├── .github
    └── workflows
    │   └── amplify.yml
├── .wordpress-org
    ├── banner-1544x500.png
    ├── banner-772x250.png
    ├── icon-128x128.png
    ├── icon-256x256.png
    ├── screenshot-1.png
    ├── screenshot-2.png
    └── screenshot-3.png
├── assets
    ├── admin.css
    ├── banner-1544x500.png
    ├── banner-772x250.png
    ├── icon-128x128.png
    ├── icon-256x256.png
    ├── icon-apache.svg
    ├── icon-curl.svg
    ├── icon-imagemagick.svg
    ├── icon-mariadb.svg
    ├── icon-memcached.svg
    ├── icon-mysql.svg
    ├── icon-nginx.svg
    ├── icon-php.svg
    ├── icon-plugin.svg
    ├── icon-redis.svg
    ├── icon-sqlite.svg
    ├── icon-theme.svg
    ├── icon-wordpress.svg
    ├── logo16.png
    ├── logo512.png
    ├── logo64.png
    ├── screenshot-1.png
    ├── screenshot-2.png
    └── screenshot-3.png
├── changelog.txt
├── languages
    └── wpvulnerability.pot
├── readme.txt
├── wpvulnerability-admin.php
├── wpvulnerability-adminms.php
├── wpvulnerability-api.php
├── wpvulnerability-cli.php
├── wpvulnerability-core.php
├── wpvulnerability-general.php
├── wpvulnerability-notifications.php
├── wpvulnerability-plugins.php
├── wpvulnerability-process.php
├── wpvulnerability-run.php
├── wpvulnerability-schedule.php
├── wpvulnerability-sitehealth.php
├── wpvulnerability-software.php
├── wpvulnerability-themes.php
└── wpvulnerability.php


/.github/workflows/amplify.yml:
--------------------------------------------------------------------------------
 1 | 
 2 |     name: Amplify Security
 3 |     on:
 4 |         pull_request: {}
 5 |         workflow_dispatch: {}
 6 |         push:
 7 |             branches: ["master", "main"]
 8 | 
 9 |     permissions:
10 |         contents: read
11 |         id-token: write
12 | 
13 |     jobs:
14 |         amplify-security-scan:
15 |             name: Amplify Security Scan
16 |             runs-on: ubuntu-latest
17 |             if: (github.actor != 'dependabot[bot]')
18 |             steps:
19 |                 - name: Checkout
20 |                   uses: actions/checkout@v4
21 |                 - name: Amplify Runner
22 |                   uses: amplify-security/runner-action@v0.1.0
23 | 


--------------------------------------------------------------------------------
/.wordpress-org/banner-1544x500.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/.wordpress-org/banner-1544x500.png


--------------------------------------------------------------------------------
/.wordpress-org/banner-772x250.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/.wordpress-org/banner-772x250.png


--------------------------------------------------------------------------------
/.wordpress-org/icon-128x128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/.wordpress-org/icon-128x128.png


--------------------------------------------------------------------------------
/.wordpress-org/icon-256x256.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/.wordpress-org/icon-256x256.png


--------------------------------------------------------------------------------
/.wordpress-org/screenshot-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/.wordpress-org/screenshot-1.png


--------------------------------------------------------------------------------
/.wordpress-org/screenshot-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/.wordpress-org/screenshot-2.png


--------------------------------------------------------------------------------
/.wordpress-org/screenshot-3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/.wordpress-org/screenshot-3.png


--------------------------------------------------------------------------------
/assets/admin.css:
--------------------------------------------------------------------------------
 1 | :root {
 2 | 	--red-dark: #b32d2e;
 3 | 	--red-mediun: #D54E21;
 4 | 	--red-light: #FAEDE8;
 5 | }
 6 | .blink {
 7 | 	animation: blinker 2s linear infinite;
 8 | }
 9 | @keyframes blinker {
10 | 	50% {
11 | 		opacity: 0;
12 | 	}
13 | }
14 | 
15 | /* Admin plugins table styles */
16 | 
17 | .plugins-php .vulnerability {
18 | 	background-color: var(--red-mediun);
19 | 	padding: 4px;
20 | }
21 | .plugins-php .vulnerability .alert {
22 | 	color: white;
23 | }
24 | .plugins tr.wpvulnerability td, .plugins tr.wpvulnerability.active td {
25 | 	background-color: var(--red-light);
26 | }
27 | .plugins tr.wpvulnerability:before {
28 | 	background-color: var(--red-light);
29 | 	content: "";
30 | 	display: table-cell;
31 | }
32 | .plugins tr.wpvulnerability.active::before {
33 | 	border-left: 4px solid var( --red-mediun );
34 | }
35 | .plugins tr.wpvulnerability p.text-red, .plugins tr.wpvulnerability.active p.text-red {
36 | 	color: var(--red-mediun)
37 | }
38 | 
39 | /* Admin core table styles */
40 | 
41 | .update-core-php table.wpvulnerability td {
42 | 	background-color: var(--red-light);
43 | }
44 | .update-core-php table.wpvulnerability tr:before {
45 | 	background-color: var(--red-light);
46 | 	content: "";
47 | 	display: table-cell;
48 | }
49 | .update-core-php table.wpvulnerability tr.active::before {
50 | 	border-left: 4px solid var( --red-mediun );
51 | }
52 | .update-core-php p.text-red {
53 | 	color: var(--red-mediun)
54 | }
55 | 
56 | /* Configuration header */
57 | 
58 | .wpvulnerability-header {
59 | 	background-color: #1d73be;
60 | 	margin-left: -20px;
61 | 	padding: 20px;
62 | 	display: flex;
63 | 	justify-content: space-between;
64 | 	color: white;
65 | }
66 | .wpvulnerability-header .logo {
67 | 	min-width: 20%;
68 | }
69 | .wpvulnerability-header h2 {
70 | 	float: right;
71 | 	color: white;
72 | 	padding: 25px 0 0 0;
73 | 	margin: 0;
74 | }
75 | 
76 | /* Configuration flex */
77 | 
78 | .wpvulnerability-container {
79 | 		display: flex;
80 | 		flex-direction: row;
81 | 		gap: 20px;
82 | }
83 | 
84 | .wpvulnerability-column {
85 | 		flex: 1;
86 | }
87 | 
88 | /* Diseño móvil */
89 | @media (max-width: 1280px) {
90 | 		.wpvulnerability-container {
91 | 				flex-direction: column;
92 | 		}
93 | }
94 | 


--------------------------------------------------------------------------------
/assets/banner-1544x500.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/banner-1544x500.png


--------------------------------------------------------------------------------
/assets/banner-772x250.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/banner-772x250.png


--------------------------------------------------------------------------------
/assets/icon-128x128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/icon-128x128.png


--------------------------------------------------------------------------------
/assets/icon-256x256.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/icon-256x256.png


--------------------------------------------------------------------------------
/assets/icon-apache.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
3 | <svg width="800px" height="800px" viewBox="0 0 32 32" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="a" x1="-5602.682" y1="768.541" x2="-5598.727" y2="763.917" gradientTransform="matrix(0.423, -0.906, -0.906, -0.423, 3082.853, -4748.551)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#f69923"/><stop offset="0.312" stop-color="#f79a23"/><stop offset="0.838" stop-color="#e97826"/></linearGradient><linearGradient id="b" x1="-5631.952" y1="769.052" x2="-5603.737" y2="769.052" gradientTransform="matrix(0.423, -0.906, -0.906, -0.423, 3082.853, -4748.551)" gradientUnits="userSpaceOnUse"><stop offset="0.323" stop-color="#9e2064"/><stop offset="0.63" stop-color="#c92037"/><stop offset="0.751" stop-color="#cd2335"/><stop offset="1" stop-color="#e97826"/></linearGradient><linearGradient id="c" x1="-5628.546" y1="766.221" x2="-5611.733" y2="766.221" gradientTransform="matrix(0.423, -0.906, -0.906, -0.423, 3082.853, -4748.551)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#282662"/><stop offset="0.095" stop-color="#662e8d"/><stop offset="0.788" stop-color="#9f2064"/><stop offset="0.949" stop-color="#cd2032"/></linearGradient><linearGradient id="d" x1="-5630.367" y1="769.316" x2="-5602.152" y2="769.316" xlink:href="#b"/><linearGradient id="e" x1="-5628.31" y1="768.933" x2="-5613.482" y2="768.933" xlink:href="#c"/><linearGradient id="f" x1="-5630.367" y1="766.394" x2="-5602.152" y2="766.394" xlink:href="#b"/><linearGradient id="g" x1="-5632.118" y1="766.539" x2="-5603.902" y2="766.539" xlink:href="#b"/><linearGradient id="h" x1="-5630.367" y1="765.526" x2="-5602.152" y2="765.526" xlink:href="#b"/><linearGradient id="i" x1="-5630.367" y1="765.625" x2="-5602.152" y2="765.625" xlink:href="#b"/><linearGradient id="j" x1="-5614.516" y1="765.645" x2="-5608.28" y2="765.645" xlink:href="#b"/></defs><title>file_type_apache</title><path d="M19.993,2.133a10.267,10.267,0,0,0-2.04,2.056l.8,1.51a19.733,19.733,0,0,1,1.708-2.144c.044-.049.068-.072.068-.072l-.068.072a17.865,17.865,0,0,0-1.6,2.174,30.1,30.1,0,0,0,3.111-.385,3.288,3.288,0,0,0-.3-2.5S20.9,1.6,19.993,2.133Z" style="fill:url(#a)"/><path d="M18.638,10.749l.018,0-.115.013-.021.009Z" style="fill:none"/><path d="M17.821,13.455c-.066.015-.132.026-.2.036C17.689,13.481,17.756,13.469,17.821,13.455Z" style="fill:none"/><path d="M12.27,19.524c.009-.023.017-.045.025-.068q.264-.7.523-1.357.291-.741.575-1.436.3-.733.59-1.418.305-.718.6-1.384.24-.542.474-1.049.078-.169.155-.335.153-.329.3-.645.138-.291.274-.57c.03-.062.06-.123.09-.185l.015-.03-.1.011-.078-.154c-.007.015-.015.03-.023.045q-.211.418-.417.845-.119.246-.238.495-.328.689-.645,1.389T13.766,15.1q-.3.7-.594,1.4t-.567,1.387q-.289.72-.562,1.426-.062.159-.123.318-.219.569-.426,1.124l.123.243.11-.012.012-.033Q12.008,20.216,12.27,19.524Z" style="fill:none"/><path d="M17.57,13.5Z" style="fill:none"/><path d="M17.305,14.818l-.315.055h0l.161-.025C17.2,14.839,17.253,14.829,17.305,14.818Z" style="fill:#be202e"/><path d="M17.305,14.818l-.315.055h0l.161-.025C17.2,14.839,17.253,14.829,17.305,14.818Z" style="fill:#be202e;opacity:0.3499999940395355;isolation:isolate"/><path d="M17.573,13.5h0l.05-.007c.068-.01.135-.022.2-.036l-.248.042Z" style="fill:#be202e"/><path d="M17.573,13.5h0l.05-.007c.068-.01.135-.022.2-.036l-.248.042Z" style="fill:#be202e;opacity:0.3499999940395355;isolation:isolate"/><path d="M16.394,9.6q.365-.682.739-1.332.388-.674.784-1.305l.046-.075q.392-.62.79-1.191l-.8-1.51-.182.225c-.231.288-.47.6-.716.925-.277.37-.562.764-.851,1.179-.267.383-.538.784-.809,1.2-.231.353-.462.717-.692,1.09l-.026.042L15.718,10.9Q16.052,10.244,16.394,9.6Z" style="fill:url(#b)"/><path d="M11.651,21.192q-.207.568-.415,1.159l-.006.017-.059.167c-.093.266-.175.5-.361,1.049a2.107,2.107,0,0,1,.786.926,1.68,1.68,0,0,0-.544-1.154,3.621,3.621,0,0,0,3.489-1.42,2.791,2.791,0,0,0,.165-.313,1.451,1.451,0,0,1-1.4.513l0,0,0,0a4.059,4.059,0,0,0,2.046-1.672c.111-.178.218-.372.328-.587a3.3,3.3,0,0,1-3.109,1.01l-.842.092C11.7,21.05,11.677,21.121,11.651,21.192Z" style="fill:url(#c)"/><path d="M12.044,19.306q.273-.706.562-1.426.276-.69.567-1.387t.594-1.4q.308-.711.629-1.419t.645-1.389q.118-.248.238-.495.207-.426.417-.845c.007-.015.015-.03.023-.045L14.677,8.847l-.051.083c-.242.4-.484.8-.721,1.216s-.475.844-.7,1.276q-.291.547-.568,1.1l-.11.225c-.227.467-.432.918-.617,1.352q-.315.737-.556,1.406c-.107.293-.2.576-.292.847-.073.232-.142.464-.208.7q-.234.818-.4,1.631L11.5,20.748q.208-.554.426-1.124Z" style="fill:url(#d)"/><path d="M10.435,18.755a16.07,16.07,0,0,0-.272,1.974c0,.023,0,.046-.005.069a4.15,4.15,0,0,0-1.2-1.029,5.825,5.825,0,0,1,1.172,2.693,2.642,2.642,0,0,1-1.325-.226,2.662,2.662,0,0,0,1.13.686,3.247,3.247,0,0,0-1.571.783,3.359,3.359,0,0,1,1.861-.342C9.51,25.389,8.793,27.626,8.076,30a.625.625,0,0,0,.425-.413c.128-.43.976-3.251,2.306-6.959l.115-.318.032-.089q.211-.583.437-1.19l.1-.277,0-.005L10.45,18.684C10.445,18.707,10.439,18.731,10.435,18.755Z" style="fill:url(#e)"/><path d="M15.88,11.078l-.09.185q-.135.279-.274.57-.15.315-.3.645c-.052.111-.1.222-.155.335q-.234.508-.474,1.049-.3.666-.6,1.384-.291.685-.59,1.418-.284.7-.575,1.436-.259.661-.523,1.357c-.009.023-.017.045-.025.068q-.262.693-.529,1.422l-.012.033.842-.092-.05-.009a6,6,0,0,0,3.21-1.807,7.984,7.984,0,0,0,1.1-1.524,13.139,13.139,0,0,0,.706-1.467c.195-.472.382-.982.562-1.536a3.053,3.053,0,0,1-.788.274c-.051.011-.1.021-.156.03s-.107.018-.161.025h0a3.668,3.668,0,0,0,1.962-1.913,3.344,3.344,0,0,1-1.13.495c-.066.015-.132.026-.2.036l-.05.007h0a3.821,3.821,0,0,0,.839-.469c.051-.038.1-.078.148-.12.073-.063.142-.129.208-.2.042-.044.083-.09.123-.138a3.27,3.27,0,0,0,.263-.362c.025-.04.05-.08.074-.122.031-.06.061-.119.09-.178.131-.264.236-.5.319-.706.042-.1.078-.2.109-.288.013-.035.025-.07.036-.1.033-.1.06-.187.081-.265a2.605,2.605,0,0,0,.062-.275h0a1.01,1.01,0,0,1-.109.075,3.965,3.965,0,0,1-1.162.4l.773-.085-.773.085-.018,0-.119.019.021-.009-2.645.29Z" style="fill:url(#f)"/><path d="M18.858,5.73c-.235.361-.492.771-.768,1.236l-.044.074q-.358.6-.759,1.327-.346.626-.719,1.347-.326.629-.672,1.336l2.645-.29A3.216,3.216,0,0,0,19.99,9.62c.089-.128.178-.262.267-.4.272-.424.538-.891.776-1.355a14.074,14.074,0,0,0,.588-1.294,6.8,6.8,0,0,0,.233-.7c.048-.184.086-.358.115-.524A30.152,30.152,0,0,1,18.858,5.73Z" style="fill:url(#g)"/><path d="M17.149,14.848c-.053.009-.107.018-.161.025h0C17.042,14.866,17.1,14.857,17.149,14.848Z" style="fill:#be202e"/><path d="M17.149,14.848c-.053.009-.107.018-.161.025h0C17.042,14.866,17.1,14.857,17.149,14.848Z" style="fill:#be202e;opacity:0.3499999940395355;isolation:isolate"/><path d="M17.149,14.848c-.053.009-.107.018-.161.025h0C17.042,14.866,17.1,14.857,17.149,14.848Z" style="fill:url(#h)"/><path d="M17.57,13.5l.05-.007-.05.007Z" style="fill:#be202e"/><path d="M17.57,13.5l.05-.007-.05.007Z" style="fill:#be202e;opacity:0.3499999940395355;isolation:isolate"/><path d="M17.57,13.5l.05-.007-.05.007Z" style="fill:url(#i)"/><path d="M17.572,13.5h0Z" style="fill:#be202e"/><path d="M17.572,13.5h0Z" style="fill:#be202e;opacity:0.3499999940395355;isolation:isolate"/><path d="M17.572,13.5h0Z" style="fill:url(#j)"/></svg>


