilities doubled in 2021

What happened? Third-party WordPress plugin vulnerabilities increased significantly in 2021, and many of them are still known for generic exploits. Cybersecurity firm Risk Based Security said 10,359 vulnerabilities were reported affecting third-party WordPress plugins at the end of last year, of which 2,240 were exposed in 2021. This is a 142 percent increase from 2020, but the concern is The biggest is the fact that 77 percent of the known WordPress plugin vulnerabilities - or 7,993 of them - have public exploits.

A closer look reveals that 7592 vulnerabilities in the WordPress plugin can be exploited remotely, while 4797 are generic exploits but have no CVE ID. For organizations that rely solely on CVE to prioritize mitigation, the latter means that more than 60% of vulnerabilities of general use will not even be on their radar.

 https://safirsoft.com <b>WordPress</b> <b>plugin</b> <b>vulnerabilities</b> Double in <b>2021</b>

Another thread checking Risk-Based Security For organizations, their focus is on importance rather than exploitation.

The company notes that many organizations rate vulnerabilities with a CVSS severity score of less than 7.0 as high priorities and therefore do not address them immediately. This is a problem since the average CVSS score for all WordPress plugin vulnerabilities is 5.5. They can easily be misused, they support. Given the data and observations, it may be wise for some organizations to review their threat management protocols.

Image Credit: Justin Morgan



https://safirsoft.com An unmodified Safari form can reveal your browsing history and other metadata

An unmodified Safari form can reveal your browsing history and other metadata

Why it matters: Researchers have discovered a bug in Safari 15 that could allow a website to access your recent browsing history, as well as your Goog...
https://safirsoft.com Microsoft warns of Ukrainian disk cleaner malware

Microsoft warns of Ukrainian disk cleaner malware

Over the weekend, Microsoft issued a warning about malware targeting the government and other organizations in Ukraine that erases data from damaged s...
https://safirsoft.com Crypto.com exchange hacked, but CEO downplayed its severity

Crypto.com exchange hacked, but CEO downplayed its severity

Editor’s Note: Apparently, one of the world’s largest cryptocurrencies has been hit by a security breach with around 4,600 Atrium tokens worth ove...
https://safirsoft.com Custom malware written on Windows, macOS, and Linux detected

Custom malware written on Windows, macOS, and Linux detected

Why it matters: In December 2021, the Intezer security team identified a custom malware written on a Linux web server, a leading educational instituti...
https://safirsoft.com Intel SGX aging affects DRM and Ultra HD Blu-ray support

Intel SGX aging affects DRM and Ultra HD Blu-ray support

Big Picture: Today's technology delivers high-quality videos at the touch of a button. But while streaming is very convenient, factors ranging from su...
https://safirsoft.com Russia says infamous ransomware group shut down REvil

Russia says infamous ransomware group shut down REvil

What happened? The Russian FSB has arrested members of REvil, the ransomware group responsible for numerous cyberattacks across the United States last...