Introducing Dynamic API Scanning
Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …
Newly added security tests, October 4, 2017: WordPress and Magento vulnerabilities
Detectify
This week’s update brings more WordPress plugin vulnerabilities that Detectify now checks for as well as two Magento security tests.
We have added:
- WordPress Authenticated (2.9.2 – 4.8.1) Open Redirect
- WordPress gallery-album Authenticated SQL Injection
- WordPress theme-my-login Authentication Bypass
- WordPress simple-membership Authenticated XSS
- WordPress my-wp-translate Authenticated XSS
- WordPress duplicate-page Authenticated XSS
- WordPress my-tickets Authenticated XSS
- WordPress wp-members Authenticated XSS
- WordPress megamenu Authenticated XSS
- WordPress caldera-forms Flash XSS
- WordPress use-any-font CSRF
- Magento SUPEE-6285 (APPSEC-996) Orders Disclosure
- Magento SUPEE-5994 (APPSEC-977) Admin Path Disclosure
Check out more content
Redefining AppSec Testing with Intelligent Scan Recommendations and Asset Classification
The average organization is missing testing 9 out of 10 of their complex web apps that are attacker-attractive targets. To address this, we’re launching new …