--------------------------------------------------------------------------------
/assets/icon-curl.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
2 | <svg fill="#000000" width="800px" height="800px" viewBox="0 0 24 24" role="img" xmlns="http://www.w3.org/2000/svg"><path d="M.803 14.817a.966.966 0 1 1 1.933 0 .966.966 0 0 1-1.933 0m2.736 0c0-.196-.053-.376-.112-.553-.234-.702-.876-1.216-1.657-1.216-.125 0-.235.046-.353.07C.615 13.286 0 13.965 0 14.817a1.77 1.77 0 0 0 3.539 0m-1.77-7.149a.967.967 0 1 1 0 1.934.967.967 0 0 1 0-1.934m0 2.736a1.77 1.77 0 0 0 1.77-1.77c0-.195-.053-.376-.112-.552-.234-.702-.877-1.217-1.657-1.217-.125 0-.235.047-.353.072C.615 7.104 0 7.782 0 8.634c0 .977.792 1.77 1.77 1.77M14.99 4.71a.966.966 0 0 1-.966-.967.966.966 0 0 1 .967-.966.966.966 0 1 1 0 1.933m-9.6 16.513a.967.967 0 0 1 0-1.933.966.966 0 0 1 .966.967.966.966 0 0 1-.966.966m9.6-19.249a1.77 1.77 0 0 0-1.77 1.77c0 .208.053.402.119.588L5.039 18.558c-.803.168-1.418.846-1.418 1.699a1.77 1.77 0 0 0 3.539 0 1.74 1.74 0 0 0-.111-.553l8.343-14.273c.778-.186 1.368-.853 1.368-1.688a1.77 1.77 0 0 0-1.77-1.769m7.24 2.736a.966.966 0 0 1-.966-.967.966.966 0 0 1 .967-.966.966.966 0 1 1 0 1.933m-9.6 16.513a.966.966 0 0 1-.966-.967.966.966 0 0 1 .966-.966.966.966 0 0 1 0 1.933m9.6-19.249a1.77 1.77 0 0 0-1.77 1.77c0 .208.053.402.119.588l-8.301 14.226c-.802.168-1.417.846-1.417 1.699a1.77 1.77 0 0 0 3.538 0c0-.197-.053-.376-.111-.553l8.343-14.273C23.409 5.245 24 4.578 24 3.743a1.77 1.77 0 0 0-1.77-1.769"/></svg>


--------------------------------------------------------------------------------
/assets/icon-mariadb.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
2 | <svg width="800px" height="800px" viewBox="0 0 32 32" xmlns="http://www.w3.org/2000/svg"><title>file_type_mariadb</title><path d="M29.386,6.7c-.433.014-.3.139-1.231.369a18.911,18.911,0,0,0-3.114.588c-3.035,1.273-3.644,5.624-6.4,7.182-2.063,1.165-4.143,1.258-6.014,1.844a11,11,0,0,0-3.688,2.136c-.865.745-.887,1.4-1.791,2.336-.966,1-3.841.017-5.143,1.547.42.424.6.543,1.431.433-.171.325-1.18.6-.983,1.075.208.5,2.648.843,4.866-.5,1.033-.624,1.856-1.523,3.465-1.737a26.674,26.674,0,0,1,6.89.526,10.738,10.738,0,0,1-1.65,2.623c-.178.192.357.213.968.1a9.644,9.644,0,0,0,2.72-.973c1.019-.593,1.173-2.114,2.423-2.443a2.8,2.8,0,0,0,3.766.467c-1.031-.292-1.316-2.487-.968-3.455.33-.916.656-2.381.988-3.591.357-1.3.488-2.939.92-3.6a8.517,8.517,0,0,1,1.99-1.9A2.792,2.792,0,0,0,30,7.336c-.006-.414-.22-.645-.614-.632Z" style="fill:#002b64"/><path d="M2.9,24.122a6.216,6.216,0,0,0,3.809-.55,34.319,34.319,0,0,1,3.4-1.842c1.872-.6,3.924,0,5.925.121a8.616,8.616,0,0,0,1.449-.022c.745-.458.73-2.172,1.455-2.329a8.263,8.263,0,0,1-2.038,5.24,5.835,5.835,0,0,0,4.351-3.319,12.259,12.259,0,0,0,.7-1.63c.311.239.135.965.291,1.358,1.5-.834,2.353-2.736,2.921-4.66.656-2.227.925-4.481,1.349-5.14A5.608,5.608,0,0,1,28.142,9.9,2.625,2.625,0,0,0,29.507,8.05c-.7-.065-.866-.228-.97-.582a2.1,2.1,0,0,1-1.042.252c-.317.01-.666,0-1.092.039-3.523.362-3.971,4.245-6.229,6.447a5.3,5.3,0,0,1-.53.45,11.107,11.107,0,0,1-2.653,1.352c-1.444.552-2.817.591-4.172,1.067A12.5,12.5,0,0,0,10,18.49c-.2.14-.4.283-.574.428a5.62,5.62,0,0,0-1.1,1.275,8.473,8.473,0,0,1-1.079,1.389c-.749.735-3.546.214-4.531.9a.8.8,0,0,0-.256.276c.537.244.9.094,1.514.163.081.587-1.275.935-1.075,1.205Z" style="fill:#c49a6c"/><path d="M25.231,9.216a.832.832,0,0,0,1.358-.776C25.814,8.375,25.365,8.638,25.231,9.216Z" style="fill:#002b64"/><path d="M28.708,8.209a2.594,2.594,0,0,0-.387,1.345c0,.122-.092.2-.094.017a2.649,2.649,0,0,1,.385-1.385C28.7,8.026,28.757,8.092,28.708,8.209Z" style="fill:#002b64"/><path d="M28.574,8.1a3.2,3.2,0,0,0-.6,1.455c-.012.121-.11.2-.095.009a3.263,3.263,0,0,1,.6-1.495C28.585,7.921,28.634,7.992,28.574,8.1Z" style="fill:#002b64"/><path d="M28.453,7.965a3.785,3.785,0,0,0-.88,1.531c-.022.119-.126.186-.1,0a3.928,3.928,0,0,1,.885-1.57C28.479,7.784,28.521,7.859,28.453,7.965Z" style="fill:#002b64"/><path d="M28.344,7.81A5.223,5.223,0,0,0,27.223,9.45c-.039.115-.151.167-.095-.012A5.193,5.193,0,0,1,28.26,7.76c.135-.126.167-.045.084.051Z" style="fill:#002b64"/></svg>


