Popular WordPress Plugins Updated for Security

In an article on WordPress Plugin vulnerabilities, we mentioned that the top 50 most popular plugins were tested for security and vulnerability by Checkmarx, a leading provider in application security. The first scan was conducted in January 2013 where it was discovered that more than a third of the 50 plugins were vulnerable. The second scan, conducted in early June 2013, was performed on the updated versions of all plugins. However, only six of these updates were free of those previously found vulnerabilities. These were:


– creates a social network for the organization. # Downloads: 1,319,743.

A BuddyPress Plugin is a program, or a set of one or more functions, written in the PHP scripting language, that adds a specific set of features or services to the BuddyPress site, which can be seamlessly integrated with the site using access points and methods provided by the BuddyPress Plugin API. BuddyPress allows easy modification, customization, and enhancement to a BuddyPress powered WordPress site. Instead of changing the core programming of BuddyPress, you can add functionality with BuddyPress Plugins.


– forum software. # Downloads: 483,28. Alerted by Checkmarx to their vulnerabilities.

bbPress is forum software, made the WordPress way – simple to setup, fully integrated, multisite forum, simple interface, customizable templates, highly extensible


– shopping cart plugin. # Downloads: 2,209,352.

WP e-Commerce is a free WordPress Shopping Cart Plugin that lets customers buy your products, services and digital downloads online.


– an e-commerce store. # Downloads: 469,503

WooCommerce is a free, powerful WordPress eCommerce plugin. With the extendability of a huge catalog of commercial themes and extensions we have all the tools you might need to get your shop running. Transform your WordPress website into a thoroughbred eCommerce store, delivering enterprise-level quality and features whilst backed by a name (WooThemes) you can trust.

W3 Total Cache

– site optimization by caching. # Downloads: 1,450,980. Most likely fixed as part of a security overhaul following an external full disclosure of some vulnerabilities.

W3 Total Cache improves the user experience of your site by increasing server performance, reducing the download times and providing transparent content delivery network (CDN) integration.

Super Cache

– site optimization by caching. # Downloads: 3,984,976. Most likely fixed as part of a security overhaul as with W3 Total Cache.

A very fast caching engine for WordPress that produces static html files. This plugin generates static html files from your dynamic WordPress blog. After a html file is generated your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts. Supercache really comes into it’s own if your server is underpowered, or you’re experiencing heavy traffic. Super Cached html files will be served more quickly than PHP generated cached files but in everyday use, the difference isn’t noticeable.

Note: Downloads statistics are as of the time of the tests.

Note: Many of the articles on this site include affiliate links that may earn us a commission if you decide to buy the recommended product.