Notify of vulnerabilities as soon as they are detected | WordPress.org

Resolved Eusebiu Oprinoiu
(@eusebiuoprinoiu)

7 years, 7 months ago

Hello, Edir!

I noticed your plugin detects and sends notifications only after a vulnerability is marked as fixed in WPScan. I believe people should know as soon as possible that their websites are vulnerable and that means they should be notified regardless of the “fixed_in” variable status.

I made a small change to the function that retrieves the vulnerabilities to correct this issue. Can you please add it to your plugin?
http://pastebin.com/h4WDnevM

Also, if you have the plugin on Github, please consider adding a link to its repository in the plugin description.

Best regards,
Eusebiu Oprinoiu

PS: Take a look at this issue as well!

https://wordpress.org/plugins/vulnerability-alerts/

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter Eusebiu Oprinoiu
(@eusebiuoprinoiu)

7 years, 7 months ago

You can test this issue with the WordPress Zero Spam plugin that’s currently removed from the repository due to a serious security vulnerability.

You can take the plugin from Github, but make sure you rename the plugin folder to “zero-spam” to be correctly identified by WPScan.

Right now, your plugin doesn’t list it as vulnerable but with the new code it should be identified as a security threat.

Best regards,
Eusebiu Oprinoiu

Edir Pedro
(@edir)

7 years, 7 months ago

Plugin updated, thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Notify of vulnerabilities as soon as they are detected’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: Edir Pedro
Last activity: 7 years, 7 months ago
Status: resolved