In June 2013, Checkmarx’s research lab ran multiple security scans against the source code of the most popular WordPress plugins. The result? More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. In total, 8 million vulnerable WordPress plugins have downloaded, and the new research suggests that they are at risk. This report presents the research findings as well as recommendations and mitigation measures for plugin developers, Web admins and platform providers when developing and installing third-party extensions.