26% of plugins with critical security vulnerabilities are never patched (2022) – Jorcus

26% of plugins with critical security vulnerabilities are never patched (2022) WordPress

Patchstack just released the State of WordPress Security in 2022.

To help you save time reading, here are the key findings:

  1. 26% of plugins with critical security bugs never received a patch.
  2. Compared to the 1,382 confirmed security bugs in WordPress plugins they added to their database in 2021, Patchstack added 4,528 of them in 2022 – a rise of 328%.
  3. The WordPress core platform itself was responsible for only 0.6% of the security bugs. Themes accounted for 6.7% and plugins were the main culprit with 93%.

Unpatched security bugs are especially common in third-party plugins and themes that extend WordPress functionality but may not receive regular updates or support from their creators.

Therefore, it is important for WordPress site owners to keep their plugins and themes updated regularly and use a web application firewall (WAF) to block hacking attempts.