Plugin Security Checker

This plugin uses our Plugin Security Checker to check if the current version of a plugin in the Plugin Directory is known to be vulnerable based on our data on disclosed vulnerabilities and also checks for indications that it may contain other security issues. The checked plugin may contain security issues that cannot be found by this tool. It currently includes checks for the possibility of some instances of the following issues:

• PHP object injection
• Arbitrary file upload
• Arbitrary WordPress option (setting) updating and deletion
• Local file inclusion (LFI)
• SQL injection
• Usage of third-party libraries with known vulnerabilities
• Reflected cross-site scripting (XSS)
• Base64 obfuscation
• Incorrect usage of non-privileged AJAX registration

If you use our Plugin Vulnerabilities service you can also check the security of installed plugins that are not in the Plugin Directory. The results from checking plugins in the Plugin Directory may be logged and publicly disclosed. The results from checking uploaded plugins will not be logged. The results of the tool have lead to identifying and getting fixed some serious vulnerabilities as well as identifying plugins with that are in need of general security improvement.

1.0

• Initial release