Newly Added Security Tests, February 3, 2017: WordPress plugins and Elastic search

DetectifyFeb 03, 2017

Security never stands still, which is why we update our service on a regular basis to help you keep up with the latest vulnerabilities. We are constantly working on updating and improving our modules, but you can find some highlights from this week’s update below:

WMPL SQL injection
XSS in Jetpack WordPress plugin
WordPress user enumeration via REST API
publicly exposed Predis example files
publicly exposed Webalizer interface
Elastic search remote code execution
/.bash_history finding
open memcache port finding
WordPress plupload.swf XSS
WordPress wpml-plugin XSS
information disclosure module for /unzip.php

Detectify

Complete External Attack Surface Management for AppSec and ProdSec teams.

Check out more content

Product Updates

Introducing Dynamic API Scanning

Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …

September 02, 2025

Product Updates

Redefining AppSec Testing with Intelligent Scan Recommendations and Asset Classification

The average organization is missing testing 9 out of 10 of their complex web apps that are attacker-attractive targets. To address this, we’re launching new …

April 24, 2025

Product Updates

Security Update: Publicly Exposed Ingress NGINX Admission

A series of vulnerabilities, known as IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974), have been identified in ingress-nginx, a widely used Kubernetes ingress controller. When exploited together, …

March 26, 2025

Product Updates

Introducing Alfred for fully autonomous AI-built vulnerability assessments

We are excited to announce Detectify Alfred, a revolutionary system that uses AI to completely autonomously collect and prioritize threat intelligence and generate high-fidelity security …

March 10, 2025