Bookmarked https://wptavern.com/wordfence-and-wpscan-publish-mid-year-wordpress-security-report. And over two thirds of them …

Bookmarked https://wptavern.com/wordfence-and-wpscan-publish-mid-year-wordpress-security-report.

And over two thirds of them stem from not or wrongly escaping user inputs, and would’ve been avoided by running a static analyzer, like PHPCS with WordPress’s ruleset.

> The vast majority of the vulnerabilities you hear about in the WordPress ecosystem come from plugins[.]