We have been busy this week, adding 14 new tests to our service. The main focus of this update are various plugin vulnerabilities that we covered in more detail in a blog post earlier this week. 

Here are the latest additions to the Detectify scanner:

  • Symfony parameters.yml Exposure
  • .ini Exposure
  • Python flask fingerprinting
  • cPanel Open Redirect (SEC-300) – You can read more about this vulnerability on cPanel’s website
  • Magento configuration backup disclosure
  • WordPress WooCommerce PDF Invoices & Packing Slips Authenticated XSS
  • WordPress Ninja Forms Authenticated XSS
  • WordPress Anti-Malware Security and Brute-Force Firewall Authenticated XSS
  • WordPress Pretty Links Authenticated XSS
  • WordPress Loco Translate Authenticated XSS
  • WordPress Google Pagespeed Insights Authenticated XSS
  • WordPress Booking Calendar Authenticated XSS
  • WordPress Crelly Slider Authenticated XSS
  • WordPress Pinfinity Theme XSS

Happy scanning!

The Detectify Team



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here