WPVulnerability

WordPress Vulnerability Database API

WPVulnerability plugin changelog

[4.0.3] – 2024-10-28

  • Recreation of the 4.0.2 version. Something did not create the 4.0.2 version.

[4.0.2] – 2024-10-25

Fixed

  • ImageMagick: it crashes in some cases where the hosting does not have ImageMagick.

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.4
  • WP-CLI: 2.3.0 – 2.11.0

Tests

  • PHP Coding Standards: 3.10.3
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.1.0
  • SonarCloud Code Review

[4.0.0] – 2024-10-01

Added

  • ImageMagic vulnerabilities (Site Health + WP-CLI + API + mail).
  • curl vulnerabilities (Site Health + WP-CLI + API + mail).
  • memcached vulnerabilities (Site Health + WP-CLI + API + mail).
  • Redis vulnerabilities (Site Health + WP-CLI + API + mail).
  • SQLite vulnerabilities (Site Health + WP-CLI + API + mail).

Fixed

  • Test email without email.
  • Improved MariaDB 11.x detection.
  • Improved versions detection (major-minor.patch-build).
  • WordPress < 5.3: use of wp_date().
  • WordPress < 5.0: locale detection.
  • Dashboard widget only for users with capabilities.
  • WordPress < 5.2: link to Site Health

Changed

  • Big refactory.
  • Less files, less size, improved code quality.

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.4
  • WP-CLI: 2.3.0 – 2.11.0

Tests

  • Manual Testing:
    • WordPress 6.7 / PHP 8.4
    • WordPress 6.6 / PHP 8.3
    • WordPress 6.4 / PHP 8.2
    • WordPress 6.1 / PHP 8.1
    • WordPress 5.8 / PHP 8.0
    • WordPress 5.5 / PHP 7.4
    • WordPress 5.3 / PHP 7.3
    • WordPress 4.9 / PHP 7.2
    • WordPress 4.8 / PHP 7.1
    • WordPress 4.6 / PHP 7.0
    • WordPress 4.1 / PHP 5.6
  • PHP Coding Standards: 3.10.3
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.1.0
  • SonarCloud Code Review

[3.4.0] – 2024-08-16

Added

  • New checks for MariaDB vulnerabilities.
  • New checks for MySQL vulnerabilities.
  • WPVulnerability statistics in the configuration page.
  • WPVulnerability contributors in the configuration page.

Changed

  • Code improvement.
  • Better UI for the configuration page.
  • Web server version detection improved.

Fixed

  • Get the statistics information the right way.

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.3
  • WP-CLI: 2.3.0 – 2.11.0

Tests

  • PHP Coding Standards: 3.10.2
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.0.2
  • SonarCloud Code Review

[3.3.5] – 2024-08-14

Added

  • Add counters for Core, Plugins, and Themes.
  • Add a Vulnerabilities filter in the Plugin list (WordPress and WordPress Multisite).
  • Add a Vulnerabilities filter in the Themes list (WordPress Multisite).

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.3
  • WP-CLI: 2.3.0 – 2.11.0

Tests

  • PHP Coding Standards: 3.10.2
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.0.2
  • SonarCloud Code Review

[3.3.4] – 2024-08-12

Fixed

  • The “Last updated on” column in the plugin list is available again.

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.3
  • WP-CLI: 2.3.0 – 2.10.0

Tests

  • PHP Coding Standards: 3.10.2
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.0.2
  • SonarCloud Code Review

[3.3.3] – 2024-08-05

Fixed

  • The Dashboard panel is availbale, again.

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.3
  • WP-CLI: 2.3.0 – 2.10.0

Tests

  • PHP Coding Standards: 3.10.2
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.0.2
  • SonarCloud Code Review

[3.3.1] – 2024-08-02

Fixed

  • Delete the wp_is_rest_endpoint check. Does not need it.

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.3
  • WP-CLI: 2.3.0 – 2.10.0

Tests

  • PHP Coding Standards: 3.10.2
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.0.2
  • SonarCloud Code Review

[3.3.0] – 2024-08-02

Added

  • Ability to exclude of vulnerability types at a global level.
  • WP-CLI commands formats (–format=[table,json]).
  • REST API endpoints (requires Application Password).