--------------------------------------------------------------------------------
/assets/icon-memcached.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
 3 | <svg width="800px" height="800px" viewBox="0 0 254 254" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
 4 |     <defs>
 5 |         <linearGradient x1="50.0000061%" y1="100%" x2="50.0000061%" y2="-3.50000005e-06%" id="linearGradient-1">
 6 |             <stop stop-color="#574C4A" offset="0%">
 7 | 
</stop>
 8 |             <stop stop-color="#80716D" offset="100%">
 9 | 
</stop>
10 |         </linearGradient>
11 |         <linearGradient x1="88.778214%" y1="98.3421257%" x2="30.1494986%" y2="-8.67989994%" id="linearGradient-2">
12 |             <stop stop-color="#268D83" offset="0%">
13 | 
</stop>
14 |             <stop stop-color="#2EA19E" offset="100%">
15 | 
</stop>
16 |         </linearGradient>
17 |         <radialGradient cx="41.4063333%" cy="42.7083333%" fx="41.4063333%" fy="42.7083333%" r="50%" id="radialGradient-3">
18 |             <stop stop-color="#DB7C7C" offset="0%">
19 | 
</stop>
20 |             <stop stop-color="#C83737" offset="100%">
21 | 
</stop>
22 |         </radialGradient>
23 |         <radialGradient cx="44.2708333%" cy="42.7083333%" fx="44.2708333%" fy="42.7083333%" r="50%" id="radialGradient-4">
24 |             <stop stop-color="#DB7C7C" offset="0%">
25 | 
</stop>
26 |             <stop stop-color="#C83737" offset="100%">
27 | 
</stop>
28 |         </radialGradient>
29 |     </defs>
30 |         <g>
31 |             <path d="M0,171.18976 L0,82.1710911 C0,10.2714062 10.2607175,2.63917525e-05 82.0863208,2.63917525e-05 L171.274821,2.63917525e-05 C243.10016,2.63917525e-05 253.360825,10.2714062 253.360825,82.1710911 L253.360825,171.18976 C253.360825,243.089471 243.10016,253.360851 171.274821,253.360851 L82.0863208,253.360851 C10.2607175,253.360851 0,243.089471 0,171.18976 L0,171.18976 Z" fill="url(#linearGradient-1)">
32 | 
</path>
33 |             <g transform="translate(45.789223, 47.097648)">
34 |                 <path d="M8.89120419,0.65492176 C-3.56241993,79.582765 2.95305984,153.479665 2.95305984,153.479665 L41.880895,153.479665 C38.1768996,133.776247 24.8889953,43.7562511 35.9427507,43.4590456 C41.8666989,44.3993442 68.9324415,119.83018 68.9324415,119.83018 C68.9324415,119.83018 74.8930954,119.087912 80.8912044,119.087912 C86.8893135,119.087912 92.8499674,119.83018 92.8499674,119.83018 C92.8499674,119.83018 119.915713,44.3993363 125.839658,43.4590456 C136.893437,43.75623 123.605496,133.776271 119.901514,153.479665 L158.829349,153.479665 C158.829349,153.479665 165.344826,79.5827413 152.891205,0.65492176 L116.849967,0.65492176 C109.98997,0.736057926 83.8902893,46.510592 80.8912044,46.510592 C77.8921196,46.510592 51.7924391,0.736057926 44.9324414,0.65492176 L8.89120419,0.65492176 L8.89120419,0.65492176 Z" fill="url(#linearGradient-2)">
35 | 
</path>
36 |                 <path d="M73.2135967,144.266563 C73.2135967,149.354829 69.0887422,153.479684 64.0004764,153.479684 C58.9122105,153.479684 54.787356,149.354829 54.787356,144.266563 C54.787356,139.178297 58.9122105,135.053443 64.0004764,135.053443 C69.0887422,135.053443 73.2135967,139.178297 73.2135967,144.266563 L73.2135967,144.266563 Z" fill="url(#radialGradient-3)">
37 | 
</path>
38 |                 <path d="M106.995038,144.266563 C106.995038,149.354829 102.870184,153.479684 97.7819178,153.479684 C92.6936519,153.479684 88.5687974,149.354829 88.5687974,144.266563 C88.5687974,139.178297 92.6936519,135.053443 97.7819178,135.053443 C102.870184,135.053443 106.995038,139.178297 106.995038,144.266563 L106.995038,144.266563 Z" fill="url(#radialGradient-4)">
39 | 
</path>
40 |                 <path d="M151.056318,3.26419253 C156.674191,41.2901292 157.992284,77.7849008 157.888889,104.969467 C157.783132,132.775271 156.190174,150.840489 156.190174,150.840489 L123.423113,150.840489 L119.901514,153.479665 L158.829349,153.479665 C158.829349,153.479665 165.344826,79.5827413 152.891205,0.65492176 L151.056318,3.26419253 Z M47.9015136,2.3044063 C58.1279219,13.6798033 75.8152734,43.8714168 78.2520292,43.8714168 C71.7678052,35.5785712 55.8405197,9.12270769 47.9015136,2.3044063 L47.9015136,2.3044063 Z M33.3035754,40.8198704 C22.2498279,41.1170864 35.5377376,131.137064 39.2417198,150.840489 L5.25962777,150.840489 L2.95305984,153.479665 L41.880895,153.479665 C38.1956695,133.876095 25.0246515,44.6553996 35.7778022,43.4590456 C34.7764595,41.9551776 33.9115992,40.9163797 33.3035754,40.8198704 L33.3035754,40.8198704 Z M123.200483,40.8198704 C117.276537,41.760161 90.2107921,117.191005 90.2107921,117.191005 C90.2107921,117.191005 84.2501382,116.448737 78.2520292,116.448737 C74.7030589,116.448737 71.6477332,116.667419 69.5816681,116.859946 L68.9324415,119.83018 C68.9324415,119.83018 74.8930954,119.087912 80.8912044,119.087912 C86.8893135,119.087912 92.8499674,119.83018 92.8499674,119.83018 C92.8499674,119.83018 119.711897,44.8941711 125.757184,43.4590456 C125.105764,41.8088881 124.300927,40.8494661 123.200483,40.8198704 L123.200483,40.8198704 Z" opacity="0.1" fill="#000000">
41 | 
</path>
42 |                 <path d="M8.89120419,0.65492176 C-3.56241993,79.582765 2.95305984,153.479665 2.95305984,153.479665 L5.24520996,150.903267 C4.07228657,133.468944 0.938595837,70.4220715 11.5303795,3.29409703 L47.5716167,3.29409703 C48.3351222,3.30307022 49.3589005,3.9286181 50.5406889,4.94358157 C48.1807489,2.31848894 46.218691,0.670133967 44.9324414,0.65492176 L8.89120419,0.65492176 Z M116.849967,0.65492176 C109.98997,0.736050008 83.8902893,46.510592 80.8912044,46.510592 C82.1142247,48.0747415 83.1074387,49.1497673 83.5303797,49.1497673 C86.5294646,49.1497673 112.629145,3.37517249 119.489143,3.29409703 L151.294812,3.29409703 L152.891205,0.65492176 L116.849967,0.65492176 Z M38.4169775,46.0982209 C47.171655,59.2464627 68.9324415,119.83018 68.9324415,119.83018 L69.5691795,116.875985 C64.1965312,102.143884 43.725214,46.9145996 38.5819259,46.0982209 C38.5259095,46.0997279 38.4717483,46.092127 38.4169775,46.0982209 L38.4169775,46.0982209 Z M128.478833,46.0982209 C134.351057,61.0754455 123.235098,135.74661 119.901514,153.479665 L123.432825,150.723373 C127.940463,124.276958 138.794686,46.375651 128.478833,46.0982209 L128.478833,46.0982209 Z" opacity="0.3" fill="#FFFFFF">
43 | 
</path>
44 |             </g>
45 |         </g>
46 | </svg>


--------------------------------------------------------------------------------
/assets/icon-mysql.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
2 | <svg width="800px" height="800px" viewBox="-18.458 -22.75 191.151 191.151" xmlns="http://www.w3.org/2000/svg"><path d="M-18.458 6.58h191.151v132.49H-18.458V6.58z" fill="none"/><path d="M40.054 113.583h-5.175c-.183-8.735-.687-16.947-1.511-24.642h-.046l-7.879 24.642h-3.94l-7.832-24.642h-.045c-.581 7.388-.947 15.602-1.099 24.642H7.81c.304-10.993 1.068-21.299 2.289-30.919h6.414l7.465 22.719h.046l7.511-22.719h6.137c1.344 11.268 2.138 21.575 2.382 30.919M62.497 90.771c-2.107 11.434-4.887 19.742-8.337 24.928-2.688 3.992-5.633 5.99-8.84 5.99-.855 0-1.91-.258-3.16-.77v-2.757c.611.088 1.328.138 2.152.138 1.498 0 2.702-.412 3.62-1.238 1.098-1.006 1.647-2.137 1.647-3.388 0-.858-.428-2.612-1.282-5.268L42.618 90.77h5.084l4.076 13.19c.916 2.995 1.298 5.086 1.145 6.277 2.229-5.953 3.786-12.444 4.673-19.468h4.901v.002z" fill="#5d87a1"/><path d="M131.382 113.583h-14.7V82.664h4.945v27.113h9.755v3.806zM112.834 114.33l-5.684-2.805c.504-.414.986-.862 1.42-1.381 2.416-2.838 3.621-7.035 3.621-12.594 0-10.229-4.014-15.346-12.045-15.346-3.938 0-7.01 1.298-9.207 3.895-2.414 2.84-3.619 7.022-3.619 12.551 0 5.435 1.068 9.422 3.205 11.951 1.955 2.291 4.902 3.438 8.843 3.438 1.47 0 2.819-.18 4.048-.543l7.4 4.308 2.018-3.474zm-18.413-6.934c-1.252-2.014-1.878-5.248-1.878-9.707 0-7.785 2.365-11.682 7.1-11.682 2.475 0 4.289.932 5.449 2.792 1.25 2.017 1.879 5.222 1.879 9.619 0 7.849-2.367 11.774-7.099 11.774-2.476.001-4.29-.928-5.451-2.796M85.165 105.013c0 2.622-.962 4.773-2.884 6.458-1.924 1.678-4.504 2.519-7.737 2.519-3.024 0-5.956-.966-8.794-2.888l1.329-2.655c2.442 1.223 4.653 1.831 6.638 1.831 1.863 0 3.319-.413 4.375-1.232 1.055-.822 1.684-1.975 1.684-3.433 0-1.837-1.281-3.407-3.631-4.722-2.167-1.19-6.501-3.678-6.501-3.678-2.349-1.712-3.525-3.55-3.525-6.578 0-2.506.877-4.529 2.632-6.068 1.757-1.545 4.024-2.315 6.803-2.315 2.87 0 5.479.769 7.829 2.291l-1.192 2.656c-2.01-.854-3.994-1.281-5.951-1.281-1.585 0-2.809.381-3.66 1.146-.858.762-1.387 1.737-1.387 2.933 0 1.828 1.308 3.418 3.722 4.759 2.196 1.192 6.638 3.723 6.638 3.723 2.409 1.709 3.612 3.53 3.612 6.534" fill="#f8981d"/><path d="M137.59 72.308c-2.99-.076-5.305.225-7.248 1.047-.561.224-1.453.224-1.531.933.303.3.338.784.601 1.198.448.747 1.229 1.752 1.942 2.276.783.6 1.569 1.194 2.393 1.717 1.453.899 3.1 1.422 4.516 2.318.825.521 1.645 1.195 2.471 1.756.406.299.666.784 1.193.971v-.114c-.264-.336-.339-.822-.598-1.196l-1.122-1.082c-1.084-1.456-2.431-2.727-3.884-3.771-1.196-.824-3.812-1.944-4.297-3.322l-.076-.076c.822-.077 1.797-.375 2.578-.604 1.271-.335 2.43-.259 3.734-.594.6-.15 1.195-.338 1.797-.523v-.337c-.676-.673-1.158-1.567-1.869-2.203-1.902-1.643-3.998-3.25-6.164-4.595-1.16-.749-2.652-1.231-3.887-1.868-.445-.225-1.195-.336-1.457-.71-.67-.822-1.047-1.904-1.533-2.877-1.08-2.053-2.129-4.331-3.061-6.502-.674-1.456-1.084-2.91-1.906-4.257-3.85-6.35-8.031-10.196-14.457-13.971-1.381-.786-3.024-1.121-4.779-1.533l-2.803-.148c-.598-.262-1.197-.973-1.719-1.309-2.132-1.344-7.621-4.257-9.189-.411-1.01 2.431 1.494 4.821 2.354 6.054.635.856 1.458 1.83 1.902 2.802.263.635.337 1.309.6 1.98.598 1.644 1.157 3.473 1.943 5.007.41.782.857 1.604 1.381 2.312.3.414.822.597.936 1.272-.521.744-.562 1.867-.861 2.801-1.344 4.221-.819 9.45 1.086 12.552.596.934 2.018 2.99 3.92 2.202 1.684-.672 1.311-2.801 1.795-4.668.111-.451.038-.747.262-1.043v.073c.521 1.045 1.047 2.052 1.53 3.1 1.159 1.829 3.177 3.735 4.858 5.002.895.676 1.604 1.832 2.725 2.245V74.1h-.074c-.227-.335-.559-.485-.857-.745-.674-.673-1.42-1.495-1.943-2.241-1.566-2.093-2.952-4.41-4.182-6.801-.602-1.16-1.121-2.428-1.606-3.586-.226-.447-.226-1.121-.601-1.346-.562.821-1.381 1.532-1.791 2.538-.711 1.609-.785 3.588-1.049 5.646l-.147.072c-1.19-.299-1.604-1.53-2.056-2.575-1.119-2.654-1.307-6.914-.336-9.976.26-.783 1.385-3.249.936-3.995-.225-.715-.973-1.122-1.383-1.685-.482-.708-1.01-1.604-1.346-2.39-.896-2.091-1.347-4.408-2.312-6.498-.451-.974-1.234-1.982-1.868-2.879-.712-1.008-1.495-1.718-2.058-2.913-.186-.411-.447-1.083-.148-1.53.073-.3.225-.412.523-.487.484-.409 1.867.111 2.352.336 1.385.56 2.543 1.083 3.699 1.867.523.375 1.084 1.085 1.755 1.272h.786c1.193.26 2.538.072 3.661.41 1.979.636 3.772 1.569 5.38 2.576 4.893 3.103 8.928 7.512 11.652 12.778.447.858.637 1.644 1.045 2.539.787 1.832 1.76 3.7 2.541 5.493.785 1.755 1.533 3.547 2.654 5.005.559.784 2.805 1.195 3.812 1.606.745.335 1.905.633 2.577 1.044 1.271.783 2.537 1.682 3.732 2.543.595.448 2.465 1.382 2.576 2.13M99.484 39.844a5.82 5.82 0 0 0-1.529.188v.075h.072c.301.597.824 1.011 1.197 1.532.301.599.562 1.193.857 1.791l.072-.074c.527-.373.789-.971.789-1.868-.227-.264-.262-.522-.451-.784-.22-.374-.705-.56-1.007-.86" fill="#5d87a1"/><path d="M141.148 113.578h.774v-3.788h-1.161l-.947 2.585-1.029-2.585h-1.118v3.788h.731v-2.882h.041l1.078 2.882h.557l1.074-2.882v2.882zm-6.235 0h.819v-3.146h1.072v-.643h-3.008v.643h1.115l.002 3.146z" fill="#f8981d"/></svg>


