The holiday season is coming up again and it’s time for some security fun. For the third time in a row, we are proud to announce our PHP security advent calendar. This year, we will analyze 24 exciting security bugs that we detected in the most widespread WordPress plugins.

In our first calendar edition in 2016, we analyzed exceptional vulnerabilities in some of the most popular open source PHP applications. Last year, we released 24 PHP security challenges with a hidden security pitfall in every day’s code challenge. This year we would like to give once again something back to the great PHP and Infosec community and release another advent calendar with 24 security surprises.





Top WordPress Plugin Vulnerabilities

WordPress is used by 32% of all websites and is by far the most popular web application. It can be extended with over 40,000 plugins and on average, each WordPress site has more than 10 plugins installed. Hence, some of the most popular WordPress plugins have millions of installations each and are more widely-used than other individual PHP applications themselves.

In this year’s PHP security advent calendar, we will release a sophisticated and critical security vulnerability in a WordPress plugin every day. We focus only on the most popular plugins and the most interesting security bugs. The security issues were detected by our research team and responsibly disclosed to the affected vendors.

Our daily gifts are aiming PHP developers and security engineers who enjoy learning about new security tricks in general and specifically for WordPress. Sharpen your security skills, prepare yourself for 2019 and have a great December season!



We would like to thank all RIPS Code Analysis users for developing, testing, and securing their PHP applications with us in 2018!