[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frheX3MjHr_8YRCcr1Gg4Na8tVD5BUgUMz3KuypER1FU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":150,"fingerprints":340},"exploit-scanner","Exploit Scanner","1.5.2","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.\u003C\u002Fp>\n\u003Cp>It does not remove anything. That is left to the user to do.\u003C\u002Fp>\n\u003Cp>Latest MD5 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>17e2ccfc834d691bc68cc5c64f9bed89  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>1d5f9d6220fe159cd44cb70a998a1cd7  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>fbdf61c17f65094c8e331e1e364acf68  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>477d128d84802e3470cec408424a8de3  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>d53210f999847fbd6f5a2ecac0ad42f2  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Latest SHA1 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>1decc1e47a53d1cab9e8f1ef15b31682198367ee  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>5cec64380a2acdc876fd22fbbbbf8c335df1ed3f  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>99d9e7be23a350f3d1962d0f41e7b4e28c00841e  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>1eeab377a1afc6d776827a063678d2461b29e71d  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>8c890a6af26bb74e9d17e5d2b21d6be27764da45  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">Exploit Scanner homepage\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch3>Interpreting the Results\u003C\u002Fh3>\n\u003Cp>It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err\u003Cbr \u002F>\non the side of caution; if you are unsure then ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002F\" rel=\"ugc\">Support Forums\u003C\u002Fa>,\u003Cbr \u002F>\ndownload a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is:\u003Cbr \u002F>\nmaking matches around unknown external links; finding base64 encoded text in modified core files or the \u003Ccode>wp-config.php\u003C\u002Fcode> file;\u003Cbr \u002F>\nlisting extra admin accounts; or finding content in posts which you did not put there.\u003C\u002Fp>\n\u003Cp>Understanding the three different result levels:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Severe:\u003C\u002Fstrong> results that are often strong indicators of a hack (though they are not definitive proof)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Warning:\u003C\u002Fstrong> these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Note:\u003C\u002Fstrong> lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help! I think I have been hacked!\u003C\u002Fh3>\n\u003Cp>Follow the guides from the Codex:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFAQ_My_site_was_hacked\" rel=\"nofollow ugc\">Codex: FAQ – My site was hacked\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress\" rel=\"nofollow ugc\">Codex: Hardening WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ensure that you change \u003Cstrong>all\u003C\u002Fstrong> of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine\u003Cbr \u002F>\n(either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from\u003Cbr \u002F>\na clean backup and fresh set of files and, of course, use a new set of passwords.\u003C\u002Fp>\n\u003Ch3>Updates\u003C\u002Fh3>\n\u003Cp>Updates to the plugin will be posted here, to \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002F\" rel=\"nofollow ugc\">Holy Shmoly!\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">WordPress Exploit Scanner\u003C\u002Fa> page will always link to the newest version.\u003C\u002Fp>\n\u003Ch3>Other Languages\u003C\u002Fh3>\n\u003Cp>Unfortunately for people using WordPress versions for other locales some of the file hashes may be incorrect as some strings have to be hardcoded in their translated form. Here are some file hashes for WordPress in other languagues provided separately by other members of the community:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwpbiz.jp\u002Ffiles\u002Fexploit-scanner-hashes\u002Fja\u002F\" rel=\"nofollow ugc\">Japanese\u003C\u002Fa> – thanks to Naoko\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftalkpress.de\u002Fartikel\u002Fexploit-scanner-hash-deutsch-wordpress\" rel=\"nofollow ugc\">German\u003C\u002Fa> – thanks to Robert Wetzlmayr\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The hash files should only be declaring an array called $filehashes and the majority of the hashes should still be the same.