-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.txt
125 lines (75 loc) · 3.18 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
=== Vulnerable Plugin Checker ===
Contributors: stormrockwell
Tags: vulnerable,vulnerability,plugin,plugins,checker,scanner,wpscan,wpvulndb,security
Requires at least: 4.0
Tested up to: 4.9
Stable tag: 0.3.12
License: GPLv2
License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
Automatically checks installed plugins for known vulnerabilities and provides optional email alerts.
== Description ==
This plugin automatically checks installed plugins for known vulnerabilities utilizing WPScan's API and provides optional email alerts.
**Features:**
* Automatic vulnerability detection in plugins utilizing WPScan's API
* Optional email alerts
* Utilizes WP Cron to check for new security updates twice a day
* Cached API results to decrease backend load time significantly
== Installation ==
**Installation & Activation**
1. Upload the folder "vulnerable-plugin-checker" to your WordPress Plugins Directory (typically "/wp-content/plugins/")
2. Activate the plugin on your Plugins Page.
3. Suggestion: Install an SMTP plugin such as WP Mail SMTP to prevent potentially dropped emails
3. Done!
**Enable Email Updates**
1. After activating "Vulnerable Plugin Checker", go to Settings > VPC Settings
2. Check off "Allow Email Alerts" and enter your email in "Email Address"
3. Click Save Changes
== Screenshots ==
1. Backend display of the Plugins page (plugins.php)
2. Backend display of the VPC Settings page (Settings > VPC Settings)
== Changelog ==
= 0.3.12 =
- Fixed false positive by adding normalizing to the version number in case WPScan's API adds .0 to the version number
= 0.3.11 =
- Now the plugins page only shows only vulnerabilities that affect the current plugin version (suggested by @gbotica)
- Fixed the Settings URL in multiple places (reported by @gbotica)
= 0.3.10 =
- Fixed bug where unpatched vulnerabilities were ignored (reported by @pluginvulnerabilities)
= 0.3.9 =
- Fixed notice appearing on PHP7+
= 0.3.8 =
- fixed bug where it wouldn't display the saved email
= 0.3.7 =
- removed sslverify on wp_remote_get
= 0.3.6 =
- changed cURL to wp_remote_get
- added vulnerabilities on plugin page
- fixed issue with plugin not pulling from cache
= 0.3.5 =
- fixed readme error
= 0.3.4 =
- fixed minor email bug
= 0.3.2 =
- changed language
= 0.3 =
- Rewrote the plugin for better performance, readability, and more
- Dismissable error message in all back-end pages if there is a vulnerability
- Added SMTP suggestion to prevent dropped emails
- Removed success notice from plugin page if there are no vulnerabilities
- Fixed a few non-breaking bugs
- Added translatable text and translator comments. Translation help is welcome!
- Added todo.txt to see my plans for future updates.
= 0.2.4 =
- Fixed conflicts with Gravity Forms
= 0.2.3 =
- Added support for adding multiple email addresses
= 0.2.2 =
- Fixed issue where text display appeared on multiple backend pages
= 0.2 =
- Text display on the plugins page if there are no known vulnerabilities
- Runs a scan when a new plugin is activated
- Fixed issue when a plugin was deleted it would throw an error
= 0.1.4 =
- WP 4.5 Support
= 0.1.3 =
- Fixed issue when more than one plugin was found vulnerable on plugins.php