SOCIALCOM-PASSAT ’12: Proceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust, 2012
We have applied static analysis to find out how vulnerable the plugins available at the official ... more We have applied static analysis to find out how vulnerable the plugins available at the official Word Press plug in directory are to well known security exploits. We have compared the amount of potential vulnerabilities and vulnerability density to the user ratings, to determine if user ratings can be used for finding secure plugins. We conclude that the quality of the plugins varies and there is no clear correlation between the ratings of plugins and the number of vulnerabilities detected in them. Indeed, an additional manual review exposed a simple but severe SQL injection vulnerability in a plug in, which has both good user ratings and a high download count. We recommend plugins to be individually inspected for typical vulnerabilities before using them in any Word Press powered site.
Bookmarks Related papers MentionsView impact
Uploads