We have been busy this week, adding 14 new security tests to our service. The main focus of this update are various WordPress plugin vulnerabilities that we covered in more detail in a blog post earlier this week.
Here are the latest additions to the Detectify scanner:
- Symfony parameters.yml Exposure
- Zend application.ini Exposure
- Python flask fingerprinting
- cPanel Open Redirect (SEC-300) – You can read more about this vulnerability on cPanel’s website
- Magento configuration backup disclosure
- WordPress WooCommerce PDF Invoices & Packing Slips Authenticated XSS
- WordPress Ninja Forms Authenticated XSS
- WordPress Anti-Malware Security and Brute-Force Firewall Authenticated XSS
- WordPress Pretty Links Authenticated XSS
- WordPress Loco Translate Authenticated XSS
- WordPress Google Pagespeed Insights Authenticated XSS
- WordPress Booking Calendar Authenticated XSS
- WordPress Crelly Slider Authenticated XSS
- WordPress Pinfinity Theme XSS
Happy scanning!
The Detectify Team