The report is based on data from Patchstack’s WordPress vulnerability database, which includes information collected by the company’s internal research team and its bug bounty community, by third-party cybersecurity vendors, and by independent security researchers.
It’s worth noting that the WordPress content management system (CMS) powers more than 40% of the websites on the internet, and users have tens of thousands of plugins at their disposal to implement various features.