rodriguezjorgex / wpvulnerability Goto Github PK

=== WPVulnerability ===
Contributors: javiercasares, davidperez, lbonomo
Tags: security, vulnerability, site-health
Requires at least: 4.1
Tested up to: 6.4
Stable tag: 2.2.1
Requires PHP: 5.6
Version: 2.2.1
License: EUPL v1.2
License URI: https://www.eupl.eu/1.2/en/

Display vulnerabilities in WordPress core, plugins, and themes using information from the [WordPress Vulnerability Database API](https://vulnerability.wpsysadmin.com/).

== Description ==

This plugin, with the free and unlimited [WordPress Vulnerability Database API](https://vulnerability.wpsysadmin.com/), allows to analyze all published vulnerabilities directly from your WordPress.

* The current version of your WordPress will be checked.
* All the plugins you have, whether from the repository, external or premium, will be checked.
* All the themes you have, whether from the repository, external or premium, will be checked.

In case there is any documented vulnerability, you can visit the Site Heath of your WordPress and find the vulnerability information. You may find that your plugin or theme has a vulnerability, and it is as simple as upgrading to an updated version; it will inform you if the plugin/theme is no longer available for download or does not have a patch.

In settings you will have the options to send notification periodically for your installation. You can select between every day or weekly basis.

= WP-CLI =

And then, You will find these wpcli commands:

* `wp wpvulnerability --help`
* `wp wpvulnerability core`
* `wp wpvulnerability plugins`
* `wp wpvulnerability themes`

= Data reliability =

The information provided by the information database comes from different sources that have been reviewed by third parties. There is no liability of any kind for the information. Act at your own risk.

== Installation ==

= Automatic download =

Visit the plugin section in your WordPress, search for [wpvulnerability]; download and install the plugin.

= Manual download =

Extract the contents of the ZIP and upload the contents to the `/wp-content/plugins/wpvulnerability/` directory. Once uploaded, it will appear in your plugin list.

== Frequently Asked Questions ==

= Where does the vulnerability information come from? =

The origin is in the WPVulnerability.com API. The vulnerabilities that appear in this API come from different sources, such as CVEs.

= Is data from my site sent anywhere? =

No. Never. Your privacy is very important to us. We do not commercialize with your data.

= What vulnerabilities will I find? =

Vulnerabilities in WordPress core, plugins and themes are documented.

= What do I do if my site has a vulnerability? =

First of all, peace of mind. Investigate what the vulnerability is and, above all, check that you have the latest version of the compromised element. We actively recommend that you keep all your WordPress and its plugins up to date.

== Screenshots ==

1. WP-Admin Dashboard widget.
2. Vulnerability list at Site Health.
3. Vulnerability list at Plugins list.

== Security ==

This plugin adheres to the following security measures and review protocols for each version:

* [WordPress Plugin Handbook](https://developer.wordpress.org/plugins/)
* [WordPress Plugin Security](https://developer.wordpress.org/plugins/wordpress-org/plugin-security/)
* [WordPress APIs Security](https://developer.wordpress.org/apis/security/)
* [WordPress Coding Standards](https://github.com/WordPress/WordPress-Coding-Standards)

== Privacy ==

* This plugin or the WordPress Vulnerability Database API does not collect any information about your site, your identity, the plugins, themes or content the site has.

== Profiling ==

* Homepage: 0.001s
* Sample page: 0.001s
* WordPress Dashboard: 0.004s
* WordPress Updates: 0.006s
* WordPress Plugins: 0.006s
* WordPress Site Health: 0.005s

== Vulnerabilities ==

* No vulnerabilities have been published up to version 2.2.1.

Found a security vulnerability? Please report it to us privately at the [WPVulnerability GitHub repository](https://github.com/javiercasares/wpvulnerability/security/advisories/new).

== Compatibility ==

= 2.2.1 =

* WordPress: 4.1 - 6.4
* PHP: 5.6 - 8.3
* WPCS: 3.0.1
* WP-CLI: 2.3 - 2.8.1

= 2.2.0 =

* WordPress: 4.1 - 6.3
* PHP: 5.6 - 8.3
* WPCS: 3.0.0
* WP-CLI: 2.3 - 2.8

= 2.1.0 =

* WordPress: 4.1 - 6.3
* PHP: 5.6 - 8.3
* WPCS: 3.0.0
* WP-CLI: 2.3 - 2.7

= 2.0.3 =

* WordPress: 4.1 - 6.3
* PHP: 5.6 - 8.3
* WP-CLI: 2.3 - 2.7

== Contributors ==

You can contribute to this plugin at the [WPVulnerability GitHub repository](https://github.com/javiercasares/wpvulnerability).

== Changelog ==

= 2.2.1 =

* New security information (at WordPress.org plugin page).
* New privacy information (at WordPress.org plugin page).
* New compatibility information (at WordPress.org plugin page).
* New vulnerabilities information (at WordPress.org plugin page).
* New profiling information (at WordPress.org plugin page).

* Promoted dashboard.
* Performance improvement: only load the plugin in the admin area.

* Compatibility: WordPress 4.1 - WordPress 6.4.
* Compatibility: PHP 5.6 - PHP 8.3.
* Compatibility: WordPress Coding Standards 3.0.1.
* Compatibility: WP-CLI 2.3 - WP-CLI 2.8.1.

= 2.2.0 =

* New Dashboard, with a Vulnerability summary and products affected.

* Compatibility: WordPress 4.1 - WordPress 6.3.
* Compatibility: PHP 5.6 - PHP 8.3.
* Compatibility: WordPress Coding Standards 3.0.0.
* Compatibility: WP-CLI 2.3 - WP-CLI 2.8.

= 2.1.0 =

* Improved detection of plugins folders. This shpould reduce the false positives in some plugins, and Pro/Premium plugins.

* Compatibility: WordPress 4.1 - WordPress 6.3.
* Compatibility: PHP 5.6 - PHP 8.3.
* Compatibility: WordPress Coding Standards 3.0.0.
* Compatibility: WP-CLI 2.3 - WP-CLI 2.7.

= 2.0.4 =

* WordPress Coding Standards 3.0.0 compatible.

= 2.0.3 =

* Validate secure requests to the API.
* Reduce API timeout request time from 10.0 seconds to 2.5 seconds.

* Compatibility: WordPress 4.1 - WordPress 6.3.
* Compatibility: PHP 5.6 - PHP 8.3.