[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwcRuP8K2REqCes863XSkPYMXQZEgbImyAzEWwHHAjKc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":142,"fingerprints":540},"wp-sentinel","WP-Sentinel","2.0.3","evilsocket","https:\u002F\u002Fprofiles.wordpress.org\u002Fevilsocket\u002F","\u003Cp>WP-Sentinel, is a plugin for the WordPress platform which will increase the security of your blog against attacks\u003Cbr \u002F>\nfrom crackers, lamers, black hats, h4x0rs, etc .\u003Cbr \u002F>\nThe plugin will be loaded by wordpress before every other installed plugin and will execute some security checks upon incoming http requests and, when one of more\u003Cbr \u002F>\nrequests turn on the system alarm, they will be blocked, the sentinel then will show a warning message to the user and send a notification email to the blog\u003Cbr \u002F>\nadministrator with the whole attack details.\u003Cbr \u002F>\nFurthermore wp-sentinel will communicate with a centralized server to collect attackers data and build a ip address blacklist.\u003C\u002Fp>\n\u003Cp>This plugin is able to block those kind of attacks :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cross Site Scriptings\u003C\u002Fli>\n\u003Cli>HTML Injections\u003C\u002Fli>\n\u003Cli>Remote File Inclusions\u003C\u002Fli>\n\u003Cli>Remote Command Executions\u003C\u002Fli>\n\u003Cli>Local File Inclusions\u003C\u002Fli>\n\u003Cli>SQL Injections \u003C\u002Fli>\n\u003Cli>Integer & string overflows\u003C\u002Fli>\n\u003Cli>Cross Site Request Forgery \u003C\u002Fli>\n\u003Cli>Login bruteforcing\u003C\u002Fli>\n\u003Cli>Flooding\u003C\u002Fli>\n\u003Cli>… and so on 🙂\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP-Sentinel will NOT check requests from the user logged in as administrator, so if you want to check the installation you have to log out first.\u003C\u002Fp>\n","A wordpress security system plugin which will check every HTTP request against a given set of rules to filter out malicious requests.",60,23802,52,5,"2012-02-03T11:57:00.000Z","3.3.2","2.8","",[20,21,22,23,24],"exploit","hack","ids","ips","security","http:\u002F\u002Flab.evilsocket.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sentinel.2.0.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T17:08:24.705Z",[38,58,83,105,123],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":18,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gauntlet-security","Gauntlet Security","1.4.1","Cornelius Bergen","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbergen\u002F","\u003Cp>Gauntlet Security can find opportunities for improving the security of your site. It checks many aspects of the site’s configuration including file permissions, server software, PHP, database, plugins, themes, and user accounts. The plugin will give each check a pass, warning, or fail and explain in clear language how you can fix the issue.\u003C\u002Fp>\n\u003Cp>How you ultimately choose to patch these issues is up to you but whatever method you use, this plugin should always provide an accurate report. It does not make changes to your database or to any of your files and it should be compatible with all other security plugins.\u003C\u002Fp>\n\u003Cp>Checks and recommendations include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set correct file and directory permissions\u003C\u002Fli>\n\u003Cli>Turn off directory indexing\u003C\u002Fli>\n\u003Cli>Prevent code execution in the uploads directory\u003C\u002Fli>\n\u003Cli>Block files in the includes directory\u003C\u002Fli>\n\u003Cli>Prevent access to stray files which could be useful to attackers\u003C\u002Fli>\n\u003Cli>Keep PHP up-to-date\u003C\u002Fli>\n\u003Cli>Disable dangerous PHP functions\u003C\u002Fli>\n\u003Cli>Disable allow_url_include and allow_url_fopen PHP flags\u003C\u002Fli>\n\u003Cli>Turn off the display of PHP errors\u003C\u002Fli>\n\u003Cli>Don’t advertise the PHP version you are running\u003C\u002Fli>\n\u003Cli>Use a strong database password\u003C\u002Fli>\n\u003Cli>Change the default database table prefix\u003C\u002Fli>\n\u003Cli>Keep WordPress up-to-date\u003C\u002Fli>\n\u003Cli>Turn off file editing in the control panel\u003C\u002Fli>\n\u003Cli>Set security keys in WP-Config file\u003C\u002Fli>\n\u003Cli>Don’t advertise the WordPress version you are running\u003C\u002Fli>\n\u003Cli>Turn off self-registration\u003C\u002Fli>\n\u003Cli>Force