RipsTech launched for the third year in a row the PHP security Advent Calendar 2018, and this year will be analyzed security bugs in the most widespread WordPress plugins.

The first two days have been already revealed with a stored XSS in 4 million websites, the first concern eCommerce shops found in the popular Woocommerce plugin and the second related to Contact Forms by WP Forms (1 Million active installations), Google Analytics by Monster Insights (2 Million active installations) and WP Mail SMTP by WP Forms (1 Million active installations).

In the first edition of the PHP Security Advent Calendar 2016, the company analyzed security bugs in the most popular open source PHP applications. Last year’s edition, 24 PHP security challenges have been released with a hidden security pitfall in every day’s code challenge. This year, the PHP Security Advent Calendar will focus on WordPress plugins due to their popularity !

WordPress is used by 32% of all websites and is by far the most popular web application. It can be extended with over 40,000 plugins and on average, each WordPress site has more than 10 plugins installed. Hence, some of the most popular WordPress plugins have millions of installations each and are more widely-used than other individual PHP applications themselves.

PHP security advent calendar will release this year a sophisticated and critical security vulnerability in a WordPress plugin every day. The focus will be only on the most popular plugins and the most interesting security bugs. The security issues were detected by RipsTech research team and responsibly disclosed to the affected vendors.

So to keep your applications and plugins secure, make sure to follow the PHP Security Advent Calendar 2018.


Please enter your comment!
Please enter your name here