Plugin Vulnerabilities

Description

This plugin checks the plugins you have installed against a list of vulnerabilities in plugins that we have seen hackers trying to exploit. If the installed version of a plugin is vulnerable an alert is added to the Installed Plugins page and an email alert is sent, otherwise details of the vulnerabilities are included on the Plugin Vulnerabilities page.

This data can be helpful when cleaning up a hacked website, as you want to determine how the website was hacked when doing that and this data may provide part of information needed to do that.

Since the vulnerability data for the plugin is included in the plugin, you will need to keep the plugin up to date to insure you have the latest data. You can use our Automatic Plugin Updates plugin to automatically update this plugin and your other installed plugins.

If you want to let us know of a missing exploited vulnerability or if we need to correct something in the listing for an included vulnerability, please contact us here. For missing vulnerabilities please include a link to the details of the vulnerability.

Sign Up For Our Plugin Vulnerabilities Service

You can get alerted for known vulnerabilities in all the plugins you use, not just ones that we already seeing evidence that hackers are targeting, when you sign up for our Plugin Vulnerabilities service. Through the service you also have access to a number of other important features including the ability to help to determine which plugins we will do security reviews of.

You can get your first month of the service for free when you use the coupon code “FirstMonthFree” when signing up.

Screenshots

  • Alert Shown on Installed Plugins Page For Vulnerability In Version of Plugin In Use

  • Full Listing of Vulnerabilities With Frequent Exploitation Attempts That Have Existed in Installed Plugins

Reviews

Not of much use

peterjackson0612

While other security-oriented plugins do some active protection against potential exploits (at least try to) this one actually does not add much value, but rather just checks the list of installed plugins against the list of vulnerable plugins. Vulnerable plugins list is included inside of the plugin. And it has only about 160 plugins - given that plugin's repository now has abt. 50.000 plugins - this is not much. Plugin does not recommend any action to prevent the vulnerability from being exploited. Just alerts that it exists. So in the end: 1) The database of vulnerabilities is poor, 2) Plugin assumes you need to update it regularly manually to have the list of vulnerabilities, 3) If plugin finds a vulnerability the only action you can take from there is to read an article about vulnerability on author's website. And order a paid service from them to clean up. So basically all actions will still be manual. The vulnerabilities included are taken from public sources. Which are updated in realtime unlike this plugin. So in the end of the day if you're checking this manually it makes more sense to check the public sources. As is, it is just an interface to match your plugins against known vulnerabilities which is not that useful. I stopped testing and uninstalled the plugin.

Webshell inside?

lordeleo

https://www.virustotal.com/pt/file/cc4e378ceacbf793219692e167529eddb04a02fb9c4e5005eeb71ca48dceac49/analysis/1481926177/

Read all 14 reviews

Changelog

2.0.43 – 3/16/2017

  • Added data on vulnerabilities in How to Create an App for Android iPhone Easytouch, Webapp builder, WordPress Mobile app Builder, and Wp2android.

2.0.42 – 3/6/2017

  • Added data on vulnerabilities in CMS Commander Client and Zen Mobile App Native.

2.0.41 – 3/3/2017

  • Added vulnerabilities

2.0.40 – 2/13/2017

  • Added vulnerabilities

2.0.39 – 2/6/2017

  • Added vulnerabilities

2.0.38 – 1/30/2017

  • Added vulnerabilities

2.0.37 – 1/27/2017

  • Added vulnerabilities

2.0.36 – 1/26/2017

  • Added vulnerabilities

2.0.35 – 1/25/2017

  • Added vulnerabilities

2.0.34 – 1/9/2017

  • Added vulnerabilities

2.0.33 – 12/15/2016

  • Added vulnerabilities

2.0.32 – 12/12/2016

  • Added vulnerability

2.0.31 – 11/15/2016

  • Added vulnerability

2.0.30 – 11/8/2016

  • Added vulnerability

2.0.29 – 10/28/2016

  • Added vulnerabilities

2.0.28 – 10/24/2016

  • Added vulnerabilities

2.0.27 – 10/20/2016

  • Added vulnerabilities

2.0.26 – 10/14/2016

  • Added vulnerability

2.0.25 – 10/6/2016

  • Added vulnerabilities

2.0.24 – 10/3/2016

  • Added vulnerabilities

2.0.23 – 9/23/2016

  • Added vulnerabilities

2.0.22 – 9/19/2016

  • Added vulnerabilities
  • Added ability to see our estimate of the likelihood of a vulnerability being exploited, when using the companion service

