showerwall.co.uk
Scanned Jun 19, 2026, 09:19 AM
Run a fresh audit — UpgradeSecurity Assessment
Key findings for showerwall.co.uk
- 19 active vulnerabilities detected across 10 plugins.
- 6 plugins are outdated and should be updated.
- 3 sensitive paths exposed to the public.
WordPress
Active Theme
Hosting Provider
Detected Plugins
10 total| Plugin | Vulnerabilities |
|---|---|
mediumCVE-2025-53193 | |
WooCommerce medium confidence | |
Newsletter – Send awesome emails from WordPress medium confidence | |
Complianz – GDPR/CCPA Cookie Consent medium confidence | |
WP Store Locator medium confidence | mediumCVE-2026-3361 highCVE-2025-52737 |
Your full security report is ready
We found 10 plugins on this site. Unlock the complete analysis:
Security Report
- Full report for this site
- Every detected plugin & CVE
- Remediation guidance
- No re-audit after fixes
Report + Re-audit
- Everything in Security Report
- One complimentary re-audit within 90 days
- Verify your fixes actually closed the findings
- Clean-record badge for your site
Guided Remediation
- Everything in Report + Re-audit
- 15–30 min expert consult to triage findings
- Prioritized action plan for your site
- Optional partner handoff for fixes
One-time payment · Instant access · No subscription required
Not ready to buy? We'll send you a one-time free alert
if we detect a new vulnerability affecting your plugins.
One free alert · Continuous monitoring available with a paid plan
Security Posture
Security Headers
64/100No Content-Security-Policy header. Your site is more vulnerable to XSS attacks.
HSTS max-age is too short. Recommended: at least 1 year (31536000).
Clickjacking protection is enabled.
TLS/SSL Certificate
Exposed Paths & Login Security
3 exposed3 security issues found — unlock to see which paths are exposed.
DNS & Email Security
SPF record with hard fail (-all) — strong email authentication.
DMARC policy is set to none — monitoring only, not enforcing.
DKIM record found for selector "default". Email signatures can be verified.
Infrastructure
Server: LiteSpeed
X-Powered-By header is not exposed.
No WAF detected. Consider adding one for additional protection.