Changed

  • README file.

Compatibility

  • WordPress: 4.1 – 6.7
  • PHP: 5.6 – 8.3
  • WP-CLI: 2.3.0 – 2.10.0

Tests

  • PHP Coding Standards: 3.10.2
  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.0.2
  • SonarCloud Code Review

[3.2.2] – 2024-07-27

Added

  • Ability to configure a different From: email address for sending vulnerability notifications via wp-config.php.

Changed

  • The URL for the website now uses its own domain name.
  • Dashboard visibility is restricted to users with specific capabilities, similar to Site Health.

Fixed

  • Various minor fixes to prevent warnings and potential errors due to misconfigured WordPress setups.
  • Allow loading of some necessary libraries.

Compatibility

  • WordPress: 4.1 – 6.6
  • PHP: 5.6 – 8.3
  • WP-CLI: 2.3.0 – 2.10.0

Tests

  • WordPress Coding Standards: 3.1.0
  • Plugin Check (PCP): 1.0.2
  • SonarCloud Code Review

[3.2.0] – 2024-05-08

Added

  • Apache HTTPD vulnerabilities (Site Health).
  • nginx vulnerabilities (Site Health).

Changed

  • License updated to GPL 2.0 or later.

Compatibility

  • WordPress 4.1 – WordPress 6.6.
  • PHP 5.6 – PHP 8.3.
  • WordPress Coding Standards 3.1.0.
  • WP-CLI 2.3.0 – WP-CLI 2.10.0.
  • Plugin Check (PCP)

[3.1.2] – 2024-05-08

Fixed

  • In some cases (when calling it directly, or wget), the cron was not working and gave an error.
  • The license had a non-compliance ID. Now, same license but working.
  • General improvements.

Changed

  • The URL from the API is using its own domain name.

Compatibility

  • WordPress 4.1 – WordPress 6.6.
  • PHP 5.6 – PHP 8.3.
  • WordPress Coding Standards 3.1.0.
  • WP-CLI 2.3.0 – WP-CLI 2.10.0.
  • Plugin Check (PCP)

[3.1.1] – 2024-02-11

Fixed

  • Fixes some possible PHP warnings when retrieving data from the API.
  • Delete old schedules when unistalling the plugin.
  • Fix how is printed the High severity.

Deleted

  • The plugin will not show the Exploitability information.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.5.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.1.
  • Compatibility: WP-CLI 2.3.0 – WP-CLI 2.10.0.

[3.1.0] – 2024-02-04

Added

  • A new column in the plugin list, with the last updated day (and diff).
  • A notice if the plugin is closed in the WordPress.org repo.

Fixed

  • Fixes the schedule in some cases.
  • Fixes the PHP format (using always the n.n / n.n.n format).

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.5.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.1.
  • Compatibility: WP-CLI 2.3.0 – WP-CLI 2.9.0.

[3.0.2] – 2024-01-27

Fixed

  • Fixes the WordPress Multisite saving options.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.5.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.1.
  • Compatibility: WP-CLI 2.3.0 – WP-CLI 2.9.0.

[3.0.1] – 2023-12-19

Fixed

  • Test email with the actual vulnerabilities (or a test message), now forced when the button is clicked.
  • Fixed some strings (thanks @alexclassroom).
  • WordPress Coding Standards 3.0.1 up-to-date.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.4.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.1.
  • Compatibility: WP-CLI 2.3.0 – WP-CLI 2.9.0.

[3.0.0] – 2023-12-09

Added

  • WordPress Multisite support.
  • PHP vulnerabilities (Site Health).
  • Reload the data from source.
  • Test email with the actual vulnerabilities.

Changed

  • Loading the data in better way.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.4.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.1.
  • Compatibility: WP-CLI 2.3 – WP-CLI 2.9.0.

