Distrito Telefónica. Innovation & Talent Hub

Detection and estimation of vulnerabilities in WordPress plugins

Cybersecurity and Privacy

More and more companies and users use the Internet as a showcase to advertise their products and creations. CMS are computer platforms that allow one or more users to create a web space on the Internet with advanced design features (video, photography, colors...) without the need for programming skills.  
There are currently millions of web pages, of which approximately 50% are created using one of the more than 1,000 existing CMS. WordPress is the most popular CMS in the world, being used by approximately 28.9% of all websites on the Internet, making it the fastest growing CMS. In addition to the platform, WordPress provides a way to extend its default functionality in a simple way for any user with programming knowledge, through extensions called plugins.  
Taking into account the data shown in the previous paragraph, it is not surprising that WordPress security has become a priority for all users and companies that host their services on it. This is why, over time, several security audits have been carried out.  
There are currently thousands of WordPress plugins with millions of downloads. This volume of downloads is also an indication of the security risk that these extensions represent for the platform, with tools such as WPScan reporting that approximately 52% of all reported vulnerabilities belong to plugins. Despite this, plugins are commonly ignored in security audits and code reviews because they are not an integral part of the platform in their default state, but are external components that are added on demand, which causes a large number of plugins found in the official WordPress repository to be vulnerable.  

Explore our next research

Albayzin 2024 Wake-Up Word Detection Challenge

The challenge, organized by Telefónica Innovación Digital, seeks to evaluate the performance of state-of-the-art keyword detection systems to address various industrial needs, such as accuracy, inference delay, computational load and energy efficiency.

Two people on a video call communicating through sign language