--------------------------------------------------------------------------------
/assets/icon-nginx.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
3 | <svg width="800px" height="800px" viewBox="0 0 32 32" xmlns="http://www.w3.org/2000/svg"><title>file_type_nginx</title><path d="M15.948,2h.065a10.418,10.418,0,0,1,.972.528Q22.414,5.65,27.843,8.774a.792.792,0,0,1,.414.788c-.008,4.389,0,8.777-.005,13.164a.813.813,0,0,1-.356.507q-5.773,3.324-11.547,6.644a.587.587,0,0,1-.657.037Q9.912,26.6,4.143,23.274a.7.7,0,0,1-.4-.666q0-6.582,0-13.163a.693.693,0,0,1,.387-.67Q9.552,5.657,14.974,2.535c.322-.184.638-.379.974-.535" style="fill:#019639"/><path d="M8.767,10.538q0,5.429,0,10.859a1.509,1.509,0,0,0,.427,1.087,1.647,1.647,0,0,0,2.06.206,1.564,1.564,0,0,0,.685-1.293c0-2.62-.005-5.24,0-7.86q3.583,4.29,7.181,8.568a2.833,2.833,0,0,0,2.6.782,1.561,1.561,0,0,0,1.251-1.371q.008-5.541,0-11.081a1.582,1.582,0,0,0-3.152,0c0,2.662-.016,5.321,0,7.982-2.346-2.766-4.663-5.556-7-8.332A2.817,2.817,0,0,0,10.17,9.033,1.579,1.579,0,0,0,8.767,10.538Z" style="fill:#fff"/></svg>


--------------------------------------------------------------------------------
/assets/icon-php.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
3 | <svg width="800px" height="800px" viewBox="0 0 32 32" xmlns="http://www.w3.org/2000/svg"><title>file_type_php3</title><path d="M7.6,13.791a2.352,2.352,0,0,1,1.745.483,1.916,1.916,0,0,1,.207,1.66,2.78,2.78,0,0,1-.918,1.748,3.375,3.375,0,0,1-2.07.529h-1.4L6.024,13.8ZM2,22.677H4.3l.545-2.8H6.812A7.049,7.049,0,0,0,8.956,19.6a4.06,4.06,0,0,0,1.53-.918A4.585,4.585,0,0,0,11.93,16.1a3.288,3.288,0,0,0-.55-2.922A3.671,3.671,0,0,0,8.47,12.129H4.057Z" style="fill:#8993be"/><path d="M13.617,9.323H15.9l-.553,2.8h2.031a3.956,3.956,0,0,1,2.645.669,2.213,2.213,0,0,1,.436,2.167l-.954,4.909H17.195l.908-4.667a1.267,1.267,0,0,0-.114-1.086,1.6,1.6,0,0,0-1.144-.286H15.022l-1.175,6.044H11.559Z" style="fill:#8993be"/><path d="M25.539,13.791a2.352,2.352,0,0,1,1.745.483,1.916,1.916,0,0,1,.207,1.66,2.78,2.78,0,0,1-.918,1.748,3.375,3.375,0,0,1-2.074.529H23.1l.858-4.416Zm-5.6,8.886h2.3l.545-2.8h1.968A7.049,7.049,0,0,0,26.9,19.6a4.06,4.06,0,0,0,1.53-.918A4.585,4.585,0,0,0,29.869,16.1a3.288,3.288,0,0,0-.55-2.922,3.671,3.671,0,0,0-2.909-1.046h-4.42Z" style="fill:#8993be"/></svg>


--------------------------------------------------------------------------------
/assets/icon-plugin.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="windows-1252"?>
 2 | <!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
 3 | <svg height="800px" width="800px" version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 512 512" xml:space="preserve">
 4 | <path style="fill:#B8C9D9;" d="M139.13,150.261V33.391C139.13,14.978,154.109,0,172.522,0s33.391,14.978,33.391,33.391v116.87  H139.13z"/>
 5 | <path style="fill:#9EACBA;" d="M306.087,150.261V33.391C306.087,14.978,321.065,0,339.478,0s33.391,14.978,33.391,33.391v116.87  H306.087z"/>
 6 | <path style="fill:#576573;" d="M256.017,512c-9.223,0-16.696-7.473-16.696-16.696v-66.783c0-9.223,7.473-16.696,16.696-16.696  c9.223,0,16.696,7.473,16.696,16.696v66.783C272.712,504.527,265.239,512,256.017,512z"/>
 7 | <path style="fill:#485566;" d="M272.712,495.304v-66.783c0-9.223-7.473-16.696-16.696-16.696V512  C265.239,512,272.712,504.527,272.712,495.304z"/>
 8 | <path style="fill:#576573;" d="M306.087,445.217H205.913c-27.619,0-50.087-22.468-50.087-50.087v-33.391  c0-9.223,7.473-16.696,16.696-16.696h166.957c9.223,0,16.696,7.473,16.696,16.696v33.391  C356.174,422.749,333.706,445.217,306.087,445.217z"/>
 9 | <path style="fill:#485566;" d="M256.017,445.217h50.07c27.619,0,50.087-22.468,50.087-50.087v-33.391  c0-9.223-7.473-16.696-16.696-16.696h-83.462V445.217z"/>
10 | <path style="fill:#FFD15D;" d="M339.478,378.435H172.522c-46.032,0-83.478-37.446-83.478-83.478V150.261  c0-9.223,7.473-16.696,16.696-16.696h300.522c9.223,0,16.696,7.473,16.696,16.696v144.696  C422.957,340.989,385.51,378.435,339.478,378.435z"/>
11 | <path style="fill:#F9B54C;" d="M256.017,378.435h83.462c46.032,0,83.478-37.446,83.478-83.478V150.261  c0-9.223-7.473-16.696-16.696-16.696H256.017V378.435z"/>
12 | <path style="fill:#576573;" d="M306.104,300.522H205.93c-9.223,0-16.696-7.473-16.696-16.696s7.473-16.696,16.696-16.696h100.174  c9.223,0,16.696,7.473,16.696,16.696S315.326,300.522,306.104,300.522z"/>
13 | <path style="fill:#485566;" d="M256.017,300.522h50.087c9.223,0,16.696-7.473,16.696-16.696s-7.473-16.696-16.696-16.696h-50.087  V300.522L256.017,300.522z"/>
14 | <path style="fill:#576573;" d="M306.104,233.739H205.93c-9.223,0-16.696-7.473-16.696-16.696s7.473-16.696,16.696-16.696h100.174  c9.223,0,16.696,7.473,16.696,16.696S315.326,233.739,306.104,233.739z"/>
15 | <path style="fill:#485566;" d="M256.017,233.739h50.087c9.223,0,16.696-7.473,16.696-16.696s-7.473-16.696-16.696-16.696h-50.087  V233.739L256.017,233.739z"/>
16 | </svg>


--------------------------------------------------------------------------------
/assets/icon-redis.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
2 | <svg width="800px" height="800px" viewBox="0 -18 256 256" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMinYMin meet"><path d="M245.97 168.943c-13.662 7.121-84.434 36.22-99.501 44.075-15.067 7.856-23.437 7.78-35.34 2.09-11.902-5.69-87.216-36.112-100.783-42.597C3.566 169.271 0 166.535 0 163.951v-25.876s98.05-21.345 113.879-27.024c15.828-5.679 21.32-5.884 34.79-.95 13.472 4.936 94.018 19.468 107.331 24.344l-.006 25.51c.002 2.558-3.07 5.364-10.024 8.988" fill="#912626"/><path d="M245.965 143.22c-13.661 7.118-84.431 36.218-99.498 44.072-15.066 7.857-23.436 7.78-35.338 2.09-11.903-5.686-87.214-36.113-100.78-42.594-13.566-6.485-13.85-10.948-.524-16.166 13.326-5.22 88.224-34.605 104.055-40.284 15.828-5.677 21.319-5.884 34.789-.948 13.471 4.934 83.819 32.935 97.13 37.81 13.316 4.881 13.827 8.9.166 16.02" fill="#C6302B"/><path d="M245.97 127.074c-13.662 7.122-84.434 36.22-99.501 44.078-15.067 7.853-23.437 7.777-35.34 2.087-11.903-5.687-87.216-36.112-100.783-42.597C3.566 127.402 0 124.67 0 122.085V96.206s98.05-21.344 113.879-27.023c15.828-5.679 21.32-5.885 34.79-.95C162.142 73.168 242.688 87.697 256 92.574l-.006 25.513c.002 2.557-3.07 5.363-10.024 8.987" fill="#912626"/><path d="M245.965 101.351c-13.661 7.12-84.431 36.218-99.498 44.075-15.066 7.854-23.436 7.777-35.338 2.087-11.903-5.686-87.214-36.112-100.78-42.594-13.566-6.483-13.85-10.947-.524-16.167C23.151 83.535 98.05 54.148 113.88 48.47c15.828-5.678 21.319-5.884 34.789-.949 13.471 4.934 83.819 32.933 97.13 37.81 13.316 4.88 13.827 8.9.166 16.02" fill="#C6302B"/><path d="M245.97 83.653c-13.662 7.12-84.434 36.22-99.501 44.078-15.067 7.854-23.437 7.777-35.34 2.087-11.903-5.687-87.216-36.113-100.783-42.595C3.566 83.98 0 81.247 0 78.665v-25.88s98.05-21.343 113.879-27.021c15.828-5.68 21.32-5.884 34.79-.95C162.142 29.749 242.688 44.278 256 49.155l-.006 25.512c.002 2.555-3.07 5.361-10.024 8.986" fill="#912626"/><path d="M245.965 57.93c-13.661 7.12-84.431 36.22-99.498 44.074-15.066 7.854-23.436 7.777-35.338 2.09C99.227 98.404 23.915 67.98 10.35 61.497-3.217 55.015-3.5 50.55 9.825 45.331 23.151 40.113 98.05 10.73 113.88 5.05c15.828-5.679 21.319-5.883 34.789-.948 13.471 4.935 83.819 32.934 97.13 37.811 13.316 4.876 13.827 8.897.166 16.017" fill="#C6302B"/><path d="M159.283 32.757l-22.01 2.285-4.927 11.856-7.958-13.23-25.415-2.284 18.964-6.839-5.69-10.498 17.755 6.944 16.738-5.48-4.524 10.855 17.067 6.391M131.032 90.275L89.955 73.238l58.86-9.035-17.783 26.072M74.082 39.347c17.375 0 31.46 5.46 31.46 12.194 0 6.736-14.085 12.195-31.46 12.195s-31.46-5.46-31.46-12.195c0-6.734 14.085-12.194 31.46-12.194" fill="#FFF"/><path d="M185.295 35.998l34.836 13.766-34.806 13.753-.03-27.52" fill="#621B1C"/><path d="M146.755 51.243l38.54-15.245.03 27.519-3.779 1.478-34.791-13.752" fill="#9A2928"/></svg>


