Newly Added Security Tests, February 3, 2017: WordPress plugins and Elastic search


Security never stands still, which is why we update our service on a regular basis to help you keep up with the latest vulnerabilities. We are constantly working on updating and improving our modules, but you can find some highlights from this week’s update below:

  • WMPL SQL injection
  • XSS in Jetpack WordPress plugin
  • WordPress user enumeration via REST API
  • publicly exposed Predis example files
  • publicly exposed Webalizer interface
  • Elastic search remote code execution
  • /.bash_history finding
  • open memcache port finding
  • WordPress plupload.swf XSS
  • WordPress wpml-plugin XSS
  • information disclosure module for /unzip.php

Happy scanning!
The Detectify Team



Source link