WordPress seems to have had the dubious pleasure of been nominated for the 2008 Pwnie Awards in the “Mass 0wnage” category:
It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins. Many of them are actively being exploited to own popular WordPress blogs and use them to serve spam or client-side exploits to unsuspecting visitors. The popularity of WordPress combined with the abysmal security practices of WordPress plugin developers places the entire Internet at risk and is worthy of a nomination.
To be fair many of the vulnerabities that are reported are within plugin code rather than the core. For more information on the CVEs reported for WordPress and WordPress plugins this year you can head over to the codex.
if the CVEs project is done, you can tell us what plugin that have risk vulnerabities
@Ardhi: To find out what plugins have vulnerabilites you need to read through each of the CVEs that refer to plugins and then check with the plugin uthor to se if they hve fixed the issue.
@westi..thanks for your advice
I think it’s interesting that it tends to be the plugins which have vulnerabilities not the tool itself, there’s a careful difference to distinguish between the two.
@ Christopher Ross…Thanks for your advice