[2.2.1] – 2023-10-02

Added

  • New security information (at WordPress.org plugin page).
  • New privacy information (at WordPress.org plugin page).
  • New compatibility information (at WordPress.org plugin page).
  • New vulnerabilities information (at WordPress.org plugin page).
  • New profiling information (at WordPress.org plugin page).

Changed

  • Promoted dashboard.
  • Performance improvement: only load the plugin in the admin area.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.4.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.1.
  • Compatibility: WP-CLI 2.3 – WP-CLI 2.8.1.

[2.2.0] – 2023-09-14

Added

  • New Dashboard, with a Vulnerability summary and products affected.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.3.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.0.
  • Compatibility: WP-CLI 2.3 – WP-CLI 2.8.

[2.1.0] – 2023-09-11

Changed

  • Improved detection of plugins folders. This shpould reduce the false positives in some plugins, and Pro/Premium plugins.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.3.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.0.
  • Compatibility: WP-CLI 2.3 – WP-CLI 2.7.

[2.0.4] – 2023-09-10

Compatibility

  • WordPress Coding Standards 3.0.0 compatible.

[2.0.3] – 2023-07-27

Added

  • Validate secure requests to the API.

Changed

  • Reduce API timeout request time from 10.0 seconds to 2.5 seconds.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.3.
  • Compatibility: PHP 5.6 – PHP 8.3.

[2.0.2] – 2023-04-24

Fixed

  • Fix the Notification system.

[2.0.1] – 2023-04-20

Added

  • Added new options to cache the vulnerability counter.

Changed

  • Update the readme.txt.

Fixed

  • Fix the Site Health messages.

[2.0.0] – 2023-04-15

Added

  • If the WordPress version supports it, vulnerabilities are displayed in the Core update screen.
  • Calls can be made from WP-CLI wp help wpvulnerability to list vulnerabilities in Core wp wpvulnerability core, Plugins wp wpvulnerability plugins and Themes wp wpvulnerability themes. Before only Plugins.
  • Site Health shows core vulnerabilities, which were not previously shown.

Changed

  • The plugin has been completely refactored.

Compatibility

  • Compatibility: WordPress 4.1 – WordPress 6.2
  • Compatibility: PHP 5.6 – PHP 8.2
  • Compatibility: WP-CLI 2.3 – 2.7

[1.3.2] – 2023-03-22

Changed

  • Code security improvements

Fixed

  • Fix some PHP errors

[1.3.2] – 2023-03-22

Changed

  • Code security improvements

Fixed

  • Fix some PHP errors

[1.3.1] – 2023-02-27

Changed

  • Code security improvements
  • Fix the Severity value
  • A better Site Health information

Compatibility

  • Compatibility: WordPress 5.2 – WordPress 6.2
  • Compatibility: PHP 7.2 – PHP 8.1

[1.3.0] – 2023-02-27

Added

  • Information, when available, about the vulnerability, in a simplified way. Only in the plugin list.
  • Information, when available, about the potential severity and exploitability. Only in the plugin list.
  • Links to sources to get additional information. Only in the plugin list.

Changed

  • Improved security in code.

[1.2.4] – 2023-02-20

Compatibility

  • Compatibility: WordPress 5.2 – WordPress 6.2
  • Compatibility: PHP 7.2 – PHP 8.1

[1.2.3] – 2023-01-30

Fixed

  • Fix WP_Error object.

[1.2.2] – 2023-01-30

Fixed

  • Fix WP_Error object.

[1.2.1] – 2023-01-09

Fixed

  • Some fixed to improve the operators.

[1.2.0] – 2022-12-15

Added

  • Sends email periodically. You can choose who is going to receive the emails.
  • First approach to WPCLI Commands (thanks to @lbonomo).

[1.1.0] – 2022-05-18

Fixed

  • Fix: Prevents text domain not given correctly.
  • Fix: strings not translated.

[1.0.1] – 2022-05-17

Fixed

  • Fix: strings not translated.

[1.0.0] – 2022-05-16

Added

  • Added tabs in Health check.

[0.2.0] – 2022-05-07

Added

  • Improved the information in plugins list.

[0.1.0] – 2022-05-06

Added

  • Notification in the plugins list.
  • First release.