WordPress Plugins Exploitation Through the Big Data Prism: According to Wikipedia, WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL, which runs on a web hosting service. Features include a plug-in architecture and a template system. WordPress is used by more than 18.9% of the top 10 million websites as of August 2013. WordPress is the most popular blogging system in use on the Web, at more than 60 million websites.
In recent years, the security posture of WordPress plugins was a topic of much interest, mostly due to the abundance of security vulnerabilities that were found and published. A quick search of the CVE database for the terms ‘WordPress’ and ‘plugin’, returns 64 different vulnerability disclosures in 2013 alone – obviously a high number by any standard.
In June 2013, Checkmarx, a source code analysis vendor released a very thorough and interesting whitepaper on the topic of WordPress Plugins Security, listing the most vulnerable plugins.
While reading Checkmarx’s whitepaper, and going through the long list of vulnerable WordPress plugins, we felt that a few critical questions were still left unanswered. The questions were:
Are web hackers really targeting WordPress plugins?
Which WordPress plugins are the most sought after by hackers?
What types of vulnerabilities are the most coveted by hackers?
In order to answer the questions above, we decided to mine Akamai’s security big data platform (‘Cloud Security Intelligence’) for WordPress plugin attack patterns. Akamai’s ‘Cloud Security Intelligence’ is a massive scale distributed data platform, which stores billions of security events from thousands of web applications all across the globe. The platform enables Akamai’s threat research team to distill quality insights on attack trends taking place on the Internet.