The following new vulnerability checks has been added to WPScans.com: Custom Permalinks <= 1.1 – Authenticated SQL Injection Custom Permalinks <= 1.1 – Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.66 – Cross-Site Scripting (XSS) WP Fastest Cache <= 0.8.7.4 – Blind SQL Injection WooCommerce <= 3.2.3 – Authenticated PHP Object Injection Ninja Forms <= 3.2.13 – Cross-Site Scripting (XSS) Swape Theme – Authentication Bypass and Stored XSS flickrRSS <= 5.3.1 – XSS and CSRF Instagram Feed <= 1.5.1 – Cross-Site Scripting (XSS) Run your free scan at WPScans.com >

WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at wpscans.com

You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:

The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – Backdoored Pinfinity Theme <= 1.9.2 – Reflected Cross-site Scripting (XSS) SmokeSignal <= 1.2.6 – Authenticated Stored XSS WP Like Post <= 1.5.2 – Authenticated SQL Injection SQL Shortcode <= 1.1 – Authenticated SQL Execution WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection Responsive Image Gallery, Gallery Album <= 1.2.0 – Authenticated SQL Injection VaultPress 1.89-1.9 – Unauthenticated RCE Content Audit <= 1.9.1 – Cross-Site Scripting (XSS)[…]

The following six new WordPress plugin vulnerability checks has been added to WPScans: AddToAny Share Buttons <= 1.7.14 – Conditional Host Header Injection Link-Library <= 5.9.13.26 – Authenticated SQL Injection I Recommend This <= v3.7.7 – Authenticated SQL Injection wordpress-gallery- transformation 1.0 – Blind SQL Injection rk-responsive-contact-form 1.0 – Authenticated Blind SQL Injection Event Espresso Lite <= 3.1.37.11.L – Authenticates Blind SQL Injection Run your free scan at https://wpscans.com