--------------------------------------------------------------------------------
/assets/icon-sqlite.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
2 | <svg width="800px" height="800px" viewBox="0 0 32 32" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="a" x1="-118.318" y1="45.638" x2="-116.751" y2="45.638" gradientTransform="matrix(0, 11.486, 11.486, 0, -510.889, 1363.307)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#97d9f6"/><stop offset="0.92" stop-color="#0f80cc"/><stop offset="1" stop-color="#0f80cc"/></linearGradient></defs><title>file_type_sqlite</title><path d="M23.192,3.242H5.623A2.147,2.147,0,0,0,3.482,5.383V24.759A2.147,2.147,0,0,0,5.623,26.9H17.195C17.063,21.142,19.03,9.968,23.192,3.242Z" style="fill:#0f80cc"/><path d="M22.554,3.867H5.623A1.518,1.518,0,0,0,4.107,5.383V23.345a42.01,42.01,0,0,1,13.569-2.684A123.555,123.555,0,0,1,22.554,3.867Z" style="fill:url(#a)"/><path d="M27.29,2.608c-1.2-1.073-2.66-.642-4.1.634-.213.19-.426.4-.638.625A25.4,25.4,0,0,0,17.1,15a10.178,10.178,0,0,1,.634,1.822c.036.14.069.272.1.384.062.265.1.437.1.437s-.022-.083-.113-.346l-.059-.17c-.01-.027-.023-.059-.038-.094-.16-.373-.6-1.16-.8-1.5-.167.493-.315.954-.438,1.371a12.131,12.131,0,0,1,.908,2.8s-.03-.115-.171-.515a19.037,19.037,0,0,0-.9-1.708,4.037,4.037,0,0,0-.264,1.724,6.009,6.009,0,0,1,.493,1.383c.334,1.283.566,2.846.566,2.846s.008.1.02.263a26.145,26.145,0,0,0,.065,3.205,11.362,11.362,0,0,0,.584,3.1l.18-.1a13.859,13.859,0,0,1-.478-4.628,35.269,35.269,0,0,1,1.938-9.688c2.01-5.308,4.8-9.568,7.35-11.6-2.326,2.1-5.474,8.9-6.417,11.418a45.656,45.656,0,0,0-2.254,8A6.211,6.211,0,0,1,21.39,20s1.233-1.521,2.674-3.693a26.206,26.206,0,0,0-2.755.733c-.7.294-.889.394-.889.394a23.939,23.939,0,0,1,4.215-2.007c2.676-4.215,5.592-10.2,2.656-12.824" style="fill:#003b57"/></svg>


--------------------------------------------------------------------------------
/assets/icon-theme.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="windows-1252"?>
 2 | <!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
 3 | <svg height="800px" width="800px" version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 512 512" xml:space="preserve">
 4 | <path style="fill:#FFCE47;" d="M433.479,205.747c75.09,43.351,100.812,139.37,57.461,214.46s-139.37,100.812-214.46,57.461  c-7.304-4.21-14.135-8.93-20.48-14.074l31.824-170.903l123.221-97.645C418.677,197.97,426.175,201.537,433.479,205.747z"/>
 5 | <path style="fill:#FF4181;" d="M78.521,205.747c-75.09,43.351-100.812,139.37-57.461,214.46s139.37,100.812,214.46,57.461  c7.304-4.21,14.135-8.93,20.48-14.074l-31.824-170.903l-123.221-97.645C93.323,197.97,85.825,201.537,78.521,205.747z"/>
 6 | <path style="fill:#4EB9FF;" d="M412.999,170.271c0,8.432-0.667,16.707-1.953,24.775L256,256.196l-155.046-61.15  c-1.286-8.068-1.953-16.343-1.953-24.775c0-86.713,70.298-156.999,156.999-156.999S412.999,83.557,412.999,170.271z"/>
 7 | <path style="fill:#FF755C;" d="M312.09,316.957H199.91C191.21,371.482,211.933,427.9,256,463.594  C300.066,427.9,320.789,371.482,312.09,316.957z"/>
 8 | <path style="fill:#85C250;" d="M256,219.797l56.09,97.16c51.577-19.74,90.086-65.906,98.955-121.911  C358.098,174.724,298.865,185,256,219.797z"/>
 9 | <path style="fill:#3B8BC0;" d="M100.954,195.046c8.869,56.005,47.379,102.171,98.955,121.911l56.09-97.16  C213.134,185,153.902,174.724,100.954,195.046z"/>
10 | <path style="fill:#174461;" d="M292.981,263.208c9.876,17.119,16.173,35.331,19.109,53.748  c-17.423,6.661-36.326,10.313-56.09,10.313s-38.667-3.652-56.09-10.313c2.936-18.418,9.233-36.629,19.109-53.749  c9.876-17.107,22.494-31.667,36.981-43.411C270.486,231.542,283.105,246.101,292.981,263.208z"/>
11 | </svg>


--------------------------------------------------------------------------------
/assets/icon-wordpress.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
2 | <!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
3 | <svg width="800px" height="800px" viewBox="0 -0.5 256 256" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" preserveAspectRatio="xMidYMid">
4 |     <g fill="#464342">
5 |         <path d="M18.1239675,127.500488 C18.1239675,170.795707 43.284813,208.211252 79.7700163,225.941854 L27.5938862,82.985626 C21.524813,96.5890081 18.1239675,111.643057 18.1239675,127.500488 L18.1239675,127.500488 Z M201.345041,121.980878 C201.345041,108.462829 196.489366,99.1011382 192.324683,91.8145041 C186.780098,82.8045528 181.583089,75.1745041 181.583089,66.1645528 C181.583089,56.1097886 189.208976,46.7501789 199.950569,46.7501789 C200.435512,46.7501789 200.89548,46.8105366 201.367935,46.8375935 C181.907772,29.0091707 155.981008,18.1239675 127.50465,18.1239675 C89.2919675,18.1239675 55.6727154,37.7298211 36.1147317,67.4258211 C38.6809756,67.5028293 41.0994472,67.5569431 43.1536911,67.5569431 C54.5946016,67.5569431 72.3043902,66.1687154 72.3043902,66.1687154 C78.2007154,65.8211382 78.8958699,74.4814309 73.0057886,75.1786667 C73.0057886,75.1786667 67.0803252,75.8759024 60.4867642,76.2213984 L100.318699,194.699447 L124.25574,122.909138 L107.214049,76.2172358 C101.323967,75.8717398 95.744,75.1745041 95.744,75.1745041 C89.8497561,74.8290081 90.540748,65.8169756 96.4349919,66.1645528 C96.4349919,66.1645528 114.498602,67.5527805 125.246439,67.5527805 C136.685268,67.5527805 154.397138,66.1645528 154.397138,66.1645528 C160.297626,65.8169756 160.990699,74.4772683 155.098537,75.1745041 C155.098537,75.1745041 149.160585,75.8717398 142.579512,76.2172358 L182.107577,193.798244 L193.017756,157.340098 C197.746472,142.211122 201.345041,131.34465 201.345041,121.980878 L201.345041,121.980878 Z M129.42361,137.068228 L96.6056585,232.43135 C106.404423,235.31187 116.76722,236.887415 127.50465,236.887415 C140.242211,236.887415 152.457366,234.685398 163.827512,230.68722 C163.534049,230.218927 163.267642,229.721496 163.049106,229.180358 L129.42361,137.068228 L129.42361,137.068228 Z M223.481756,75.0225691 C223.95213,78.5066667 224.218537,82.2467642 224.218537,86.2699187 C224.218537,97.3694959 222.145561,109.846894 215.901659,125.448325 L182.490537,222.04774 C215.00878,203.085008 236.881171,167.854829 236.881171,127.502569 C236.883252,108.485724 232.025496,90.603187 223.481756,75.0225691 L223.481756,75.0225691 Z M127.50465,0 C57.2003902,0 0,57.1962276 0,127.500488 C0,197.813073 57.2003902,255.00722 127.50465,255.00722 C197.806829,255.00722 255.015545,197.813073 255.015545,127.500488 C255.013463,57.1962276 197.806829,0 127.50465,0 L127.50465,0 Z M127.50465,249.162927 C60.4243252,249.162927 5.84637398,194.584976 5.84637398,127.500488 C5.84637398,60.4201626 60.4222439,5.84637398 127.50465,5.84637398 C194.582894,5.84637398 249.156683,60.4201626 249.156683,127.500488 C249.156683,194.584976 194.582894,249.162927 127.50465,249.162927 L127.50465,249.162927 Z">
6 | 
7 | </path>
8 |     </g>
9 | </svg>


--------------------------------------------------------------------------------
/assets/logo16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/logo16.png


--------------------------------------------------------------------------------
/assets/logo512.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/logo512.png


--------------------------------------------------------------------------------
/assets/logo64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/logo64.png


--------------------------------------------------------------------------------
/assets/screenshot-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/screenshot-1.png


--------------------------------------------------------------------------------
/assets/screenshot-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/screenshot-2.png


--------------------------------------------------------------------------------
/assets/screenshot-3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/javiercasares/wpvulnerability/41f0f84fb04f96828b1962072ad1d2ac560c0629/assets/screenshot-3.png


