In June 2013, Checkmarx’s research labs ran multiple security scans against the source code of the most popular WordPress plugins.
The result? More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
In total, 8 million vulnerable WordPress plugins were downloaded. This report presents the research findings as well as recommendations and mitigation measures for plugin developers, Web admins and platform providers when developing and installing third-party extensions.