SSL when accessing the admin area\u003C\u002Fli>\n\u003Cli>Review the development activity and reputation of all plugins\u003C\u002Fli>\n\u003Cli>Remove unused themes from the server\u003C\u002Fli>\n\u003Cli>Rename the plugin directory\u003C\u002Fli>\n\u003Cli>Move the active theme to an alternate location\u003C\u002Fli>\n\u003Cli>Do not use TimThumb\u003C\u002Fli>\n\u003Cli>Do not use common user names (such as “admin”)\u003C\u002Fli>\n\u003Cli>Do not use weak passwords\u003C\u002Fli>\n\u003Cli>Do not have a user with an ID = 1\u003C\u002Fli>\n\u003Cli>Minimize the number of admin users\u003C\u002Fli>\n\u003Cli>Users should not display their login usernames publicly\u003C\u002Fli>\n\u003Cli>Prevent username enumeration through standard author URLs\u003C\u002Fli>\n\u003Cli>…more tests planned\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check the \u003Ca href=\"screenshots\" rel=\"nofollow ugc\">screenshots\u003C\u002Fa> for more detail on some of the above features.\u003C\u002Fp>\n\u003Cp>Many of these security checks are based on recommendations from the WordPress codex: https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>Some of the tips included in this plugin only require making small changes to configuration files (.htaccess, php.ini, wp-config.php, functions.php). Others require more in-depth changes to the filesystem or database. Before attempting any of these fixes, you should be comfortable experimenting and know how to undo any change you make. That includes making backups and knowing how restore your site from those backups. I can’t guarantee that the recommendations or sample code provided in this plugin will not break your site or that they will prevent it from being hacked.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Apache web server\u003C\u002Fli>\n\u003Cli>WordPress 3.4 minimum\u003C\u002Fli>\n\u003Cli>PHP 5.2.7 minimum\u003C\u002Fli>\n\u003C\u002Ful>\n","Performs a detailed security analysis of your WordPress installation. Provides specific instructions on how to make your site more secure.",70,8052,100,8,"2016-07-19T02:06:00.000Z","4.6.30","3.4",[20,54,55,24,56],"hacks","secure","vulnerability","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgauntlet-security.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":33,"last_vuln_date":82,"fetched_at":30},"wp-limit-login-attempts","WP Limit Login Attempts","2.6.5","Arshid","https:\u002F\u002Fprofiles.wordpress.org\u002Farshidkv12\u002F","\u003Cp>Limit Login Attempts for login protection, protect site from brute force attacks.Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. WP Limit Login Attempts plugin limit rate of login attempts and block IP temporarily. It is detecting bots by captcha verification.\u003C\u002Fp>\n\u003Cp>Go to \u003Ccode>Settings > WP Limit Login\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Login Security – Limit Login Attempts and track user login attempts\u003C\u002Fli>\n\u003Cli>Captcha Verification \u003C\u002Fli>\n\u003Cli>Light weight plugin \u003C\u002Fli>\n\u003Cli>Mechanism for slow down brute force attack \u003C\u002Fli>\n\u003Cli>Redirect to home page, when abnormal request (It will stop hacking tools)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Limit Login Attempts\u003C\u002Fh4>\n\u003Cp>A brute force attack is a trial-and-error mеthоd uѕеd tо оbtаin infоrmаtiоn such аѕ a user раѕѕwоrd оr реrѕоnаl idеntifiсаtiоn number (PIN). In a brute force attack, аutоmаtеd software iѕ uѕеd tо gеnеrаtе a lаrgе numbеr оf соnѕесutivе guesses аѕ to thе value of thе desired data. Brute force attack may bе uѕеd by сriminаlѕ tо crack еnсrурtеd dаtа, оr bу security аnаlуѕtѕ to tеѕt an оrgаnizаtiоn’ѕ nеtwоrk security.\u003C\u002Fp>\n\u003Cp>If уоu аdорt thе use оf this plugin, it will limit thе number оf timеѕ a uѕеr can аttеmрt tо log intо уоur ассоunt. Aftеr a сарtсhа verification would have bееn rеԛuеѕtеd, thе mесhаniѕm will ѕlоw dоwn brutе fоrсе аttасk hаving thе роwеr tо redirect tо home page аnd соmрlеtеlу аvоid intruder intо уоur рrесiоuѕ ассоunt.\u003C\u002Fp>\n\u003Ch4>Captcha Verification\u003C\u002Fh4>\n\u003Cp>WP Limit Login Attempts plugin provides an extra protection by Captcha.\u003Cbr \u002F>\nCaptcha Verification in seven attempts. It will be highly helpful for removing bots.