Does Exploit Scanner have any unpatched vulnerabilities?

No. All known vulnerabilities in Exploit Scanner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Exploit Scanner compatible with WordPress 4.7.32?

According to WordPress.org data, Exploit Scanner 1.5.2 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Exploit Scanner updated?

Exploit Scanner was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Exploit Scanner's security score?

Exploit Scanner has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Exploit Scanner Security & Risk Analysis

wordpress.org/plugins/exploit-scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

9K active installs v1.5.2 PHP + WP 3.3+ Updated Nov 28, 2017

hackhackingscannersecurityspam

B · Generally Safe

CVEs total1

Unpatched0

Last CVEMay 29, 2013

Plugin page Download

Safety Verdict

Is Exploit Scanner Safe to Use in 2026?

Mostly Safe

Score 84/100

Exploit Scanner is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: May 29, 2013Updated 8yr ago

Risk Assessment

The 'exploit-scanner' plugin v1.5.2 presents a mixed security posture. On the positive side, the static analysis reveals a limited attack surface, with all identified AJAX handlers protected by authentication checks. Furthermore, the absence of REST API routes, shortcodes, and cron events as entry points reduces the plugin's exposure. The presence of nonces and capability checks also indicates an awareness of security best practices.

However, the code analysis highlights some areas of concern. Half of the SQL queries are not using prepared statements, which could lead to SQL injection vulnerabilities if not handled carefully in specific contexts. A significant portion of output is also not properly escaped (47%), posing a risk of cross-site scripting (XSS) attacks. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths, which warrants further investigation for potential vulnerabilities.

The vulnerability history shows a single high-severity CVE related to the exposure of sensitive information. While this vulnerability is reported as currently unpatched, the fact that the last vulnerability was in 2013 suggests a period of relative security since then. However, the presence of a past high-severity vulnerability, particularly related to information exposure, underscores the importance of ongoing vigilance and thorough auditing for any plugin.

Key Concerns

SQL queries not using prepared statements (50%)
Output not properly escaped (47%)
Taint analysis found unsanitized paths (2 flows)
Past high severity vulnerability (Exposure of Sensitive Info)

Vulnerabilities

Exploit Scanner Security Vulnerabilities

CVEs by Year

1 CVE in 2013

2013

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-34618970-a4b6-456b-9d01-a09e7a977724-exploit-scannerhigh · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Exploit Scanner <= 1.3.3 - Full Path Disclosure

May 29, 2013 Patched in 1.3.4 (4657d)

Code Analysis

Analyzed Mar 16, 2026

Exploit Scanner Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared4 total queries

Output Escaping

53% escaped40 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

exploitscanner_diff_page (exploit-scanner.php:314)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Exploit Scanner Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_exploit-scanner_view_diffexploit-scanner.php:331

authwp_ajax_exploit-scanner_file_scanexploit-scanner.php:450

authwp_ajax_exploit-scanner_db_scanexploit-scanner.php:464

WordPress Hooks 3

actionadmin_menuexploit-scanner.php:24

actionadmin_initexploit-scanner.php:575

filterplugin_action_linksexploit-scanner.php:1002

Maintenance & Trust

Exploit Scanner Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedNov 28, 2017

PHP min version

Downloads1.1M

Community Trust

Rating64/100

Number of ratings40

Active installs9K

Alternatives

Exploit Scanner Alternatives

Injection Guard

injection-guard

This plugin blocks all unauthorized and irrelevant requests through query strings and provides extended session tracking and capability audit.

1K 5 CVEs

Exploit Scanner for Active Theme

exploit-scanner-for-active-theme

Detects whether your theme files have fallen victim to malicious hackers.

20 No CVEs

Guard

guard

Guard protects your wp-admin against bruteforce attacks.

10 No CVEs

Kratos Anti Spam

kratos-anti-spam

Stop SPAM! Stop HAKING! No annoying CAPTCHA for your users! As simple as that!

10 No CVEs

AbyssGuard

abyssguard

100

WordPress security plugin protecting from vulnerabilities, zero-day attacks, harvesters, spam, and hacking attempts.

0 No CVEs

Developer Profile

Exploit Scanner Developer Profile

Donncha O Caoimh (a11n)

12 plugins · 32K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

4657 days

View full developer profile

Detection Fingerprints

How We Detect Exploit Scanner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/exploit-scanner/exploit-scanner.js

Script Paths