Plugin Vulnerabilities
Item media 1 screenshot

Overview

Adds warning message to WordPress Plugin Directory pages when plugins are from developer we have released security advisories for.

One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing their plugins and others get them properly secured when alerted they haven’t done that, while other plugin developers either are unable or unwilling to properly secure their plugins. With the latter group, among the issues we have seen, are developers who have introduced new serious vulnerabilities that are substantially similar to vulnerabilities that they know have been exploited in their plugins. In situations where we become aware of developers who have shown that inability or unwillingness to properly secure their plugin, we are releasing advisories to warn customers of our service and the wider WordPress community of the risk of utilizing those developers' plugins. This extension adds a notice on the pages of the WordPress Plugin Directory for the plugins from those developers.

5 out of 51 rating

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

TroneSep 14, 2022

This extension just displayed a warning on a plugin page in the WordPress repository -- which is exactly what it's supposed to do. A link was included for more information. Thanks to the devs for making this available! If possible, it would be great if you could make similar warnings appear when we find plugins in our dashboards, before installation. That would save us from needing to check the repository page for warnings.

Replier's profile picture

White Fir DesignDeveloperSep 29, 2022

You can see these warnings in the WordPress admin area with the free companion WordPress plugin for our service. Having the extension show warnings in the WordPress admin area would require the extension to have access to all websites instead of only wordpress.org, which would introduce additional security risk.

Details

  • Version
    1.0.32
  • Updated
    January 8, 2024
  • Offered by
    White Fir Design
  • Size
    9.98KiB
  • Languages
    English (United States)
  • Developer
    Email
    extensions@whitefirdesign.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Related

Evil Console

0.0(0)

Enhance your console... in a terrible, terrible way.

Admin tools

5.0(1)

Whois, Port checker, Reverse IP

Cyber Web Tools

1.0(5)

Chrome extension to analysis your website security. It provides various tools to find web security loopholes.

YesWeHack VDP Finder

5.0(2)

This extension tells if visited sites have vulnerability disclosure programs

Vulners Web Scanner

4.5(19)

Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet!

Bishop Vulnerability Scanner

3.8(12)

Search websites for git repos, exposed config files, and more as you browse.

Hack-Tools

4.7(19)

The all in one Red team extension for web pentester

Breakbot

3.8(5)

Quickly add disruptive unicode, naughty strings, and more to your clipboard.

Input hidden Monitor

0.0(0)

Monitoring of Hidden inputs

should-i-trust

0.0(0)

OSINT tool to evaluate the trustworthiness of a company

OWASP Penetration Testing Kit

4.9(42)

OWASP Penetration Testing Kit

Tracy

4.0(2)

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

Evil Console

0.0(0)

Enhance your console... in a terrible, terrible way.

Admin tools

5.0(1)

Whois, Port checker, Reverse IP

Cyber Web Tools

1.0(5)

Chrome extension to analysis your website security. It provides various tools to find web security loopholes.

YesWeHack VDP Finder

5.0(2)

This extension tells if visited sites have vulnerability disclosure programs

Vulners Web Scanner

4.5(19)

Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet!

Bishop Vulnerability Scanner

3.8(12)

Search websites for git repos, exposed config files, and more as you browse.

Hack-Tools

4.7(19)

The all in one Red team extension for web pentester

Breakbot

3.8(5)

Quickly add disruptive unicode, naughty strings, and more to your clipboard.

Google apps