The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections:
- BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS)
- WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS
- Participants Database <= 1.7.5.9 – Cross-Site Scripting
- Display Widgets 2.6.0-2.6.3.1 – Backdoored
- Pinfinity Theme <= 1.9.2 – Reflected Cross-site Scripting (XSS)
- SmokeSignal <= 1.2.6 – Authenticated Stored XSS
- WP Like Post <= 1.5.2 – Authenticated SQL Injection
- SQL Shortcode <= 1.1 – Authenticated SQL Execution
- WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection
- Responsive Image Gallery, Gallery Album <= 1.2.0 – Authenticated SQL Injection
- VaultPress 1.89-1.9 – Unauthenticated RCE
- Content Audit <= 1.9.1 – Cross-Site Scripting (XSS) & CSRF
- Basic Contact Form <= 1.0.3 – Potential Unauthenticated Shell Upload
- MarketPress <= 3.2.6 – PHP Object Injection
- 2kb Amazon Affiliates Store <= 2.1.0 – Authenticated Cross-Site Scripting (XSS)
- BackWPup <= 3.4.1 – Backup File Download
- Student Result or Employee Database <= 1.6.3 – Auth Bypass
- Content Timeline – Multiple Blind SQL Injection
- Appointments <= 2.2.1 – PHP Object Injection
- Flickr Gallery <= 1.5.2 – PHP Object Injection
- RegistrationMagic-Custom Registration Forms <= 3.7.9.2 – Unauthenticated PHP Object Injection
Run your free scan at https://wpscans.com