Cyber-crime is growing exponentially. The average cost of a Data Breach (Cyber Attack) in 2023 cost $4.45 million, a 15% increase in 3yrs, according to a recent report by IBM.
(Source: https://https://www.ibm.com/reports/data-breach).
The data below speaks for itself. A reliance on OpenSource or 3rd Party Plugins creates significantly greater security vulnerabilities.
(Source: The global database of software vulnerabilities: https://cve.org)
| Software | Vulnerabilities (Oct25) | OpenSource | Comment |
|---|---|---|---|
| AdaptiveEComm: | 0 | No | Security is built within every module and is not an after thought/wrap-around. |
| BigCommerce: | 2 | No | A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in a user's web browser, while their WordPress plugin allowed exposure of sensitive information to unauthorised users |
| Wix: | 7 | No | Vulnerabilities ranged from a standard user deleting protected directories, windows installers using insecure directories, through to allowing attackers to escalate privilege and its database allowing code injection. |
| Shopify: | 14 | No | Plugin vulnerabilities include include WordPress, the Hydrogen React-JS framework used to build shopify store fronts (themes) and WooCommerce migration tools e.g. cross-site scripting XSS; not sanitising and escaping parameters; and missing Authorization vulnerability. There was also arbitrary code execution vulnerability in the `CsvEnumerator, part of Job Iteration API; http response header injection and improper access control, without the topHat mobile app, to highlight a few. |
| Magento: | 444 | Yes | The number speaks for itself. |
| Adobe Commerce: | 164 + 444 = 608 | Yes | Adobe Commerce is built on OpenSource Magento. |
| WooCommerce: | 1,899 + 27,295 = 29,194 (2023: 7,850) | Yes | WooCommerce is the WordPress plugin for E-Commerce. The number of incidents almost quadrupled in 2yrs. |