Search Go hack yourself with Detectify

A web security blog from Detectify

Newly added security tests, October 4, 2017: WordPress and Magento vulnerabilities

October 4, 2017

This week’s update brings more WordPress plugin vulnerabilities that Detectify now checks for as well as two Magento security tests. 

We have added:

  • WordPress Authenticated (2.9.2 – 4.8.1) Open Redirect
  • WordPress gallery-album Authenticated SQL Injection
  • WordPress theme-my-login Authentication Bypass
  • WordPress simple-membership Authenticated XSS
  • WordPress my-wp-translate Authenticated XSS
  • WordPress duplicate-page Authenticated XSS
  • WordPress my-tickets Authenticated XSS
  • WordPress wp-members Authenticated XSS
  • WordPress megamenu Authenticated XSS
  • WordPress caldera-forms Flash XSS
  • WordPress use-any-font CSRF
  • Magento SUPEE-6285 (APPSEC-996) Orders Disclosure
  • Magento SUPEE-5994 (APPSEC-977) Admin Path Disclosure

Log in and run a scan to test your site for these vulnerabilities.

Happy scanning!

The Detectify Team