Title :
Quality of WordPress Plug-Ins: An Overview of Security and User Ratings
Author :
Koskinen, T. ; Ihantola, P. ; Karavirta, V.
Abstract :
We have applied static analysis to find out how vulnerable the plugins available at the official Word Press plug in directory are to well known security exploits. We have compared the amount of potential vulnerabilities and vulnerability density to the user ratings, to determine if user ratings can be used for finding secure plugins. We conclude that the quality of the plugins varies and there is no clear correlation between the ratings of plugins and the number of vulnerabilities detected in them. Indeed, an additional manual review exposed a simple but severe SQL injection vulnerability in a plug in, which has both good user ratings and a high download count. We recommend plugins to be individually inspected for typical vulnerabilities before using them in any Word Press powered site.
Keywords :
Web sites; content management; security of data; SQL injection vulnerability; WordPress plugin quality; WordPress powered site; official WordPress plugin directory; plugin vulnerabilities; secure plugins; security exploits; static analysis; user ratings; vulnerability density; Communities; Correlation; Manuals; Security; Testing; USA Councils; Writing; plugins; security; static analysis; user ratings; wordpress;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom)
Conference_Location :
Amsterdam
Print_ISBN :
978-1-4673-5638-1
DOI :
10.1109/SocialCom-PASSAT.2012.31
