Notify of vulnerabilities as soon as they are detected

  • Resolved Eusebiu Oprinoiu

    (@eusebiuoprinoiu)


    8 years, 6 months ago

    Hello, Edir!

    I noticed your plugin detects and sends notifications only after a vulnerability is marked as fixed in WPScan. I believe people should know as soon as possible that their websites are vulnerable and that means they should be notified regardless of the “fixed_in” variable status.

    I made a small change to the function that retrieves the vulnerabilities to correct this issue. Can you please add it to your plugin?
    https://pastebin.com/h4WDnevM

    Also, if you have the plugin on Github, please consider adding a link to its repository in the plugin description.

    Best regards,
    Eusebiu Oprinoiu

    PS: Take a look at this issue as well!

    https://www.ads-software.com/plugins/vulnerability-alerts/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Eusebiu Oprinoiu

    (@eusebiuoprinoiu)

    You can test this issue with the WordPress Zero Spam plugin that’s currently removed from the repository due to a serious security vulnerability.

    You can take the plugin from Github, but make sure you rename the plugin folder to “zero-spam” to be correctly identified by WPScan.

    Right now, your plugin doesn’t list it as vulnerable but with the new code it should be identified as a security threat.

    Best regards,
    Eusebiu Oprinoiu

    Plugin updated, thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Notify of vulnerabilities as soon as they are detected’ is closed to new replies.