GitHub - glenscott/wordpress-plugin-security-scanner: Tool to scan installed WordPress plugins for security issues.

glenscott / wordpress-plugin-security-scanner Public

Notifications You must be signed in to change notification settings
Fork 3
Star 4

Tool to scan installed WordPress plugins for security issues.

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 54 Commits
bin		bin
tests		tests
Dockerfile		Dockerfile
composer.json		composer.json
db-error.php		db-error.php
docker-compose.yml		docker-compose.yml
phpcs.ruleset.xml		phpcs.ruleset.xml
phpunit.xml.dist		phpunit.xml.dist
plugin-security-scanner.php		plugin-security-scanner.php
readme.txt		readme.txt

Repository files navigation

=== Plugin Security Scanner ===
Contributors: glen_scott
Tags: plugins,security,scanner,vulnerabilities,secure
Tested up to: 4.8
Stable tag: 1.5.0
License: GPLv2 or later

This plugin alerts you if any of your plugins have security vulnerabilities.  It does this by utilising the WPScan Vulnerability Database once a day.

== Description ==

This plugin determines whether any of your plugins or themes have security vulnerabilities.  It does this by looking up details in the WPScan Vulnerability Database.

It will run a scan once a day, and e-mail the administrator if any vulnerable plugins or themes are found.

You can also register a webhook for notifications. The webhook will trigger daily, even if no vulnerabilities found. The webhook is a post request, with JSON payload containing the vulnerabilities.

You can enable the webhook under Settings\General tab - see the Plugin Security Scanner settings.

It also adds a new menu option to the admin tools menu called "Plugin Security Scanner".  Clicking this runs a scan.  If the scan finds any problems, it shows you a list of plugins or themes that have vulnerabilities, along with a description of the issue.

Icons made by <a href="http://www.flaticon.com/authors/alessio-atzeni" title="Alessio Atzeni">Alessio Atzeni</a> from <a href="http://www.flaticon.com" title="Flaticon">www.flaticon.com</a> is licensed by <a href="http://creativecommons.org/licenses/by/3.0/" title="Creative Commons BY 3.0">CC BY 3.0</a>

== Screenshots ==

1. Example run of the security scanner that has found two vulnerable plugins.
2. E-mail alert to administrator when vulnerable plugins have been found.

== Changelog ==

= 1.4.1 =
* Fix issue with theme version checking

= 1.4 =
* Themes as well as plugins are now scanned for vulnerabilities

= 1.3.1 =
* Added check to make sure the WPVulnDb API has returned a valid response

= 1.3 =
* Added option under "Settings / General / Plugin Security Scanner" to disable the email notification

= 1.2.1 =
* Moved to WPScan Vulnerability Database API v2

= 1.2.0 =
* Added i18n support

= 1.1.9 =
* Fix: Removed unecessary ob_flush calls
* Fix: If vulnerability does not have a "fixed in" version number, report it as a vulnerability

= 1.1.8 =
* Fix: corrected links to WPScan Vulnerability Database

= 1.1.7 =
* Add link to WPScan Vulnerability Database details page

= 1.1.6 =

* Conditionally include plugin.php include in case it is not already included

= 1.1.5 =
* Escape output in HTML report to prevent XSS

= 1.1.4 =
* Added blog title to email subject

= 1.1.3 =
* Fixed bug that prevented admin email being sent

= 1.1 =
* Email admin daily if any vulnerabilities are found

= 1.0 =
* Initial release