-
WPScan 4.0.0: We’re Back
WPScan 4.0.0 is here. We read through years of community issues. We addressed every major complaint. 75+ open issues → 0. Explicit scan control. Authentication‑based enumeration. Real‑time streaming. Consolidated codebase. This is WPScan shaped by what you asked for. You Control What Gets Scanned The #1 complaint: WPScan scanned plugins automatically, burning API requests and time you didn’t want…
-
Unauthorized Plugin Installation/Activation in Hunk Companion
This report highlights a vulnerability in the Hunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.org repository. This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution…
-
Identifying Traffic from Shell Finder Bots
A shell finder is a type of reconnaissance tool that is used by threat actors to identify websites that have already been compromised and contain backdoor shells. A backdoor shell is a form of malware that is added by a threat actor after gaining unauthorized access to a website. The purpose of a backdoor shell is…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
WPScan 