Nearly 30% Of Critical WordPress Plugin Vulnerabilities Unpatched

Woman working on her WordPress website on laptop. Find our how to secure your WordPress website and plugins.

Written by: Jay H.

Data breaches are an area of major concern nowadays. Cybercriminals constantly search for new vulnerabilities to exploit and data to steal. However, a shocking report from WordPress security provider PatchStack reveals that nearly 30 percent of flawed WordPress plugins never receive an update.

Plugins increasingly vulnerable

2021 experienced a 150 percent increase in the number of reported vulnerabilities compared to the previous year, with 29 percent of these critically-flawed plugins never receiving security updates from their developers.

This is especially alarming given WordPress powers 43.2 percent of websites, with this number growing each year. Indeed, plugin vulnerabilities are the biggest threats to WordPress websites, yet critical updates are not being released. In 2021, 99.42 percent of vulnerabilities originated from plugins and themes!

Graph demonstrating that 94.42% of WordPress vulnerabilities in 2021 originated from plugins and themes.

Source: PatchStack

WordPress websites susceptible

Two major plugins with over one million installations each faced critical vulnerabilities in 2021, including All In One SEO and WP Fastest Cache. Although their developers released timely security updates, it’s not difficult to imagine the impact this could have if hackers successfully exploited these flaws. Also, it’s likely many websites have yet to install these crucial updates, leaving them extremely vulnerable. This demonstrates the importance of ensuring that you keep your website’s components up-to-date.

Other issues arise when developers do not keep their plugins updated. For instance, users have to manually check if they have vulnerable plugins installed since plugins without available patches appear “up to date” in the administrative pages.

Themes also vulnerable

Another area of concern is WordPress themes, which also can contain vulnerabilities. Site owners need to monitor their themes for security updates and delete unused ones.

Many themes have vulnerabilities and never receive updates. Therefore, you need to use themes from reputable designers who are familiar with security issues and regularly release plugin updates.


Although WordPress plugins and themes are incredibly useful for adding functionality to your website, you need to be careful with which ones you install. PatchStack estimates that 42 percent of WordPress sites have at least one vulnerable component installed, meaning that there is a high chance your WordPress site has vulnerabilities.

Working alongside experienced WordPress website designers such as Design2Web IT can save you a lot of headaches by keeping your site up to date and secure. To learn more about how we can design, protect, and maintain your website, please contact us today.


Protected by Copyscape


Comments are closed.