20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks. Only six plugins were completely fixed in a 6-month time period- although all plugins updated their versions during this time. At the root of the problem is the lack of security standards that PaaS-providers (aka app marketplaces) enforce on the apps that they distribute. The marketplace needs to ensure that only those apps which passed its security bar are authorized for the public. The end-user carries the brunt- which undoubtedly is not their responsibility.”]

