Vulnerable Plugin Checker

Descriere

This plugin automatically checks installed plugins for known vulnerabilities utilizing WPScan’s API and provides optional email alerts.

Features:

  • Automatic vulnerability detection in plugins utilizing WPScan’s API
  • Optional email alerts
  • Utilizes WP Cron to check for new security updates twice a day
  • Cached API results to decrease backend load time significantly

Capturi ecran

  • Backend display of the Plugins page (plugins.php)
  • Backend display of the VPC Settings page (Settings > VPC Settings)

Instalare

Installation & Activation

  1. Upload the folder „vulnerable-plugin-checker” to your WordPress Plugins Directory (typically „/wp-content/plugins/”)
  2. Activate the plugin on your Plugins Page.
  3. Suggestion: Install an SMTP plugin such as WP Mail SMTP to prevent potentially dropped emails
  4. Gata!

Enable Email Updates

  1. After activating „Vulnerable Plugin Checker”, go to Settings > VPC Settings
  2. Check off „Allow Email Alerts” and enter your email in „Email Address”
  3. Click Save Changes

Întrebări frecvente

Installation Instructions

Installation & Activation

  1. Upload the folder „vulnerable-plugin-checker” to your WordPress Plugins Directory (typically „/wp-content/plugins/”)
  2. Activate the plugin on your Plugins Page.
  3. Suggestion: Install an SMTP plugin such as WP Mail SMTP to prevent potentially dropped emails
  4. Gata!

Enable Email Updates

  1. After activating „Vulnerable Plugin Checker”, go to Settings > VPC Settings
  2. Check off „Allow Email Alerts” and enter your email in „Email Address”
  3. Click Save Changes

Verificări

I love my plugin

I can say it has made me feel safer when hosting sites. I get alerted before a hack takes place as I have dealt with hacked sites for far too long. I haven’t dealt with a hacked site running my plugin. Plugin vulnerabilities are the easiest way for a hacker to get into your site/server.

Great stuff

Instantly works after activation, I didn’t have to do anything else to set it up. Apparently my Visual Composer was vulnerable, wouldn’t have found out otherwise.

Citește toate cele 5 recenzii

Contributori și dezvoltatori

„Vulnerable Plugin Checker” este un software open source. Următoarele persoane au contribuit la acest modul.

Contributori

Istoric modificări

0.3.12

  • Fixed false positive by adding normalizing to the version number in case WPScan’s API adds .0 to the version number

0.3.11

  • Now the plugins page only shows only vulnerabilities that affect the current plugin version (suggested by @gbotica)
  • Fixed the Settings URL in multiple places (reported by @gbotica)

0.3.10

  • Fixed bug where unpatched vulnerabilities were ignored (reported by @pluginvulnerabilities)

0.3.9

  • Fixed notice appearing on PHP7+

0.3.8

  • fixed bug where it wouldn’t display the saved email

0.3.7

  • removed sslverify on wp_remote_get

0.3.6

  • changed cURL to wp_remote_get
  • added vulnerabilities on plugin page
  • fixed issue with plugin not pulling from cache

0.3.5

  • fixed readme error

0.3.4

  • fixed minor email bug

0.3.2

  • changed language

0.3

  • Rewrote the plugin for better performance, readability, and more
  • Dismissable error message in all back-end pages if there is a vulnerability
  • Added SMTP suggestion to prevent dropped emails
  • Removed success notice from plugin page if there are no vulnerabilities
  • Fixed a few non-breaking bugs
  • Added translatable text and translator comments. Translation help is welcome!
  • Added todo.txt to see my plans for future updates.

0.2.4

  • Fixed conflicts with Gravity Forms

0.2.3

  • Added support for adding multiple email addresses

0.2.2

  • Fixed issue where text display appeared on multiple backend pages

0.2

  • Text display on the plugins page if there are no known vulnerabilities
  • Runs a scan when a new plugin is activated
  • Fixed issue when a plugin was deleted it would throw an error

0.1.4

  • WP 4.5 Support

0.1.3

  • Fixed issue when more than one plugin was found vulnerable on plugins.php