Newly Added Security Tests, February 3, 2017: WordPress plugins and Elastic search

DetectifyFeb 03, 2017

Security never stands still, which is why we update our service on a regular basis to help you keep up with the latest vulnerabilities. We are constantly working on updating and improving our modules, but you can find some highlights from this week’s update below:

WMPL SQL injection
XSS in Jetpack WordPress plugin
WordPress user enumeration via REST API
publicly exposed Predis example files
publicly exposed Webalizer interface
Elastic search remote code execution
/.bash_history finding
open memcache port finding
WordPress plupload.swf XSS
WordPress wpml-plugin XSS
information disclosure module for /unzip.php

Detectify

Complete External Attack Surface Management for AppSec and ProdSec teams.

Check out more content

Product Updates

New API testing category now available

Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests …

October 23, 2025

Product Updates

Product update: Dynamic API Scanning, Recommendations & Classifications, and more

We know the importance of staying ahead of threats. At Detectify, we’re committed to providing you with the tools you need to secure your applications …

September 26, 2025

Product Updates

Infinite payloads? The future of API Testing with dynamic fuzzing

What if we told you that our newly released API Scanner has 922 quintillion payloads for a single type of vulnerability test? A quintillion is …

September 18, 2025

Product Updates

Introducing Dynamic API Scanning

Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …

September 02, 2025