We have implemented a small Christmas surprise into Nimbusec, it is now able to alert vulnerable WordPress Plugins that are installed on a site.
Since vulnerable plugins are the most common way how WordPress sites are compromised, it is essential for the security of a WordPress site to keep them up to date. Updating the WordPress core version is not enough to be safe. Nimbusec can now help you to identify domains with outdated and vulnerable WordPress Plugins.
To be able to detect installed WordPress Plugins we enhanced the processing of the Nimbusec Server Agent result that is sent to us. So all who use the Nimbusec Server Agent will automatically benefit from the new feature.
Because there are tens of thousands of different WordPress Plugins, it is not possible to detect all of them. Our database of plugin vulnerabilities gets filled step by step with the latest critical vulnerabilities that are discovered and used in attack campaigns against websites. For example, recently added vulnerabilities are those used in campaigns against the GDPR Compliance and the AMP plugins.
As time progresses, this creates a comprehensive database of Wordpress Plugin vulnerabilities.