Newly added security tests, October 4, 2017: WordPress and Magento vulnerabilities

DetectifyOct 04, 2017

This week’s update brings more WordPress plugin vulnerabilities that Detectify now checks for as well as two Magento security tests.

We have added:

WordPress Authenticated (2.9.2 – 4.8.1) Open Redirect
WordPress gallery-album Authenticated SQL Injection
WordPress theme-my-login Authentication Bypass
WordPress simple-membership Authenticated XSS
WordPress my-wp-translate Authenticated XSS
WordPress duplicate-page Authenticated XSS
WordPress my-tickets Authenticated XSS
WordPress wp-members Authenticated XSS
WordPress megamenu Authenticated XSS
WordPress caldera-forms Flash XSS
WordPress use-any-font CSRF
Magento SUPEE-6285 (APPSEC-996) Orders Disclosure
Magento SUPEE-5994 (APPSEC-977) Admin Path Disclosure

Detectify

Complete External Attack Surface Management for AppSec and ProdSec teams.

Check out more content

Product Updates

Introducing GraphQL Support for API Scanning

Detectify’s new GraphQL API Scanning uses hacker-led research to provide highly accurate (99.7%), payload-based security testing. It identifies complex vulnerabilities, helping enterprises meet PCI DSS …

March 26, 2026

Product Updates

Introducing IP Range Scanning: continuous Surface Monitoring for your entire network

Most organizations share a common, uncomfortable secret: they can’t answer basic questions about what is actually exposed on their IP ranges. As companies grow, whether …

March 24, 2026

Product Updates

February 2026 Product Notes: New Test Catalogue & API Scanning experience

Security is often a game of “you don’t know what you don’t know.” At Detectify, we focus on removing that uncertainty. Whether it’s reaching 922 …

March 05, 2026

Product Updates

Introducing Protocol Discovery to stop guessing what’s behind your open ports

Most tools will just tell you that a port is open. We’ve decided that’s not enough. TLDR: We’ve launched Protocol Discovery, a custom-built engine designed …

February 24, 2026