This week’s update brings more WordPress plugin vulnerabilities that Detectify now checks for as well as two Magento security tests.
We have added:
- WordPress Authenticated (2.9.2 – 4.8.1) Open Redirect
- WordPress gallery-album Authenticated SQL Injection
- WordPress theme-my-login Authentication Bypass
- WordPress simple-membership Authenticated XSS
- WordPress my-wp-translate Authenticated XSS
- WordPress duplicate-page Authenticated XSS
- WordPress my-tickets Authenticated XSS
- WordPress wp-members Authenticated XSS
- WordPress megamenu Authenticated XSS
- WordPress caldera-forms Flash XSS
- WordPress use-any-font CSRF
- Magento SUPEE-6285 (APPSEC-996) Orders Disclosure
- Magento SUPEE-5994 (APPSEC-977) Admin Path Disclosure
Log in and run a scan to test your site for these vulnerabilities.
Happy scanning!
The Detectify Team