\u003C\u002Fp>\n","Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.",9000,1067302,64,40,"2017-11-28T06:49:00.000Z","4.7.32","3.3","",[20,21,22,23,24],"hack","hacking","scanner","security","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexploit-scanner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexploit-scanner.1.5.2.zip",84,1,0,"2013-05-29 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"WF-34618970-a4b6-456b-9d01-a09e7a977724-exploit-scanner","exploit-scanner-full-path-disclosure","Exploit Scanner \u003C= 1.3.3 - Full Path Disclosure","The Exploit Scanner plugin for WordPress is vulnerable to Full Path Disclosure in versions up to, and including, 1.3.3 via the 'exploit-scanner.php' file. This can allow unauthenticated attackers to view otherwise restricted full paths.",null,"\u003C=1.3.3","1.3.4","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2026-02-26 14:50:12",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F34618970-a4b6-456b-9d01-a09e7a977724?source=api-prod",4657,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":48,"trust_score":54,"computed_at":55},"donncha",12,31620,91,73,"2026-04-04T06:58:26.580Z",[57,83,102,119,137],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":29,"last_vuln_date":82,"fetched_at":31},"injection-guard","Injection Guard","1.3.0","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cp>\u003Cstrong>Author:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Project URI:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>License:\u003C\u002Fstrong> GPL v3\u003C\u002Fp>\n\u003Cp>Injection Guard is a WordPress plugin designed to block malicious query string attacks and suspicious URL parameters. It logs all incoming attempts, blocks harmful parameters, and adds extra security intelligence to your WordPress admin—like user session tracking and capability audit.\u003C\u002Fp>\n\u003Cp>The plugin uses the \u003Ccode>ig_\u003C\u002Fcode> prefix for database keys and functions, follows WordPress coding standards, and supports multiple languages. It’s compatible with pretty permalinks and helps in securing your site from automated bots and manual attacks.\u003C\u002Fp>\n\u003Ch3>Method A (Admin Panel)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to WordPress Admin > Plugins > Add New > Upload Plugin\u003C\u002Fli>\n\u003Cli>Upload the ZIP file and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to Settings > IG Settings and click “Save Settings”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Method B (Manual Upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download and unzip the plugin package\u003C\u002Fli>\n\u003Cli>Upload the folder to \u003Ccode>\u002Fwp-content\u002Fplugins\u002Finjection-guard\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Activate the plugin from the WordPress Dashboard\u003C\u002Fli>\n\u003Cli>Visit Settings > IG Settings to configure\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Logs all unique query strings attempting to penetrate your website\u003C\u002Fli>\n\u003Cli>Blocks malicious or unknown query parameters\u003C\u002Fli>\n\u003Cli>Tracks login, logout, session start and duration per user\u003C\u002Fli>\n\u003Cli>Capability audit report for all WordPress users\u003C\u002Fli>\n\u003Cli>Multi-language support (FR, DE, ES)\u003C\u002Fli>\n\u003Cli>Bootstrap-based admin UI and dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software licensed under the GNU GPL v2 or later.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this plugin. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin blocks all unauthorized and irrelevant requests through query strings and provides extended session tracking and capability audit.",1000,32926,100,4,"2026-03-14T21:13:00.000Z","6.9.4","3.0","7.0",[74,75,23,76,77],"anti-hacking","firewall","sql-injection","wordpress-security","https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finjection-guard.1.3.0.zip",96,5,"2025-07-24 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":29,"num_ratings":29,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":18,"tags":96,"homepage":99,"download_link":100,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"exploit-scanner-for-active-theme","Exploit Scanner for Active Theme","1.0.5","Tauno Hanni","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaunoh\u002F","\u003Cp>Search the active theme files for signs that may indicate that it has fallen victim to malicious hackers.\u003C\u002Fp>\n\u003Cp>Or use this plugin as a tool to verify the integrity of the installed theme.\u003C\u002Fp>\n","Detects whether your theme files have fallen victim to malicious hackers.",20,3526,"2016-09-06T19:39:00.000Z","4.8.28","4.4",[97,98,20,21,22],"crack","exploit","http:\u002F\u002Fprixal.eu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexploit-scanner-for-active-theme.1.0.5.zip",85,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":29,"num_ratings":29,"last_updated":112,"tested_up_to":16,"requires_at_least":71,"requires_php":18,"tags":113,"homepage":117,"download_link":118,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"guard","Guard","1.2.2","Mitch","https:\u002F\u002Fprofiles.wordpress.org\u002Flowest\u002F","\u003Cp>Guard protects your wp-admin against bruteforce attacks.