news

Vulnerability in WordPress WP GDPR Compliance plugin

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to update the database. The plugin has more than 100 000+ active installations according to WordPress.org. WPScans.com has been updated to check for this …

Vulnerability in WordPress WP GDPR Compliance plugin Read More »

New WordPress Vulnerability checks – Week 49

WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at …

New WordPress Vulnerability checks – Week 49 Read More »

WPScans is now available as a Hidden Service on Tor

You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:

New WordPress vulnerability checks week 40

The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – …

New WordPress vulnerability checks week 40 Read More »

New WordPress vulnerability checks week 34

The following three new WordPress plugin vulnerability checks has been added to WPScans: Embed Images in Comments <= 0.5 – Unauthenticated Stored XSS Bridge Theme <= 11.1 – DOM Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.50 – Authenticated SQL Injection Run your free scan at https://wpscans.com

New WordPress vulnerability checks week 33

The following six new WordPress plugin vulnerability checks has been added to WPScans: AddToAny Share Buttons <= 1.7.14 – Conditional Host Header Injection Link-Library <= 5.9.13.26 – Authenticated SQL Injection I Recommend This <= v3.7.7 – Authenticated SQL Injection wordpress-gallery- transformation 1.0 – Blind SQL Injection rk-responsive-contact-form 1.0 – Authenticated Blind SQL Injection Event Espresso …

New WordPress vulnerability checks week 33 Read More »