\u003C\u002Fp>\n\u003Cp>For more service ,\u003Ca href=\"http:\u002F\u002Fwww.ciphercoin.com\" rel=\"nofollow ugc\">Please visit\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Donations\u003C\u002Fh4>\n\u003Cp>WP Limit Login Attempts plugin protecting your admin. Please make donation, I really appreciate it .\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>http:\u002F\u002Fwww.ciphercoin.com\u002Fcontact\u002F\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_T8SWmMcawo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Limit rate of login attempts and block IP temporarily. Brute force attack protection. GDPR compliant. Captcha enabled.",10000,441779,92,300,"2024-08-04T01:13:00.000Z","6.6.5","6.0","5.6",[75,21,76,77,24],"authentication","login","loginizer","https:\u002F\u002Fciphercoin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-limit-login-attempts.zip",68,2,"2022-12-27 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":98,"homepage":102,"download_link":103,"security_score":35,"vuln_count":33,"unpatched_count":28,"last_vuln_date":104,"fetched_at":30},"exploit-scanner","Exploit Scanner","1.5.2","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.\u003C\u002Fp>\n\u003Cp>It does not remove anything. That is left to the user to do.\u003C\u002Fp>\n\u003Cp>Latest MD5 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>17e2ccfc834d691bc68cc5c64f9bed89  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>1d5f9d6220fe159cd44cb70a998a1cd7  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>fbdf61c17f65094c8e331e1e364acf68  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>477d128d84802e3470cec408424a8de3  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>d53210f999847fbd6f5a2ecac0ad42f2  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Latest SHA1 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>1decc1e47a53d1cab9e8f1ef15b31682198367ee  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>5cec64380a2acdc876fd22fbbbbf8c335df1ed3f  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>99d9e7be23a350f3d1962d0f41e7b4e28c00841e  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>1eeab377a1afc6d776827a063678d2461b29e71d  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>8c890a6af26bb74e9d17e5d2b21d6be27764da45  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">Exploit Scanner homepage\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch3>Interpreting the Results\u003C\u002Fh3>\n\u003Cp>It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err\u003Cbr \u002F>\non the side of caution; if you are unsure then ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002F\" rel=\"ugc\">Support Forums\u003C\u002Fa>,\u003Cbr \u002F>\ndownload a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is:\u003Cbr \u002F>\nmaking matches around unknown external links; finding base64 encoded text in modified core files or the \u003Ccode>wp-config.php\u003C\u002Fcode> file;\u003Cbr \u002F>\nlisting extra admin accounts; or finding content in posts which you did not put there.\u003C\u002Fp>\n\u003Cp>Understanding the three different result levels:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Severe:\u003C\u002Fstrong> results that are often strong indicators of a hack (though they are not definitive proof)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Warning:\u003C\u002Fstrong> these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Note:\u003C\u002Fstrong> lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help! I think I have been hacked!\u003C\u002Fh3>\n\u003Cp>Follow the guides from the Codex:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFAQ_My_site_was_hacked\" rel=\"nofollow ugc\">Codex: FAQ – My site was hacked\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress\" rel=\"nofollow ugc\">Codex: Hardening WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ensure that you change \u003Cstrong>all\u003C\u002Fstrong> of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine\u003Cbr \u002F>\n(either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from\u003Cbr \u002F>\na clean backup and fresh set of files and, of course, use a new set of passwords.\u003C\u002Fp>\n\u003Ch3>Updates\u003C\u002Fh3>\n\u003Cp>Updates to the plugin will be posted here, to \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002F\" rel=\"nofollow ugc\">Holy Shmoly!