--------------------------------------------------------------------------------
/changelog.txt:
--------------------------------------------------------------------------------
  1 | == Changelog ==
  2 | 
  3 | = [4.0.4] - 2025-04-07 =
  4 | 
  5 | **Added**
  6 | 
  7 | * Extra sanitizations.
  8 | 
  9 | **Changed**
 10 | 
 11 | * Translation improvements.
 12 | 
 13 | **Fixed**
 14 | 
 15 | * Plugin and translation load.
 16 | 
 17 | **Compatibility**
 18 | 
 19 | * WordPress: 4.1 - 6.8
 20 | * PHP: 5.6 - 8.4
 21 | * WP-CLI: 2.3.0 - 2.11.0
 22 | 
 23 | **Tests**
 24 | 
 25 | * PHP Coding Standards: 3.12.1
 26 | * WordPress Coding Standards: 3.1.0
 27 | * Plugin Check (PCP): 1.4.0
 28 | * SonarCloud Code Review
 29 | 
 30 | = [4.0.3] - 2024-10-28 =
 31 | 
 32 | * Recreation of the 4.0.2 version. Something did not created the 4.0.2 version.
 33 | 
 34 | = [4.0.2] - 2024-10-25 =
 35 | 
 36 | **Fixed**
 37 | 
 38 | * ImageMagick: it crashes in some cases where the hosting does not have ImageMagick.
 39 | 
 40 | **Compatibility**
 41 | 
 42 | * WordPress: 4.1 - 6.7
 43 | * PHP: 5.6 - 8.4
 44 | * WP-CLI: 2.3.0 - 2.11.0
 45 | 
 46 | **Tests**
 47 | 
 48 | * PHP Coding Standards: 3.10.3
 49 | * WordPress Coding Standards: 3.1.0
 50 | * Plugin Check (PCP): 1.1.0
 51 | * SonarCloud Code Review
 52 | 
 53 | = [4.0.1] - 2024-10-04 =
 54 | 
 55 | **Fixed**
 56 | 
 57 | * API endpoints: some API endpoints were failing.
 58 | * CLI endpoints: some CLI endpoints were failing.
 59 | 
 60 | **Compatibility**
 61 | 
 62 | * WordPress: 4.1 - 6.7
 63 | * PHP: 5.6 - 8.4
 64 | * WP-CLI: 2.3.0 - 2.11.0
 65 | 
 66 | **Tests**
 67 | 
 68 | * PHP Coding Standards: 3.10.3
 69 | * WordPress Coding Standards: 3.1.0
 70 | * Plugin Check (PCP): 1.1.0
 71 | * SonarCloud Code Review
 72 | 
 73 | = [4.0.0] - 2024-10-01 =
 74 | 
 75 | **Added**
 76 | 
 77 | * ImageMagic vulnerabilities (Site Health + WP-CLI + API + mail).
 78 | * curl vulnerabilities (Site Health + WP-CLI + API + mail).
 79 | * memcached vulnerabilities (Site Health + WP-CLI + API + mail).
 80 | * Redis vulnerabilities (Site Health + WP-CLI + API + mail).
 81 | * SQLite vulnerabilities (Site Health + WP-CLI + API + mail).
 82 | 
 83 | **Fixed**
 84 | 
 85 | * Test email without email.
 86 | * Improved MariaDB 11.x detection.
 87 | * Improved versions detection (major-minor.patch-build).
 88 | * WordPress < 5.3: use of wp_date().
 89 | * WordPress < 5.0: locale detection.
 90 | * Dashboard widget only for users with capabilities.
 91 | * WordPress < 5.2: link to Site Health
 92 | 
 93 | **Changed**
 94 | 
 95 | * Big refactory.
 96 | * Less files, less size, improved code quality.
 97 | 
 98 | **Compatibility**
 99 | 
100 | * WordPress: 4.1 - 6.7
101 | * PHP: 5.6 - 8.4
102 | * WP-CLI: 2.3.0 - 2.11.0
103 | 
104 | **Tests**
105 | 
106 | * Manual Testing:
107 |   * WordPress 6.7 / PHP 8.4
108 |   * WordPress 6.6 / PHP 8.3
109 |   * WordPress 6.4 / PHP 8.2
110 |   * WordPress 6.1 / PHP 8.1
111 |   * WordPress 5.8 / PHP 8.0
112 |   * WordPress 5.5 / PHP 7.4
113 |   * WordPress 5.3 / PHP 7.3
114 |   * WordPress 4.9 / PHP 7.2
115 |   * WordPress 4.8 / PHP 7.1
116 |   * WordPress 4.6 / PHP 7.0
117 |   * WordPress 4.1 / PHP 5.6
118 | * PHP Coding Standards: 3.10.3
119 | * WordPress Coding Standards: 3.1.0
120 | * Plugin Check (PCP): 1.1.0
121 | * SonarCloud Code Review
122 | 
123 | = [3.4.1] - 2024-08-23 =
124 | 
125 | **Fixed**
126 | 
127 | * The number of vulnerabilities for core is incorrect.
128 | 
129 | **Compatibility**
130 | 
131 | * WordPress: 4.1 - 6.7
132 | * PHP: 5.6 - 8.3
133 | * WP-CLI: 2.3.0 - 2.11.0
134 | 
135 | **Tests**
136 | 
137 | * PHP Coding Standards: 3.10.2
138 | * WordPress Coding Standards: 3.1.0
139 | * Plugin Check (PCP): 1.0.2
140 | * SonarCloud Code Review
141 | 
142 | = [3.4.0] - 2024-08-16 =
143 | 
144 | **Added**
145 | 
146 | * New checks for MariaDB vulnerabilities.
147 | * New checks for MySQL vulnerabilities.
148 | * WPVulnerability statistics in the configuration page.
149 | * WPVulnerability contributors in the configuration page.
150 | 
151 | **Changed**
152 | 
153 | * Code improvement.
154 | * Better UI for the configuration page.
155 | * Web server version detection improved.
156 | 
157 | **Fixed**
158 | 
159 | * Get the statistics information the right way.
160 | 
161 | **Compatibility**
162 | 
163 | * WordPress: 4.1 - 6.7
164 | * PHP: 5.6 - 8.3
165 | * WP-CLI: 2.3.0 - 2.11.0
166 | 
167 | **Tests**
168 | 
169 | * PHP Coding Standards: 3.10.2
170 | * WordPress Coding Standards: 3.1.0
171 | * Plugin Check (PCP): 1.0.2
172 | * SonarCloud Code Review
173 | 
174 | = [3.3.5] - 2024-08-14 =
175 | 
176 | **Added**
177 | 
178 | * Add counters for Core, Plugins, and Themes.
179 | * Add a Vulnerabilities filter in the Plugin list (WordPress and WordPress Multisite).
180 | * Add a Vulnerabilities filter in the Themes list (WordPress Multisite).
181 | 
182 | **Compatibility**
183 | 
184 | * WordPress: 4.1 - 6.7
185 | * PHP: 5.6 - 8.3
186 | * WP-CLI: 2.3.0 - 2.11.0
187 | 
188 | **Tests**
189 | 
190 | * PHP Coding Standards: 3.10.2
191 | * WordPress Coding Standards: 3.1.0
192 | * Plugin Check (PCP): 1.0.2
193 | * SonarCloud Code Review
194 | 
195 | = [3.3.4] - 2024-08-12 =
196 | 
197 | **Fixed**
198 | 
199 | * The "Last updated on" column in the plugin list is available again.
200 | 
201 | **Compatibility**
202 | 
203 | * WordPress: 4.1 - 6.7
204 | * PHP: 5.6 - 8.3
205 | * WP-CLI: 2.3.0 - 2.11.0
206 | 
207 | **Tests**
208 | 
209 | * PHP Coding Standards: 3.10.2
210 | * WordPress Coding Standards: 3.1.0
211 | * Plugin Check (PCP): 1.0.2
212 | * SonarCloud Code Review
213 | 
214 | = [3.3.3] - 2024-08-05 =
215 | 
216 | **Fixed**
217 | 
218 | * The Dashboard panel is availbale, again.
219 | 
220 | **Compatibility**
221 | 
222 | * WordPress: 4.1 - 6.7
223 | * PHP: 5.6 - 8.3
224 | * WP-CLI: 2.3.0 - 2.10.0
225 | 
226 | **Tests**
227 | 
228 | * PHP Coding Standards: 3.10.2
229 | * WordPress Coding Standards: 3.1.0
230 | * Plugin Check (PCP): 1.0.2
231 | * SonarCloud Code Review
232 | 
233 | = [3.3.1] - 2024-08-02 =
234 | 
235 | **Fixed**
236 | 
237 | * Delete the wp_is_rest_endpoint check. Does not need it.
238 | 
239 | **Compatibility**
240 | 
241 | * WordPress: 4.1 - 6.7
242 | * PHP: 5.6 - 8.3
243 | * WP-CLI: 2.3.0 - 2.10.0
244 | 
245 | **Tests**
246 | 
247 | * PHP Coding Standards: 3.10.2
248 | * WordPress Coding Standards: 3.1.0
249 | * Plugin Check (PCP): 1.0.2
250 | * SonarCloud Code Review
251 | 
252 | = [3.3.0] - 2024-08-02 =
253 | 
254 | **Added**
255 | 
256 | * Ability to exclude of vulnerability types at a global level.
257 | * WP-CLI commands formats (--format=[table,json]).
258 | * REST API endpoints (requires Application Password).
259 | 
260 | **Changed**
261 | 
262 | * README file.
263 | 
264 | **Compatibility**
265 | 
266 | * WordPress: 4.1 - 6.7
267 | * PHP: 5.6 - 8.3
268 | * WP-CLI: 2.3.0 - 2.10.0
269 | 
270 | **Tests**
271 | 
272 | * PHP Coding Standards: 3.10.2
273 | * WordPress Coding Standards: 3.1.0
274 | * Plugin Check (PCP): 1.0.2
275 | * SonarCloud Code Review
276 | 
277 | = [3.2.2] - 2024-07-27 =
278 | 
279 | **Added**
280 | 
281 | * Ability to configure a different From: email address for sending vulnerability notifications via `wp-config.php`.
282 | 
283 | **Changed**
284 | 
285 | * The URL for the website now uses its own domain name.
286 | * Dashboard visibility is restricted to users with specific capabilities, similar to Site Health.
287 | 
288 | **Fixed**
289 | 
290 | * Various minor fixes to prevent warnings and potential errors due to misconfigured WordPress setups.
291 | * Allow loading of some necessary libraries.
292 | 
293 | **Compatibility**
294 | 
295 | * WordPress: 4.1 - 6.6
296 | * PHP: 5.6 - 8.3
297 | * WP-CLI: 2.3.0 - 2.10.0
298 | 
299 | **Tests**
300 | 
301 | * WordPress Coding Standards: 3.1.0
302 | * Plugin Check (PCP): 1.0.2
303 | * SonarCloud Code Review
304 | 
305 | = [3.2.0] - 2024-05-08 =
306 | 
307 | **Added**
308 | 
309 | * Apache HTTPD vulnerabilities (Site Health).
310 | * nginx vulnerabilities (Site Health).
311 | 
312 | **Changed**
313 | 
314 | * License updated to GPL 2.0 or later.
315 | 
316 | **Compatibility**
317 | 
318 | * WordPress 4.1 - WordPress 6.6.
319 | * PHP 5.6 - PHP 8.3.
320 | * WordPress Coding Standards 3.1.0.
321 | * WP-CLI 2.3.0 - WP-CLI 2.10.0.
322 | * Plugin Check (PCP)
323 | 
324 | = [3.1.2] - 2024-05-08 =
325 | 
326 | **Fixed**
327 | 
328 | * In some cases (when calling it directly, or wget), the cron was not working and gave an error.
