Newly added security tests, October 4, 2017: WordPress and Magento vulnerabilities

DetectifyOct 04, 2017

This week’s update brings more WordPress plugin vulnerabilities that Detectify now checks for as well as two Magento security tests.

We have added:

WordPress Authenticated (2.9.2 – 4.8.1) Open Redirect
WordPress gallery-album Authenticated SQL Injection
WordPress theme-my-login Authentication Bypass
WordPress simple-membership Authenticated XSS
WordPress my-wp-translate Authenticated XSS
WordPress duplicate-page Authenticated XSS
WordPress my-tickets Authenticated XSS
WordPress wp-members Authenticated XSS
WordPress megamenu Authenticated XSS
WordPress caldera-forms Flash XSS
WordPress use-any-font CSRF
Magento SUPEE-6285 (APPSEC-996) Orders Disclosure
Magento SUPEE-5994 (APPSEC-977) Admin Path Disclosure

Detectify

Complete External Attack Surface Management for AppSec and ProdSec teams.

Check out more content

Product Updates

Product update: Dynamic API Scanning, Recommendations & Classifications, and more

We know the importance of staying ahead of threats. At Detectify, we’re committed to providing you with the tools you need to secure your applications …

September 26, 2025

Product Updates

Infinite payloads? The future of API Testing with dynamic fuzzing

What if we told you that our newly released API Scanner has 922 quintillion payloads for a single type of vulnerability test? A quintillion is …

September 18, 2025

Product Updates

Introducing Dynamic API Scanning

Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …

September 02, 2025

Product Updates

Redefining AppSec Testing with Intelligent Scan Recommendations and Asset Classification

The average organization is missing testing 9 out of 10 of their complex web apps that are attacker-attractive targets. To address this, we’re launching new …

April 24, 2025