\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">WordPress Exploit Scanner\u003C\u002Fa> page will always link to the newest version.\u003C\u002Fp>\n\u003Ch3>Other Languages\u003C\u002Fh3>\n\u003Cp>Unfortunately for people using WordPress versions for other locales some of the file hashes may be incorrect as some strings have to be hardcoded in their translated form. Here are some file hashes for WordPress in other languagues provided separately by other members of the community:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwpbiz.jp\u002Ffiles\u002Fexploit-scanner-hashes\u002Fja\u002F\" rel=\"nofollow ugc\">Japanese\u003C\u002Fa> – thanks to Naoko\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftalkpress.de\u002Fartikel\u002Fexploit-scanner-hash-deutsch-wordpress\" rel=\"nofollow ugc\">German\u003C\u002Fa> – thanks to Robert Wetzlmayr\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The hash files should only be declaring an array called $filehashes and the majority of the hashes should still be the same.\u003C\u002Fp>\n","Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.",9000,1067302,64,40,"2017-11-28T06:49:00.000Z","4.7.32","3.3",[21,99,100,24,101],"hacking","scanner","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexploit-scanner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexploit-scanner.1.5.2.zip","2013-05-29 00:00:00",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":91,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":52,"requires_php":118,"tags":119,"homepage":121,"download_link":122,"security_score":48,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wpscan","WPScan – WordPress Security Scanner","1.16","ethicalhack3r","https:\u002F\u002Fprofiles.wordpress.org\u002Fethicalhack3r\u002F","\u003Cp>\u003Cstrong>Please note:\u003C\u002Fstrong> This plugin is no longer actively supported for non-enterprise customers. \u003Cstrong>We recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-protect\u002F\" rel=\"ugc\">Jetpack Protect\u003C\u002Fa>\u003C\u002Fstrong> – a free security plugin for WordPress that leverages the extensive database of WPScan. Jetpack Protect scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats and malware.\u003C\u002Fp>\n\u003Cp>The WPScan WordPress security plugin is unique in that it uses its own manually curated \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002F\" rel=\"nofollow ugc\">WPScan WordPress Vulnerability Database\u003C\u002Fa>. The vulnerability database has been around since 2014 and is updated on a daily basis by dedicated WordPress security specialists and the community at large. The database includes more than 21,000 known security vulnerabilities. The plugin uses this database to scan for \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fwordpresses\" rel=\"nofollow ugc\">WordPress vulnerabilities\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fplugins\" rel=\"nofollow ugc\">plugin vulnerabilities\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fthemes\" rel=\"nofollow ugc\">theme vulnerabilities\u003C\u002Fa>, and has the options to schedule automated daily scans and to send email notifications.\u003C\u002Fp>\n\u003Cp>WPScan has a Free API plan that should be suitable for most WordPress websites, however, also has paid plans for users who may need more API calls. To use the WPScan WordPress Security Plugin you will need to use a free API token by \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002F\" rel=\"nofollow ugc\">registering here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The Free plan allows 25 API requests per day. View the different available \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fapi\" rel=\"nofollow ugc\">API plans\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>How many API requests do you need?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.\u003C\u002Fli>\n\u003Cli>On average, a WordPress website has 22 installed plugins.\u003C\u002Fli>\n\u003Cli>The Free plan should cover around 50% of all WordPress websites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Checks\u003C\u002Fh4>\n\u003Cp>The WPScan WordPress Security Plugin will also check for other security issues, which do not require an API token, such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check for debug.log files\u003C\u002Fli>\n\u003Cli>Check for wp-config.php backup files\u003C\u002Fli>\n\u003Cli>Check if XML-RPC is enabled\u003C\u002Fli>\n\u003Cli>Check for code repository files\u003C\u002Fli>\n\u003Cli>Check if default secret keys are used\u003C\u002Fli>\n\u003Cli>Check for exported database files\u003C\u002Fli>\n\u003Cli>Weak passwords\u003C\u002Fli>\n\u003Cli>HTTPS enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What does the plugin do?