329 | * The license had a non-compliance ID. Now, same license but working.
330 | * General improvements.
331 | 
332 | **Changed**
333 | 
334 | * The URL from the API is using its own domain name.
335 | 
336 | **Compatibility**
337 | 
338 | * WordPress 4.1 - WordPress 6.6.
339 | * PHP 5.6 - PHP 8.3.
340 | * WordPress Coding Standards 3.1.0.
341 | * WP-CLI 2.3.0 - WP-CLI 2.10.0.
342 | * Plugin Check (PCP)
343 | 
344 | = [3.1.1] - 2024-02-11 =
345 | 
346 | **Fixed**
347 | 
348 | * Fixes some possible PHP warnings when retrieving data from the API.
349 | * Delete old schedules when unistalling the plugin.
350 | * Fix how is printed the High severity.
351 | 
352 | **Deleted**
353 | 
354 | * The plugin will not show the Exploitability information.
355 | 
356 | **Compatibility**
357 | 
358 | * Compatibility: WordPress 4.1 - WordPress 6.5.
359 | * Compatibility: PHP 5.6 - PHP 8.3.
360 | * Compatibility: WordPress Coding Standards 3.0.1.
361 | * Compatibility: WP-CLI 2.3.0 - WP-CLI 2.10.0.
362 | 
363 | = [3.1.0] - 2024-02-04 =
364 | 
365 | **Added**
366 | 
367 | * A new column in the plugin list, with the last updated day (and diff).
368 | * A notice if the plugin is closed in the WordPress.org repo.
369 | 
370 | **Fixed**
371 | 
372 | * Fixes the schedule in some cases.
373 | * Fixes the PHP format (using always the n.n / n.n.n format).
374 | 
375 | **Compatibility**
376 | 
377 | * Compatibility: WordPress 4.1 - WordPress 6.5.
378 | * Compatibility: PHP 5.6 - PHP 8.3.
379 | * Compatibility: WordPress Coding Standards 3.0.1.
380 | * Compatibility: WP-CLI 2.3.0 - WP-CLI 2.9.0.
381 | 
382 | = [3.0.2] - 2024-01-27 =
383 | 
384 | **Fixed**
385 | 
386 | * Fixes the WordPress Multisite saving options.
387 | 
388 | **Compatibility**
389 | 
390 | * Compatibility: WordPress 4.1 - WordPress 6.5.
391 | * Compatibility: PHP 5.6 - PHP 8.3.
392 | * Compatibility: WordPress Coding Standards 3.0.1.
393 | * Compatibility: WP-CLI 2.3.0 - WP-CLI 2.9.0.
394 | 
395 | = [3.0.1] - 2023-12-19 =
396 | 
397 | **Fixed**
398 | 
399 | * Test email with the actual vulnerabilities (or a test message), now forced when the button is clicked.
400 | * Fixed some strings (thanks @alexclassroom).
401 | * WordPress Coding Standards 3.0.1 up-to-date.
402 | 
403 | **Compatibility**
404 | 
405 | * Compatibility: WordPress 4.1 - WordPress 6.4.
406 | * Compatibility: PHP 5.6 - PHP 8.3.
407 | * Compatibility: WordPress Coding Standards 3.0.1.
408 | * Compatibility: WP-CLI 2.3.0 - WP-CLI 2.9.0.
409 | 
410 | = [3.0.0] - 2023-12-09 =
411 | 
412 | **Added**
413 | 
414 | * WordPress Multisite support.
415 | * PHP vulnerabilities (Site Health).
416 | * Reload the data from source.
417 | * Test email with the actual vulnerabilities.
418 | 
419 | **Changed**
420 | 
421 | * Loading the data in better way.
422 | 
423 | **Compatibility**
424 | 
425 | * Compatibility: WordPress 4.1 - WordPress 6.4.
426 | * Compatibility: PHP 5.6 - PHP 8.3.
427 | * Compatibility: WordPress Coding Standards 3.0.1.
428 | * Compatibility: WP-CLI 2.3 - WP-CLI 2.9.0.
429 | 
430 | = [2.2.1] - 2023-10-02 =
431 | 
432 | **Added**
433 | 
434 | * New security information (at WordPress.org plugin page).
435 | * New privacy information (at WordPress.org plugin page).
436 | * New compatibility information (at WordPress.org plugin page).
437 | * New vulnerabilities information (at WordPress.org plugin page).
438 | * New profiling information (at WordPress.org plugin page).
439 | 
440 | **Changed**
441 | 
442 | * Promoted dashboard.
443 | * Performance improvement: only load the plugin in the admin area.
444 | 
445 | **Compatibility**
446 | 
447 | * Compatibility: WordPress 4.1 - WordPress 6.4.
448 | * Compatibility: PHP 5.6 - PHP 8.3.
449 | * Compatibility: WordPress Coding Standards 3.0.1.
450 | * Compatibility: WP-CLI 2.3 - WP-CLI 2.8.1.
451 | 
452 | = [2.2.0] - 2023-09-14 =
453 | 
454 | **Added**
455 | 
456 | * New Dashboard, with a Vulnerability summary and products affected.
457 | 
458 | **Compatibility**
459 | 
460 | * Compatibility: WordPress 4.1 - WordPress 6.3.
461 | * Compatibility: PHP 5.6 - PHP 8.3.
462 | * Compatibility: WordPress Coding Standards 3.0.0.
463 | * Compatibility: WP-CLI 2.3 - WP-CLI 2.8.
464 | 
465 | = [2.1.0] - 2023-09-11 =
466 | 
467 | **Changed**
468 | 
469 | * Improved detection of plugins folders. This shpould reduce the false positives in some plugins, and Pro/Premium plugins.
470 | 
471 | **Compatibility**
472 | 
473 | * Compatibility: WordPress 4.1 - WordPress 6.3.
474 | * Compatibility: PHP 5.6 - PHP 8.3.
475 | * Compatibility: WordPress Coding Standards 3.0.0.
476 | * Compatibility: WP-CLI 2.3 - WP-CLI 2.7.
477 | 
478 | = [2.0.4] - 2023-09-10 =
479 | 
480 | **Compatibility**
481 | 
482 | * WordPress Coding Standards 3.0.0 compatible.
483 | 
484 | = [2.0.3] - 2023-07-27 =
485 | 
486 | **Added**
487 | 
488 | * Validate secure requests to the API.
489 | 
490 | **Changed**
491 | 
492 | * Reduce API timeout request time from 10.0 seconds to 2.5 seconds.
493 | 
494 | **Compatibility**
495 | 
496 | * Compatibility: WordPress 4.1 - WordPress 6.3.
497 | * Compatibility: PHP 5.6 - PHP 8.3.
498 | 
499 | = [2.0.2] - 2023-04-24 =
500 | 
501 | **Fixed**
502 | 
503 | * Fix the Notification system.
504 | 
505 | = [2.0.1] - 2023-04-20 =
506 | 
507 | **Added**
508 | 
509 | * Added new options to cache the vulnerability counter.
510 | 
511 | **Changed**
512 | 
513 | * Update the readme.txt.
514 | 
515 | **Fixed**
516 | 
517 | * Fix the Site Health messages.
518 | 
519 | = [2.0.0] - 2023-04-15 =
520 | 
521 | **Added**
522 | 
523 | * If the WordPress version supports it, vulnerabilities are displayed in the Core update screen.
524 | * Calls can be made from WP-CLI `wp help wpvulnerability` to list vulnerabilities in Core `wp wpvulnerability core`, Plugins `wp wpvulnerability plugins` and Themes `wp wpvulnerability themes`. Before only Plugins.
525 | * Site Health shows core vulnerabilities, which were not previously shown.
526 | 
527 | **Changed**
528 | 
529 | * The plugin has been completely refactored.
530 | 
531 | **Compatibility**
532 | 
533 | * Compatibility: WordPress 4.1 - WordPress 6.2
534 | * Compatibility: PHP 5.6 - PHP 8.2
535 | * Compatibility: WP-CLI 2.3 - 2.7
536 | 
537 | = [1.3.2] - 2023-03-22 =
538 | 
539 | **Changed**
540 | 
541 | * Code security improvements
542 | 
543 | **Fixed**
544 | 
545 | * Fix some PHP errors
546 | 
547 | = [1.3.2] - 2023-03-22 =
548 | 
549 | **Changed**
550 | 
551 | * Code security improvements
552 | 
553 | **Fixed**
554 | 
555 | * Fix some PHP errors
556 | 
557 | = [1.3.1] - 2023-02-27 =
558 | 
559 | **Changed**
560 | 
561 | * Code security improvements
562 | * Fix the Severity value
563 | * A better Site Health information
564 | 
565 | **Compatibility**
566 | 
567 | * Compatibility: WordPress 5.2 - WordPress 6.2
568 | * Compatibility: PHP 7.2 - PHP 8.1
569 | 
570 | = [1.3.0] - 2023-02-27 =
571 | 
572 | **Added**
573 | 
574 | * Information, when available, about the vulnerability, in a simplified way. Only in the plugin list.
575 | * Information, when available, about the potential severity and exploitability. Only in the plugin list.
576 | * Links to sources to get additional information. Only in the plugin list.
577 | 
578 | **Changed**
579 | 
580 | * Improved security in code.
581 | 
582 | = [1.2.4] - 2023-02-20 =
583 | 
584 | **Compatibility**
585 | 
586 | * Compatibility: WordPress 5.2 - WordPress 6.2
587 | * Compatibility: PHP 7.2 - PHP 8.1 
588 | 
589 | = [1.2.3] - 2023-01-30 =
590 | 
591 | **Fixed**
592 | 
593 | * Fix WP_Error object.
594 | 
595 | = [1.2.2] - 2023-01-30 =
596 | 
597 | **Fixed**
598 | 
599 | * Fix WP_Error object.
600 | 
601 | = [1.2.1] - 2023-01-09 =
602 | 
603 | **Fixed**
604 | 
605 | * Some fixed to improve the operators.
606 | 
607 | = [1.2.0] - 2022-12-15 =
608 | 
609 | **Added**
610 | 
611 | * Sends email periodically. You can choose who is going to receive the emails.
612 | * First approach to WPCLI Commands (thanks to @lbonomo).
613 | 
614 | = [1.1.0] - 2022-05-18 =
615 | 
616 | **Fixed**
617 | 
618 | * Fix: Prevents text domain not given correctly.
619 | * Fix: strings not translated.
620 | 
621 | = [1.0.1] - 2022-05-17 =
622 | 
623 | **Fixed**
624 | 
625 | * Fix: strings not translated.
626 | 
627 | = [1.0.0] - 2022-05-16 =
628 | 
629 | **Added**
630 | 
631 | * Added tabs in Health check.
632 | 
633 | = [0.2.0] - 2022-05-07 =
634 | 
635 | **Added**
636 | 
637 | * Improved the information in plugins list.
638 | 
639 | = [0.1.0] - 2022-05-06 =
640 | 
641 | **Added**
642 | 
643 | * Notification in the plugins list.
644 | * First release.


