The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it s not as bad as it seems, experts claim. German firm RIPS, a German firm that performs static source code analysis, recently combed through tens of thousands of plugins to see just how vulnerable they are. About half of the plugins 4,559, or 43 percent had at least one medium-severity security issue. The more lines of code a plugin has, the more vulnerabilities it has on average.
Source: https://threatpost.com/tales-of-wordpress-plugin-insecurity-overblown-researchers-say/122547/