About WordPress As of 2024, WordPress powers 43% of all websites in the internet. 474 million websites run WordPress software and one or more out of 70 000 plugins. Unfortunately, as history shows, many WordPress plugins, even popular ones, often contain security vulnerabilities. Sometimes these vulnerabilities are trivial to find. So far this year, 280 critical (CVSS score 9.0+) vulnerabilities have been found in WordPress plugins. Critical vulnerabilities usually allow taking over a WordPress instance which can lead to data leaks, malware injection, or transitioning them into C2 servers.