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Scans for known WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities;\u003C\u002Fli>\n\u003Cli>Does additional security checks;\u003C\u002Fli>\n\u003Cli>Shows an icon on the Admin Toolbar with the total number of security vulnerabilities found;\u003C\u002Fli>\n\u003Cli>Notifies you by mail when new security vulnerabilities are found.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpscan.com\u002F\" rel=\"nofollow ugc\">WPScan WordPress Vulnerability Database\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fwordpress-security-scanner\" rel=\"nofollow ugc\">WPScan WordPress Security Scanner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002F_wpscan_\" rel=\"nofollow ugc\">WPScan Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","WPScan WordPress Security Scanner - Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.",266474,76,28,"2026-01-12T13:09:00.000Z","6.9.4","5.5",[21,24,56,106,120],"wpvulndb","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpscan\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpscan.1.16.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":48,"num_ratings":14,"last_updated":133,"tested_up_to":117,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":140,"download_link":141,"security_score":48,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"crowdsec","CrowdSec","2.13.1","CrowdSec - lightweight and collaborative security engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrowdsec\u002F","\u003Cp>The CrowdSec plugin proactively blocks requests coming from known attackers.\u003Cbr \u002F>\nIt does so by either directly using CrowdSec Blocklists Integration or by connecting to your CrowdSec Security Engine.\u003C\u002Fp>\n\u003Ch4>Key Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant CrowdSec Blocklist\u003C\u002Fstrong>: Quickly block known WordPress attackers in a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect and block\u003C\u002Fstrong> admin bruteforce attempts and scans of your WordPress Site.\u003C\u002Fli>\n\u003Cli>Remediation metrics: Enabling you to see the efficiency of the protection.\u003C\u002Fli>\n\u003Cli>(Console Users) Plug any of your existing Blocklist Integrations.\u003C\u002Fli>\n\u003Cli>(CrowdSec Security Engine Users) Apply decisions and subscribed blocklist of your security engine within WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Block aggressive IPs\u003C\u002Fli>\n\u003Cli>Display a captcha for less aggressive IPs\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin blocks detected attackers or displays them a captcha to check they are not bots.",2000,58196,"2026-01-09T01:11:00.000Z","4.9","7.2",[137,124,138,139,24],"captcha","hacker-protection","ip-blocker","https:\u002F\u002Fgithub.com\u002Fcrowdsecurity\u002Fcs-wordpress-bouncer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrowdsec.2.13.1.zip",{"attackSurface":143,"codeSignals":167,"taintFlows":309,"riskAssessment":524,"analyzedAt":539},{"hooks":144,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":28,"unprotectedCount":28},[145,151,155,159],{"type":146,"name":147,"callback":148,"priority":28,"file":149,"line":150},"action","init","wp_sentinel_run","wp-sentinel.php",39,{"type":146,"name":152,"callback":153,"file":149,"line":154},"admin_menu","wps_install_menu",45,{"type":146,"name":156,"callback":157,"file":149,"line":158},"admin_print_scripts","wp_sentinel_enqueue_scripts",46,{"type":146,"name":160,"callback":161,"file":149,"line":162},"admin_print_styles","wp_sentinel_enqueue_styles",47,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":186,"fileOperations":307,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":308},[],{"prepared":170,"raw":14,"locations":171},58,[172,176,179,181,184],{"file":173,"line":174,"context":175},"admin\\admin.php",313,"$wpdb->get_var() with variable interpolation",{"file":173,"line":177,"context":178},360,"$wpdb->query() with