Slack Incoming Webhook Notifications

From today all Enterprise users have access to Slack Incoming Webhook Notifications functionality.

The new notifications allow Enterprise users to set a Slack Incoming Webhook URL within their profile page that will send a Slack notification with the vulnerability title and URL every time a new vulnerability is added to our database.

More

Ultimate Membership Pro Premium WordPress Plugin Recent Vulnerabilities Breakdown

While checking fixes of critical issues in a premium plugin, we stumbled across an insufficient filename entropy where the PHP function time() was used to generate a part of the md5 hashed string to form the filename. These files generally contain sensitive data, such as log, PII etc and as it’s not the first we see such a mistake, we though it would be a good idea to make a post out of it.More

February 2020 Monthly Vulnerability Roundup

WordPress Plugin Vulnerabilities

More

New Description and PoC fields in API

From today we have two new fields output in our API for enterprise users, the description and poc fields.

We have been displaying this data on the wpvulndb.com website since almost the beginning of the project, but excluded the data from the API due to concerns of the extra bandwidth costs.

We have had a number of users request the data be output within the API over the years, and quite a few recently.

More

Paid Vulnerability Email Alerts

On March 2nd 2020 we will be introducing paid vulnerability email alerts for instant and daily emails.

Traditionally we have been giving these away free of charge to our users, but the number of subscribers has increased steadily over the years and they are starting to become a significant monthly cost to us.

More

January 2020 Monthly Vulnerability Roundup

WordPress Plugin Vulnerabilities

More

New WPVulnDB Webhooks

We have just launched a new feature on our WordPress Vulnerability Database that will allow Enterprise API users to configure a Webhook that will be triggered every time a new vulnerability is added to our database.

This has been a much requested feature by our Enterprise users and we are happy to be able to supply a solution.

More

Old WPScan Deprecation on February 1st

We released WPScan 3.7.0 on September 13th 2019, which uses the WPVulnDB API to fetch vulnerability data in real time. On February 1st 2020, we will be deprecating the use of older versions of WPScan, prior to version 3.7.0.

Anyone using WPScan that is at a version lesser than 3.7.0 will have to update to at least version 3.7.0, or above, before February 1st 2020.

More