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Max retries: You have the power to choose how many attempts a user can make before the user is blocked;\u003C\u002Fli>\n\u003Cli>Lockdown: This prevents the user from being able to use the login form after too many retries;\u003C\u002Fli>\n\u003Cli>Email notifications: We’ll report a user lockdown to you via email;\u003C\u002Fli>\n\u003Cli>Hide lost password: Hides the “Forgot your password?” link from the login form page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin does not make any changes to core: When you delete\u002Funinstall the plugin, everything will revert back to normal.\u003C\u002Fp>\n","Guard protects your wp-admin against bruteforce attacks.",10,2672,"2016-11-01T23:38:00.000Z",[114,115,21,116,23],"anti-hack","bruteforce","protect","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fguard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguard.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":110,"downloaded":127,"rating":29,"num_ratings":29,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":135,"download_link":136,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"kratos-anti-spam","Kratos Anti Spam","1.0","softpill.eu","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftpilleu\u002F","\u003Cp>Kratos Anti Spam is a WordPress plugin, built to stop bots from sending spam and hacking attacks through all your website forms (i.e.: contact forms, comments, etc.)\u003C\u002Fp>\n\u003Cp>Kratos Anti Spam features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>STOP SPAM\u003C\u002Fli>\n\u003Cli>STOP HACKING\u003C\u002Fli>\n\u003Cli>Don’t require users to input captcha codes, or to answer questions\u003C\u002Fli>\n\u003Cli>Invisible to the user\u003C\u002Fli>\n\u003Cli>One click install\u003C\u002Fli>\n\u003Cli>No conflicts with other extensions\u003C\u002Fli>\n\u003Cli>No javascript conflicts\u003C\u002Fli>\n\u003Cli>Protect when users logged in or logged out\u003C\u002Fli>\n\u003Cli>Set custom error redirect URL\u003C\u002Fli>\n\u003Cli>Option to exclude protection on pages (i.e.: paypal payment notification request url)\u003C\u002Fli>\n\u003Cli>Option to exclude protection by request headers\u003C\u002Fli>\n\u003Cli>Option to log hacking attempts\u003C\u002Fli>\n\u003Cli>Log modified files, usefull to monitor hacked files\u003C\u002Fli>\n\u003Cli>Option to send log in email at specific time\u003C\u002Fli>\n\u003Cli>Option to send log email on demand\u003C\u002Fli>\n\u003Cli>Option to log the POST request\u003C\u002Fli>\n\u003C\u002Ful>\n","Stop SPAM! Stop HAKING! No annoying CAPTCHA for your users! As simple as that!",1656,"2015-10-07T07:23:00.000Z","4.3.34","4.0.0",[74,132,133,134],"anti-spam","stop-haking","stop-spam","http:\u002F\u002Fwww.softpill.eu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkratos-anti-spam.zip",{"slug":138,"name":139,"version":140,"author":138,"author_profile":141,"description":142,"short_description":143,"active_installs":29,"downloaded":144,"rating":29,"num_ratings":29,"last_updated":18,"tested_up_to":70,"requires_at_least":145,"requires_php":72,"tags":146,"homepage":147,"download_link":148,"security_score":67,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":149},"abyssguard","AbyssGuard","1.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fabyssguard\u002F","\u003Cp>AbyssGuard is an invisible security layer for WordPress that protects your site from vulnerabilities, zero-day attacks, harvesters, spam, and hacking attempts – without breaking plugins or generating false positives.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>In order to make the necessary security checks, on each request this plugin connects to the AbyssGuard API, which is external to WordPress and to your site, sending a small amount of headers to be checked. The service is provided by AbyssGuard.\u003C\u002Fp>\n\u003Cp>Important: Please review our Terms of Service and Privacy Policy:\u003C\u002Fp>\n\u003Cp>Terms of Service: https:\u002F\u002Fwww.abyssguard.com\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fwww.abyssguard.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch4>Data being sent\u003C\u002Fh4>\n\u003Cp>The following data is transmitted to the AbyssGuard API on each request:\u003Cbr \u002F>\n1. Your API key (for authentication)\u003Cbr \u002F>\n2. Visitor’s IP address\u003Cbr \u002F>\n3. The visited URI (page URL)\u003Cbr \u002F>\n4. The visited host (domain name, for identification and settings)\u003Cbr \u002F>\n5. The visitor’s referrer (where they came from)\u003Cbr \u002F>\n6. Request method (GET, POST, etc.)