variable interpolation",{"file":173,"line":180,"context":178},378,{"file":173,"line":182,"context":183},382,"$wpdb->get_results() with variable interpolation",{"file":173,"line":185,"context":175},424,{"escaped":28,"rawEcho":187,"locations":188},72,[189,193,195,197,199,201,203,205,207,209,211,213,214,217,219,220,221,222,223,224,225,227,230,232,234,236,238,239,241,243,244,245,246,247,249,251,252,254,255,257,259,261,262,263,264,265,266,267,268,269,270,271,272,275,276,278,280,282,285,286,288,290,292,293,294,295,297,299,300,302,303,305],{"file":190,"line":191,"context":192},"admin\\details.php",49,"raw output",{"file":190,"line":194,"context":192},53,{"file":190,"line":196,"context":192},57,{"file":190,"line":198,"context":192},61,{"file":190,"line":200,"context":192},65,{"file":190,"line":202,"context":192},69,{"file":190,"line":204,"context":192},73,{"file":190,"line":206,"context":192},77,{"file":190,"line":208,"context":192},86,{"file":190,"line":210,"context":192},89,{"file":190,"line":212,"context":192},96,{"file":190,"line":48,"context":192},{"file":215,"line":216,"context":192},"admin\\ipban.php",44,{"file":218,"line":196,"context":192},"admin\\ipdetails.php",{"file":218,"line":196,"context":192},{"file":218,"line":198,"context":192},{"file":218,"line":200,"context":192},{"file":218,"line":202,"context":192},{"file":218,"line":204,"context":192},{"file":218,"line":206,"context":192},{"file":218,"line":226,"context":192},81,{"file":228,"line":229,"context":192},"admin\\views\\banned.view.php",12,{"file":228,"line":231,"context":192},25,{"file":228,"line":233,"context":192},26,{"file":228,"line":235,"context":192},27,{"file":228,"line":237,"context":192},29,{"file":228,"line":237,"context":192},{"file":228,"line":240,"context":192},32,{"file":242,"line":229,"context":192},"admin\\views\\daily.view.php",{"file":242,"line":115,"context":192},{"file":242,"line":34,"context":192},{"file":242,"line":34,"context":192},{"file":242,"line":240,"context":192},{"file":242,"line":248,"context":192},37,{"file":242,"line":250,"context":192},41,{"file":242,"line":162,"context":192},{"file":242,"line":253,"context":192},48,{"file":242,"line":191,"context":192},{"file":242,"line":256,"context":192},51,{"file":242,"line":258,"context":192},56,{"file":260,"line":229,"context":192},"admin\\views\\full.view.php",{"file":260,"line":115,"context":192},{"file":260,"line":34,"context":192},{"file":260,"line":34,"context":192},{"file":260,"line":240,"context":192},{"file":260,"line":248,"context":192},{"file":260,"line":250,"context":192},{"file":260,"line":162,"context":192},{"file":260,"line":253,"context":192},{"file":260,"line":191,"context":192},{"file":260,"line":256,"context":192},{"file":260,"line":258,"context":192},{"file":273,"line":274,"context":192},"admin\\views\\layouts.view.php",33,{"file":273,"line":187,"context":192},{"file":273,"line":277,"context":192},106,{"file":273,"line":279,"context":192},124,{"file":273,"line":281,"context":192},131,{"file":283,"line":284,"context":192},"admin\\views\\main.view.php",13,{"file":283,"line":284,"context":192},{"file":283,"line":287,"context":192},21,{"file":283,"line":289,"context":192},24,{"file":291,"line":14,"context":192},"admin\\views\\pager.view.php",{"file":291,"line":49,"context":192},{"file":291,"line":49,"context":192},{"file":291,"line":284,"context":192},{"file":291,"line":296,"context":192},14,{"file":298,"line":94,"context":192},"admin\\views\\settings.view.php",{"file":298,"line":198,"context":192},{"file":298,"line":301,"context":192},71,{"file":298,"line":226,"context":192},{"file":298,"line":304,"context":192},91,{"file":298,"line":306,"context":192},101,19,[],[310,356,367,430,448,456,469,485,509],{"entryPoint":311,"graph":312,"unsanitizedCount":14,"severity":355},"wps_admin_layouts (admin\\admin.php:446)",{"nodes":313,"edges":348},[314,319,324,328,330,334,336,340,342,346],{"id":315,"type":316,"label":317,"file":173,"line":318},"n0","source","$_POST['email_row_layout']",492,{"id":320,"type":321,"label":322,"file":173,"line":318,"wp_function":323},"n1","sink","file_put_contents() [File