• DocumentCode
    2884883
  • Title

    Quality of WordPress Plug-Ins: An Overview of Security and User Ratings

  • Author

    Koskinen, T. ; Ihantola, P. ; Karavirta, V.

  • fYear
    2012
  • fDate
    3-5 Sept. 2012
  • Firstpage
    834
  • Lastpage
    837
  • Abstract
    We have applied static analysis to find out how vulnerable the plugins available at the official Word Press plug in directory are to well known security exploits. We have compared the amount of potential vulnerabilities and vulnerability density to the user ratings, to determine if user ratings can be used for finding secure plugins. We conclude that the quality of the plugins varies and there is no clear correlation between the ratings of plugins and the number of vulnerabilities detected in them. Indeed, an additional manual review exposed a simple but severe SQL injection vulnerability in a plug in, which has both good user ratings and a high download count. We recommend plugins to be individually inspected for typical vulnerabilities before using them in any Word Press powered site.
  • Keywords
    Web sites; content management; security of data; SQL injection vulnerability; WordPress plugin quality; WordPress powered site; official WordPress plugin directory; plugin vulnerabilities; secure plugins; security exploits; static analysis; user ratings; vulnerability density; Communities; Correlation; Manuals; Security; Testing; USA Councils; Writing; plugins; security; static analysis; user ratings; wordpress;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom)
  • Conference_Location
    Amsterdam
  • Print_ISBN
    978-1-4673-5638-1
  • Type

    conf

  • DOI
    10.1109/SocialCom-PASSAT.2012.31
  • Filename
    6406333
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2884883