\u003Cbr \u002F>\n7. Visitor’s User-Agent (browser information)\u003Cbr \u002F>\n8. Visitor’s Accept header (content types accepted)\u003Cbr \u002F>\n9. Visitor’s browser language\u003Cbr \u002F>\n10. Plugin identifier (indicates request is from WordPress plugin and its version)\u003C\u002Fp>\n\u003Ch4>Data NOT being sent\u003C\u002Fh4>\n\u003Cp>The following data is never transmitted:\u003Cbr \u002F>\n1. Cookies\u003Cbr \u002F>\n2. Headers not listed in the “Data being sent” section\u003Cbr \u002F>\n3. Request body\u002FPOST data\u003Cbr \u002F>\n4. Form data\u003Cbr \u002F>\n5. User credentials (session, browser storage)\u003C\u002Fp>\n\u003Cp>All communication is encrypted via HTTPS. The data is used solely for security verification purposes and relevant security logs. Only you (the account owner) can access your security logs through you AbyssGuard dashboard.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Anti Hacking\u003C\u002Fli>\n\u003Cli>Anti Spam\u003C\u002Fli>\n\u003Cli>Anti Harvesting\u003C\u002Fli>\n\u003Cli>Protection from plugins vulnerabilities\u003C\u002Fli>\n\u003Cli>Zero-Day Attack Protection\u003C\u002Fli>\n\u003Cli>Blocking automated bots\u003C\u002Fli>\n\u003Cli>Blocking vulnerability scanners\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.abyssguard.com\" rel=\"nofollow ugc\">AbyssGuard\u003C\u002Fa>\u003C\u002Fp>\n","WordPress security plugin protecting from vulnerabilities, zero-day attacks, harvesters, spam, and hacking attempts.",140,"2.7",[114,132,75,23],"https:\u002F\u002Fwww.abyssguard.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabyssguard.1.0.0.zip","2026-03-15T10:48:56.248Z",{"attackSurface":151,"codeSignals":187,"taintFlows":240,"riskAssessment":326,"analyzedAt":339},{"hooks":152,"ajaxHandlers":168,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":186,"unprotectedCount":29},[153,159,163],{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","admin_menu","exploitscanner_menu","exploit-scanner.php",24,{"type":154,"name":160,"callback":161,"file":157,"line":162},"admin_init","exploitscanner_update",575,{"type":164,"name":165,"callback":166,"priority":110,"file":157,"line":167},"filter","plugin_action_links","exploit_scanner_plugin_actions",1002,[169,175,179],{"action":170,"nopriv":171,"callback":172,"hasNonce":173,"hasCapCheck":173,"file":157,"line":174},"exploit-scanner_view_diff",false,"exploitscanner_diff_page",true,331,{"action":176,"nopriv":171,"callback":177,"hasNonce":173,"hasCapCheck":171,"file":157,"line":178},"exploit-scanner_file_scan","exploitscanner_ajax_file_scan",450,{"action":180,"nopriv":171,"callback":181,"hasNonce":173,"hasCapCheck":171,"file":157,"line":182},"exploit-scanner_db_scan","exploitscanner_ajax_db_scan",464,[],[],[],3,{"dangerousFunctions":188,"sqlUsage":189,"outputEscaping":197,"fileOperations":238,"externalRequests":28,"nonceChecks":81,"capabilityChecks":190,"bundledLibraries":239},[],{"prepared":190,"raw":190,"locations":191},2,[192,195],{"file":157,"line":193,"context":194},908,"$wpdb->get_results() with variable interpolation",{"file":157,"line":196,"context":194},921,{"escaped":198,"rawEcho":199,"locations":200},21,19,[201,204,206,208,210,212,214,216,217,219,220,222,224,226,228,230,232,234,236],{"file":157,"line":202,"context":203},98,"raw output",{"file":157,"line":205,"context":203},104,{"file":157,"line":207,"context":203},218,{"file":157,"line":209,"context":203},228,{"file":157,"line":211,"context":203},235,{"file":157,"line":213,"context":203},236,{"file":157,"line":215,"context":203},238,{"file":157,"line":215,"context":203},{"file":157,"line":218,"context":203},239,{"file":157,"line":218,"context":203},{"file":157,"line":221,"context":203},274,{"file":157,"line":223,"context":203},322,{"file":157,"line":225,"context":203},329,{"file":157,"line":227,"context":203},416,{"file":157,"line":229,"context":203},441,{"file":157,"line":231,"context":203},443,{"file":157,"line":233,"context":203},445,{"file":235,"line":14,"context":203},"hashes-generator.php",{"file":235,"line":237,"context":203},43,6,[],[241,273,311],{"entryPoint":242,"graph":243,"unsanitizedCount":28,"severity":272},"exploitscanner_diff_page (exploit-scanner.php:314)",{"nodes":244,"edges":268},[245,250,256,259,263],{"id":246,"type":247,"label":248,"file":157,"line":249},"n0","source","$_GET (x2)",320,{"id":251,"type":252,"label":253,"file":157,"line":254,"wp_function":255},"n1","sink","echo() [XSS]",321,"echo",{"id":257,"type":247,"label":258,"file":157,"line":223},"n2","$_GET",{"id":260,"type":261,"label":262,"file":157,"line":223},"n3","transform","→ exploitscanner_display_file_diff()",{"id":264,"type":252,"label":265,"file":157,"line":266,"wp_function":267},"n4","file_get_contents() [SSRF\u002FLFI]",365,"file_get_contents",[269,270,271],{"from":246,"to":251,"sanitized":173},{"from":257,"to":260,"sanitized":171},{"from":260,"to":264,"sanitized":171},"medium",{"entryPoint":274,"graph":275,"unsanitizedCount":28,"severity":272},"\u003Cexploit-scanner> (exploit-scanner.php:0)",{"nodes":276,"edges":303},[277,278,279,280,281,284,286,289,293,295,297,299,301],{"id":246,"type":247,"label":248,"file":157,"line":249},{"id":251,"type":252,"label":253,"file":157,"line":254,"wp_function":255},{"id":257,"type":247,"label":248,"file":157,"line":249},{"id":260,"type":252,"label":265,"file":157,"line":266,"wp_function":267},{"id":264,"type":247,"label":282,"file":157,"line":283},"$_GET['file']",394,{"id":285,"type":252,"label":265,"file":157,"line":283,"wp_function":267},"n5",{"id":287,"type":247,"label":282,"file":157,"line":288},"n6",408,{"id":290,"type":252,"label":291,"file":157,"line":288,"wp_function":292},"n7","file_put_contents() [File Write]","file_put_contents",{"id":294,"type":247,"label":258,"file":157,"line":283},"n8",{"id":296,"type":252,"label":291,"file":157,"line":288,"wp_function":292},"n9",{"id":298,"type":247,"label":258,"file":157,"line":223},"n10",{"id":300,"type":261,"label":262,"file":157,"line":223},"n11",{"id":302,"type":252,"label":265,"file":157,"line":266,"wp_function":267},"n12",[304,305,306,307,308,309,310],{"from":246,"to":251,"sanitized":173},{"from":257,"to":260,"sanitized":173},{"from":264,"to":285,"sanitized":173},{"from":287,"to":290,"sanitized":173},{"from":294,"to":296,"sanitized":173},{"from":298,"to":300,"sanitized":171},{"from":300,"to":302,"sanitized":171},{"entryPoint":312,"graph":313,"unsanitizedCount":29,"severity":325},"exploitscanner_fix_vulnerability_page (exploit-scanner.php:377)",{"nodes":314,"edges":321},[315,316,317,318,319,320],{"id":246,"type":247,"label":282,"file":157,"line":283},{"id":251,"type":252,"label":265,"file":157,"line":283,"wp_function":267},{"id":257,"type":247,"label":282,"file":157,"line":288},{"id":260,"type":252,"label":291,"file":157,"line":288,"wp_function":292},{"id":264,"type":247,"label":258,"file":157,"line":283},{"id":285,"type":252,"label":291,"file":157,"line":288,"wp_function":292},[322,323,324],{"from":246,"to":251,"sanitized":173},{"from":257,"to":260,"sanitized":173},{"from":264,"to":285,"sanitized":173},"low",{"summary":327,"deductions":328},"The 'exploit-scanner' plugin v1.5.2 presents a mixed security posture. On the positive side, the static analysis reveals a limited attack surface, with all identified AJAX handlers protected by authentication checks. Furthermore, the absence of REST API routes, shortcodes, and cron events as entry points reduces the plugin's exposure.  The presence of nonces and capability checks also indicates an awareness of security best practices.\n\nHowever, the code analysis highlights some areas of concern. Half of the SQL queries are not using prepared statements, which could lead to SQL injection vulnerabilities if not handled carefully in specific contexts. A significant portion of output is also not properly escaped (47%), posing a risk of cross-site scripting (XSS) attacks. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths, which warrants further investigation for potential vulnerabilities.\n\nThe vulnerability history shows a single high-severity CVE related to the exposure of sensitive information. While this vulnerability is reported as currently unpatched, the fact that the last vulnerability was in 2013 suggests a period of relative security since then. However, the presence of a past high-severity vulnerability, particularly related to information exposure, underscores the importance of ongoing vigilance and thorough auditing for any plugin.",[329,331,334,336],{"reason":330,"points":110},"SQL queries not using prepared statements (50%)",{"reason":332,"points":333},"Output not properly escaped (47%)",7,{"reason":335,"points":81},"Taint analysis found unsanitized paths (2 flows)",{"reason":337,"points":338},"Past high severity vulnerability (Exposure of Sensitive Info)",15,"2026-03-16T17:52:39.905Z",{"wat":341,"direct":348},{"assetPaths":342,"generatorPatterns":344,"scriptPaths":345,"versionParams":346},[343],"\u002Fwp-content\u002Fplugins\u002Fexploit-scanner\u002Fexploit-scanner.js",[],[343],[347],"exploit-scanner\u002Fexploit-scanner.js?ver=",{"cssClasses":349,"htmlComments":351,"htmlAttributes":352,"restEndpoints":353,"jsGlobals":355,"shortcodeOutput":359},[350],"skipped-file",[],[],[354],"\u002Fwp-json\u002Fexploit-scanner\u002F",[356,357,358],"exploitscanner_nonce","exploitscanner_file_scan","exploitscanner_db_scan",[]]