You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:

The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – Backdoored Pinfinity Theme <= 1.9.2 – Reflected Cross-site Scripting (XSS) SmokeSignal <= 1.2.6 – Authenticated Stored XSS WP Like Post <= 1.5.2 – Authenticated SQL Injection SQL Shortcode <= 1.1 – Authenticated SQL Execution WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection Responsive Image Gallery, Gallery Album <= 1.2.0 – Authenticated SQL Injection VaultPress 1.89-1.9 – Unauthenticated RCE Content Audit <= 1.9.1 – Cross-Site Scripting (XSS)[…]

The following six new WordPress plugin vulnerability checks has been added to WPScans: AddToAny Share Buttons <= 1.7.14 – Conditional Host Header Injection Link-Library <= 5.9.13.26 – Authenticated SQL Injection I Recommend This <= v3.7.7 – Authenticated SQL Injection wordpress-gallery- transformation 1.0 – Blind SQL Injection rk-responsive-contact-form 1.0 – Authenticated Blind SQL Injection Event Espresso Lite <= 3.1.37.11.L – Authenticates Blind SQL Injection Run your free scan at https://wpscans.com