Write]","file_put_contents",{"id":325,"type":316,"label":326,"file":173,"line":327},"n2","$_POST['email_layout']",495,{"id":329,"type":321,"label":322,"file":173,"line":327,"wp_function":323},"n3",{"id":331,"type":316,"label":332,"file":173,"line":333},"n4","$_POST['alarm_row_layout']",498,{"id":335,"type":321,"label":322,"file":173,"line":333,"wp_function":323},"n5",{"id":337,"type":316,"label":338,"file":173,"line":339},"n6","$_POST['alarm_layout']",501,{"id":341,"type":321,"label":322,"file":173,"line":339,"wp_function":323},"n7",{"id":343,"type":316,"label":344,"file":173,"line":345},"n8","$_POST['banned_layout']",504,{"id":347,"type":321,"label":322,"file":173,"line":345,"wp_function":323},"n9",[349,351,352,353,354],{"from":315,"to":320,"sanitized":350},false,{"from":325,"to":329,"sanitized":350},{"from":331,"to":335,"sanitized":350},{"from":337,"to":341,"sanitized":350},{"from":343,"to":347,"sanitized":350},"medium",{"entryPoint":357,"graph":358,"unsanitizedCount":33,"severity":355},"wps_admin_settings (admin\\admin.php:520)",{"nodes":359,"edges":365},[360,363],{"id":315,"type":316,"label":361,"file":173,"line":362},"$_POST",588,{"id":320,"type":321,"label":322,"file":173,"line":364,"wp_function":323},593,[366],{"from":315,"to":320,"sanitized":350},{"entryPoint":368,"graph":369,"unsanitizedCount":28,"severity":429},"\u003Cadmin> (admin\\admin.php:0)",{"nodes":370,"edges":417},[371,374,378,381,383,386,388,391,395,396,397,399,401,403,405,407,409,411,413,415],{"id":315,"type":316,"label":372,"file":173,"line":373},"$_GET['delete'] (x3)",139,{"id":320,"type":321,"label":375,"file":173,"line":376,"wp_function":377},"query() [SQLi]",135,"query",{"id":325,"type":316,"label":379,"file":173,"line":380},"$_POST (x2)",159,{"id":329,"type":321,"label":375,"file":173,"line":382,"wp_function":377},163,{"id":331,"type":316,"label":384,"file":173,"line":385},"$_GET (x4)",170,{"id":335,"type":321,"label":375,"file":173,"line":387,"wp_function":377},177,{"id":337,"type":316,"label":389,"file":173,"line":390},"$_GET (x2)",308,{"id":341,"type":321,"label":392,"file":173,"line":393,"wp_function":394},"get_results() [SQLi]",320,"get_results",{"id":343,"type":316,"label":317,"file":173,"line":318},{"id":347,"type":321,"label":322,"file":173,"line":318,"wp_function":323},{"id":398,"type":316,"label":326,"file":173,"line":327},"n10",{"id":400,"type":321,"label":322,"file":173,"line":327,"wp_function":323},"n11",{"id":402,"type":316,"label":332,"file":173,"line":333},"n12",{"id":404,"type":321,"label":322,"file":173,"line":333,"wp_function":323},"n13",{"id":406,"type":316,"label":338,"file":173,"line":339},"n14",{"id":408,"type":321,"label":322,"file":173,"line":339,"wp_function":323},"n15",{"id":410,"type":316,"label":344,"file":173,"line":345},"n16",{"id":412,"type":321,"label":322,"file":173,"line":345,"wp_function":323},"n17",{"id":414,"type":316,"label":361,"file":173,"line":362},"n18",{"id":416,"type":321,"label":322,"file":173,"line":364,"wp_function":323},"n19",[418,420,421,422,423,424,425,426,427,428],{"from":315,"to":320,"sanitized":419},true,{"from":325,"to":329,"sanitized":419},{"from":331,"to":335,"sanitized":419},{"from":337,"to":341,"sanitized":419},{"from":343,"to":347,"sanitized":419},{"from":398,"to":400,"sanitized":419},{"from":402,"to":404,"sanitized":419},{"from":406,"to":408,"sanitized":419},{"from":410,"to":412,"sanitized":419},{"from":414,"to":416,"sanitized":419},"low",{"entryPoint":431,"graph":432,"unsanitizedCount":28,"severity":429},"\u003Cdetails> (admin\\details.php:0)",{"nodes":433,"edges":445},[434,436,440,442],{"id":315,"type":316,"label":435,"file":190,"line":240},"$_GET",{"id":320,"type":321,"label":437,"file":190,"line":438,"wp_function":439},"get_row() [SQLi]",34,"get_row",{"id":325,"type":316,"label":441,"file":190,"line":240},"$_GET (x12)",{"id":329,"type":321,"label":443,"file":190,"line":191,"wp_function":444},"echo() [XSS]","echo",[446,447],{"from":315,"to":320,"sanitized":419},{"from":325,"to":329,"sanitized":419},{"entryPoint":449,"graph":450,"unsanitizedCount":28,"severity":429},"\u003Cipban> (admin\\ipban.php:0)",{"nodes":451,"edges":454},[452,453],{"id":315,"type":316,"label":435,"file":215,"line":240},{"id":320,"type":321,"label":443,"file":215,"line":216,"wp_function":444},[455],{"from":315,"to":320,"sanitized":419},{"entryPoint":457,"graph":458,"unsanitizedCount":28,"severity":429},"\u003Cipdetails> (admin\\ipdetails.php:0)",{"nodes":459,"edges":466},[460,461,463,465],{"id":315,"type":316,"label":435,"file":218,"line":240},{"id":320,"type":321,"label":437,"file":218,"line":462,"wp_function":439},42,{"id":325,"type":316,"label":464,"file":218,"line":240},"$_GET (x8)",{"id":329,"type":321,"label":443,"file":218,"line":196,"wp_function":444},[467,468],{"from":315,"to":320,"sanitized":419},{"from":325,"to":329,"sanitized":419},{"entryPoint":470,"graph":471,"unsanitizedCount":81,"severity":484},"wps_admin_daily (admin\\admin.php:90)",{"nodes":472,"edges":480},[473,475,476,477,478,479],{"id":315,"type":316,"label":474,"file":173,"line":373},"$_GET['delete']",{"id":320,"type":321,"label":375,"file":173,"line":376,"wp_function":377},{"id":325,"type":316,"label":361,"file":173,"line":380},{"id":329,"type":321,"label":375,"file":173,"line":382,"wp_function":377},{"id":331,"type":316,"label":435,"file":173,"line":385},{"id":335,"type":321,"label":375,"file":173,"line":387,"wp_function":377},[481,482,483],{"from":315,"to":320,"sanitized":350},{"from":325,"to":329,"sanitized":419},{"from":331,"to":335,"sanitized":350},"high",{"entryPoint":486,"graph":487,"unsanitizedCount":508,"severity":484},"wps_admin_full (admin\\admin.php:208)",{"nodes":488,"edges":503},[489,491,493,495,497,499,501,502],{"id":315,"type":316,"label":474,"file":173,"line":490},252,{"id":320,"type":321,"label":375,"file":173,"line":492,"wp_function":377},248,{"id":325,"type":316,"label":361,"file":173,"line":494},272,{"id":329,"type":321,"label":375,"file":173,"line":496,"wp_function":377},276,{"id":331,"type":316,"label":435,"file":173,"line":498},283,{"id":335,"type":321,"label":375,"file":173,"line":500,"wp_function":377},290,{"id":337,"type":316,"label":435,"file":173,"line":390},{"id":341,"type":321,"label":392,"file":173,"line":393,"wp_function":394},[504,505,506,507],{"from":315,"to":320,"sanitized":350},{"from":325,"to":329,"sanitized":419},{"from":331,"to":335,"sanitized":350},{"from":337,"to":341,"sanitized":350},3,{"entryPoint":510,"graph":511,"unsanitizedCount":81,"severity":484},"wps_admin_banned (admin\\admin.php:335)",{"nodes":512,"edges":521},[513,515,517,519],{"id":315,"type":316,"label":474,"file":173,"line":514},369,{"id":320,"type":321,"label":375,"file":173,"line":516,"wp_function":377},364,{"id":325,"type":316,"label":435,"file":173,"line":518},420,{"id":329,"type":321,"label":392,"file":173,"line":520,"wp_function":394},431,[522,523],{"from":315,"to":320,"sanitized":350},{"from":325,"to":329,"sanitized":350},{"summary":525,"deductions":526},"The wp-sentinel v2.0.3 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and crucially, none of these entry points are unprotected. Furthermore, the plugin has no known CVEs in its history, indicating a generally stable and secure past.  However, significant concerns arise from the static analysis.  A substantial percentage of SQL queries (8%) are not using prepared statements, which could lead to SQL injection vulnerabilities.  More critically, 0% of output escaping is properly done, meaning any dynamic content displayed by the plugin is vulnerable to cross-site scripting (XSS) attacks. The taint analysis reveals 5 flows with unsanitized paths, with 3 identified as high severity. This, combined with the lack of nonce checks, suggests potential for various injection attacks if these unsanitized paths are reachable through user input.",[527,529,531,533,536],{"reason":528,"points":229},"High severity unsanitized taint flows (3)",{"reason":530,"points":49},"Unsanitized paths in taint flows (5)",{"reason":532,"points":14},"SQL queries without prepared statements (8%)",{"reason":534,"points":535},"No output escaping",10,{"reason":537,"points":538},"No nonce checks",7,"2026-03-16T21:41:37.152Z",{"wat":541,"direct":551},{"assetPaths":542,"generatorPatterns":545,"scriptPaths":546,"versionParams":550},[543,544],"\u002Fwp-content\u002Fplugins\u002Fwp-sentinel\u002Fadmin\u002Fcss\u002Ffacebox.css","\u002Fwp-content\u002Fplugins\u002Fwp-sentinel\u002Fadmin\u002Fcss\u002Ftooltip.css",[],[547,548,549],"\u002Fwp-content\u002Fplugins\u002Fwp-sentinel\u002Fadmin\u002Fjs\u002Ffacebox.js","\u002Fwp-content\u002Fplugins\u002Fwp-sentinel\u002Fadmin\u002Fjs\u002Ffacebox-start.js","\u002Fwp-content\u002Fplugins\u002Fwp-sentinel\u002Fadmin\u002Fjs\u002Ftooltip.js",[],{"cssClasses":552,"htmlComments":553,"htmlAttributes":555,"restEndpoints":557,"jsGlobals":558,"shortcodeOutput":561},[],[554],"\u003C!-- WP-Sentinel - Wordpress Security System . -->",[556],"data-toggle=\"tooltip\"",[],[559,560],"facebox","tooltip",[]]