2.0.21 – 8/29/2016

  • Added vulnerabilities
  • Added ability to see listing of false vulnerability reports to plugin’s page when using the companion service

2.0.20 – 8/15/2016

  • Added email alerts for vulnerabilities in plugins with exploit attempts (if you already have the plugin installed you will need to deactivate and then reactivate the plugin to turn these on)
  • Improved admin page UI
  • Added vulnerabilities

2.0.19 – 8/1/2016

  • Added vulnerabilities

2.0.18 – 7/18/2016

  • Added vulnerability

2.0.17 – 7/15/2016

  • Added additional vulnerabilities

2.0.16

  • Added additional vulnerabilities

2.0.15

  • Added additional vulnerabilities

2.0.14

  • Added additional vulnerabilities

2.0.13

  • Added additional vulnerabilities

2.0.12

  • Added additional vulnerabilities

2.0.11

  • Added additional vulnerabilities

2.0.10

  • Added additional vulnerabilities

2.0.9

  • Added additional vulnerabilities

2.0.8

  • Added additional vulnerabilities

2.0.7

  • Added additional vulnerabilities
  • Added vulnerability listings on plugin detail pages

2.0.6

  • Added additional vulnerabilities

2.0.5

  • Added developer advisories

2.0.4

  • Added additional vulnerabilities

2.0.3

  • Added additional vulnerabilities
  • Stopped unnecessary cron runs

2.0.2

  • Added additional vulnerabilities
  • Stopped unnecessary cron runs
  • Fixed issue causing some alerts to not be show on Installed Plugins page
  • Update for API response change

2.0.1

  • Added additional vulnerabilities

2.0

  • Reduced included vulnerabilities to ones that have frequently exploit attempts
  • Added capability to access Plugin Vulnerabilities service

1.0.34

  • Added 8 vulnerabilities

1.0.33

  • Added 6 vulnerabilities

1.0.32

  • Added 7 vulnerabilities

1.0.31

  • Added 11 vulnerabilities

1.0.30

  • Added 12 vulnerabilities

1.0.29

  • Added 7 vulnerabilities

1.0.28

  • Added 7 vulnerabilities

1.0.27

  • Added 8 vulnerabilities

1.0.26

  • Added 7 vulnerabilities

1.0.25

  • Added 16 vulnerabilities

1.0.24

  • Added 8 vulnerabilities

1.0.23

  • Added 8 vulnerabilities

1.0.22

  • Added 9 vulnerabilities

1.0.21

  • Added 8 vulnerabilities

1.0.20

  • Added 20 vulnerabilities

1.0.19

  • Added 8 vulnerabilities

1.0.18

  • Added 9 vulnerabilities

1.0.17

  • Added optional email alerts
  • Added 9 vulnerabilities

1.0.16

  • Added 9 vulnerabilities

1.0.15

  • Added 11 vulnerabilities

1.0.14

  • Added 6 vulnerabilities

1.0.13

  • Added 5 vulnerabilities

1.0.12

  • Added 11 vulnerabilities

1.0.11

  • Added 4 vulnerabilities

1.0.10

  • Added 7 vulnerabilities

1.0.9

  • Added 4 vulnerabilities

1.0.8

  • Added 6 vulnerabilities

1.0.7

  • Added 9 vulnerabilities

1.0.6

  • Added 17 vulnerabilities

1.0.5

  • Added 16 vulnerabilities

1.0.4

  • Added 14 vulnerabilities

1.0.3

  • Added 30 vulnerabilities

1.0.2

  • Added 8 vulnerabilities

1.0.1

  • Added 6 vulnerabilities

1.0

  • Initial release

Contributors & Developers

This is open source software. The following people have contributed to this plugin.

Contributors

Browse the code