--------------------------------------------------------------------------------
/languages/wpvulnerability.pot:
--------------------------------------------------------------------------------
  1 | #, fuzzy
  2 | msgid ""
  3 | msgstr ""
  4 | "Project-Id-Version: WPVulnerability\n"
  5 | "POT-Creation-Date: 2024-10-01 19:01+0200\n"
  6 | "PO-Revision-Date: 2023-09-12 06:56+0200\n"
  7 | "Last-Translator: \n"
  8 | "Language-Team: \n"
  9 | "MIME-Version: 1.0\n"
 10 | "Content-Type: text/plain; charset=UTF-8\n"
 11 | "Content-Transfer-Encoding: 8bit\n"
 12 | "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
 13 | "X-Generator: Poedit 3.4.4\n"
 14 | "X-Poedit-Basepath: ..\n"
 15 | "X-Poedit-Flags-xgettext: --add-comments=translators:\n"
 16 | "X-Poedit-WPHeader: wpvulnerability.php\n"
 17 | "X-Poedit-SourceCharset: UTF-8\n"
 18 | "X-Poedit-KeywordsList: __;_e;_n:1,2;_x:1,2c;_ex:1,2c;_nx:4c,1,2;esc_attr__;"
 19 | "esc_attr_e;esc_attr_x:1,2c;esc_html__;esc_html_e;esc_html_x:1,2c;"
 20 | "_n_noop:1,2;_nx_noop:3c,1,2;__ngettext_noop:1,2\n"
 21 | "X-Poedit-SearchPath-0: .\n"
 22 | "X-Poedit-SearchPathExcluded-0: *.min.js\n"
 23 | 
 24 | #: wpvulnerability-admin.php:54 wpvulnerability-adminms.php:236
 25 | msgid "Data from source has been reloaded."
 26 | msgstr ""
 27 | 
 28 | #: wpvulnerability-admin.php:80 wpvulnerability-adminms.php:261
 29 | msgid "Test email has been sent."
 30 | msgstr ""
 31 | 
 32 | #: wpvulnerability-admin.php:82 wpvulnerability-adminms.php:265
 33 | msgid "Test email has failed. Please, check your email settings."
 34 | msgstr ""
 35 | 
 36 | #: wpvulnerability-admin.php:103 wpvulnerability-adminms.php:277
 37 | msgid "WPVulnerability settings"
 38 | msgstr ""
 39 | 
 40 | #: wpvulnerability-admin.php:146 wpvulnerability-adminms.php:331
 41 | msgid "Reload the data from source"
 42 | msgstr ""
 43 | 
 44 | #: wpvulnerability-admin.php:149 wpvulnerability-adminms.php:334
 45 | msgid ""
 46 | "Reload all Core, Plugins, Themes and other components information directly "
 47 | "from the API to have updated data."
 48 | msgstr ""
 49 | 
 50 | #: wpvulnerability-admin.php:152 wpvulnerability-adminms.php:337
 51 | msgid "Reload Data"
 52 | msgstr ""
 53 | 
 54 | #: wpvulnerability-admin.php:158 wpvulnerability-adminms.php:344
 55 | msgid "Email test"
 56 | msgstr ""
 57 | 
 58 | #: wpvulnerability-admin.php:167 wpvulnerability-adminms.php:353
 59 | msgid "The mail will be sent from (set on WPVULNERABILITY_MAIL): "
 60 | msgstr ""
 61 | 
 62 | #: wpvulnerability-admin.php:174 wpvulnerability-adminms.php:360
 63 | msgid "The mail will be sent from: "
 64 | msgstr ""
 65 | 
 66 | #: wpvulnerability-admin.php:178 wpvulnerability-adminms.php:364
 67 | msgid "Send an email with the vulnerabilities (or empty)."
 68 | msgstr ""
 69 | 
 70 | #: wpvulnerability-admin.php:181 wpvulnerability-adminms.php:367
 71 | msgid "Send email"
 72 | msgstr ""
 73 | 
 74 | #: wpvulnerability-admin.php:192 wpvulnerability-adminms.php:377
 75 | msgid "WPVulnerability Statistics"
 76 | msgstr ""
 77 | 
 78 | #: wpvulnerability-admin.php:198 wpvulnerability-admin.php:703
 79 | #: wpvulnerability-adminms.php:383 wpvulnerability-adminms.php:881
 80 | msgid "Plugins"
 81 | msgstr ""
 82 | 
 83 | #. translators: number of vulnerabilities.
 84 | #: wpvulnerability-admin.php:206 wpvulnerability-admin.php:232
 85 | #: wpvulnerability-admin.php:258 wpvulnerability-admin.php:278
 86 | #: wpvulnerability-admin.php:298 wpvulnerability-admin.php:318
 87 | #: wpvulnerability-admin.php:342 wpvulnerability-admin.php:362
 88 | #: wpvulnerability-admin.php:382 wpvulnerability-admin.php:402
 89 | #: wpvulnerability-admin.php:422 wpvulnerability-admin.php:442
 90 | #: wpvulnerability-adminms.php:392 wpvulnerability-adminms.php:418
 91 | #: wpvulnerability-adminms.php:444 wpvulnerability-adminms.php:464
 92 | #: wpvulnerability-adminms.php:484 wpvulnerability-adminms.php:504
 93 | #: wpvulnerability-adminms.php:528 wpvulnerability-adminms.php:548
 94 | #: wpvulnerability-adminms.php:568 wpvulnerability-adminms.php:588
 95 | #: wpvulnerability-adminms.php:608 wpvulnerability-adminms.php:628
 96 | #, php-format
 97 | msgid "%s vulnerability"
 98 | msgid_plural "%s vulnerabilities"
 99 | msgstr[0] ""
100 | msgstr[1] ""
101 | 
102 | #. translators: number of plugins.
103 | #: wpvulnerability-admin.php:212 wpvulnerability-adminms.php:398
104 | #, php-format
105 | msgid " (%s plugin)"
106 | msgid_plural " (%s plugins)"
107 | msgstr[0] ""
108 | msgstr[1] ""
109 | 
110 | #: wpvulnerability-admin.php:220 wpvulnerability-admin.php:246
111 | #: wpvulnerability-admin.php:266 wpvulnerability-admin.php:286
112 | #: wpvulnerability-admin.php:306 wpvulnerability-admin.php:326
113 | #: wpvulnerability-admin.php:350 wpvulnerability-admin.php:370
114 | #: wpvulnerability-admin.php:390 wpvulnerability-admin.php:410
115 | #: wpvulnerability-admin.php:430 wpvulnerability-admin.php:450
116 | #: wpvulnerability-admin.php:497 wpvulnerability-admin.php:513
117 | #: wpvulnerability-adminms.php:406 wpvulnerability-adminms.php:432
118 | #: wpvulnerability-adminms.php:452 wpvulnerability-adminms.php:472
119 | #: wpvulnerability-adminms.php:492 wpvulnerability-adminms.php:512
120 | #: wpvulnerability-adminms.php:536 wpvulnerability-adminms.php:556
121 | #: wpvulnerability-adminms.php:576 wpvulnerability-adminms.php:596
122 | #: wpvulnerability-adminms.php:616 wpvulnerability-adminms.php:636
123 | #: wpvulnerability-adminms.php:682 wpvulnerability-adminms.php:699
124 | msgid "Data not available."
125 | msgstr ""
126 | 
127 | #: wpvulnerability-admin.php:224 wpvulnerability-admin.php:708
128 | #: wpvulnerability-adminms.php:410 wpvulnerability-adminms.php:886
129 | msgid "Themes"
130 | msgstr ""
131 | 
132 | #. translators: number of themes.
133 | #: wpvulnerability-admin.php:238 wpvulnerability-adminms.php:424
134 | #, php-format
135 | msgid " (%s theme)"
136 | msgid_plural " (%s themes)"
137 | msgstr[0] ""
138 | msgstr[1] ""
139 | 
140 | #: wpvulnerability-admin.php:250 wpvulnerability-admin.php:713
141 | #: wpvulnerability-adminms.php:436 wpvulnerability-adminms.php:891
142 | #: wpvulnerability-sitehealth.php:178
143 | msgid "PHP"
144 | msgstr ""
145 | 
146 | #: wpvulnerability-admin.php:270 wpvulnerability-admin.php:718
147 | #: wpvulnerability-adminms.php:456 wpvulnerability-adminms.php:896
148 | #: wpvulnerability-sitehealth.php:179
149 | msgid "Apache HTTPD"
150 | msgstr ""
151 | 
152 | #: wpvulnerability-admin.php:290 wpvulnerability-admin.php:723
153 | #: wpvulnerability-adminms.php:476 wpvulnerability-adminms.php:901
154 | msgid "nginx"
155 | msgstr ""
156 | 
157 | #: wpvulnerability-admin.php:310 wpvulnerability-admin.php:728
158 | #: wpvulnerability-adminms.php:496 wpvulnerability-adminms.php:906
159 | #: wpvulnerability-sitehealth.php:181
160 | msgid "MariaDB"
161 | msgstr ""
162 | 
163 | #: wpvulnerability-admin.php:334 wpvulnerability-admin.php:733
164 | #: wpvulnerability-adminms.php:520 wpvulnerability-adminms.php:911
165 | #: wpvulnerability-sitehealth.php:182
166 | msgid "MySQL"
167 | msgstr ""
168 | 
169 | #: wpvulnerability-admin.php:354 wpvulnerability-admin.php:738
170 | #: wpvulnerability-adminms.php:540 wpvulnerability-adminms.php:916
171 | #: wpvulnerability-sitehealth.php:183
172 | msgid "ImageMagick"
173 | msgstr ""
174 | 
175 | #: wpvulnerability-admin.php:374 wpvulnerability-admin.php:743
176 | #: wpvulnerability-adminms.php:560 wpvulnerability-adminms.php:921
177 | #: wpvulnerability-sitehealth.php:184
178 | msgid "curl"
179 | msgstr ""
180 | 
181 | #: wpvulnerability-admin.php:394 wpvulnerability-admin.php:749
182 | #: wpvulnerability-adminms.php:580 wpvulnerability-adminms.php:926
183 | msgid "memcached"
184 | msgstr ""
185 | 
186 | #: wpvulnerability-admin.php:414 wpvulnerability-admin.php:754
187 | #: wpvulnerability-adminms.php:600 wpvulnerability-adminms.php:931
188 | msgid "Redis"
189 | msgstr ""
190 | 
191 | #: wpvulnerability-admin.php:434 wpvulnerability-admin.php:759
192 | #: wpvulnerability-adminms.php:620 wpvulnerability-adminms.php:936
193 | msgid "SQLite"
194 | msgstr ""
195 | 
196 | #. translators: date of last update.
197 | #: wpvulnerability-admin.php:469 wpvulnerability-adminms.php:655
198 | #, php-format
199 | msgid "Updated: %s"
200 | msgstr ""
201 | 
202 | #: wpvulnerability-admin.php:482 wpvulnerability-adminms.php:668
203 | msgid "Behind the Project"
204 | msgstr ""
205 | 
206 | #: wpvulnerability-admin.php:487 wpvulnerability-adminms.php:672
207 | msgid "Sponsors"
208 | msgstr ""
209 | 
210 | #: wpvulnerability-admin.php:503 wpvulnerability-adminms.php:689
211 | msgid "Contributors"
212 | msgstr ""
213 | 
214 | #. Plugin Name of the plugin/theme
215 | #: wpvulnerability-admin.php:539 wpvulnerability-admin.php:540
216 | #: wpvulnerability-adminms.php:723 wpvulnerability-adminms.php:724
217 | msgid "WPVulnerability"
218 | msgstr ""
219 | 
220 | #: wpvulnerability-admin.php:558 wpvulnerability-adminms.php:741
221 | msgid "Configure and save these settings to receive email notifications."
222 | msgstr ""
223 | 
224 | #: wpvulnerability-admin.php:571 wpvulnerability-adminms.php:783
225 | msgid "Configure and save these settings to hide vulnerabilities."
226 | msgstr ""
227 | 
228 | #: wpvulnerability-admin.php:599 wpvulnerability-adminms.php:768
229 | msgid "Default administrator email"
230 | msgstr ""
231 | 
232 | #: wpvulnerability-admin.php:627 wpvulnerability-adminms.php:807
233 | msgid "Daily"
234 | msgstr ""
235 | 
236 | #: wpvulnerability-admin.php:632 wpvulnerability-adminms.php:812
237 | msgid "Weekly"
238 | msgstr ""
239 | 
240 | #: wpvulnerability-admin.php:698 wpvulnerability-adminms.php:876
241 | msgid "Core"
242 | msgstr ""
243 | 
244 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
245 | #: wpvulnerability-admin.php:870 wpvulnerability-adminms.php:956
246 | #, php-format
247 | msgid "Core: %d vulnerability"
248 | msgid_plural "Core: %d vulnerabilities"
249 | msgstr[0] ""
250 | msgstr[1] ""
251 | 
252 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
253 | #: wpvulnerability-admin.php:878 wpvulnerability-adminms.php:964
254 | #, php-format
255 | msgid "Themes: %d vulnerability"
256 | msgid_plural "Themes: %d vulnerabilities"
257 | msgstr[0] ""
258 | msgstr[1] ""
259 | 
260 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
261 | #: wpvulnerability-admin.php:886 wpvulnerability-adminms.php:972
262 | #, php-format
263 | msgid "Plugins: %d vulnerability"
264 | msgid_plural "Plugins: %d vulnerabilities"
265 | msgstr[0] ""
266 | msgstr[1] ""
267 | 
268 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
269 | #: wpvulnerability-admin.php:895 wpvulnerability-adminms.php:981
270 | #, php-format
271 | msgid "PHP %s: "
272 | msgstr ""
273 | 
274 | #: wpvulnerability-admin.php:895 wpvulnerability-admin.php:911
275 | #: wpvulnerability-admin.php:928 wpvulnerability-admin.php:945
276 | #: wpvulnerability-admin.php:962 wpvulnerability-admin.php:977
277 | #: wpvulnerability-admin.php:992 wpvulnerability-admin.php:1007
278 | #: wpvulnerability-admin.php:1022 wpvulnerability-admin.php:1037
279 | #: wpvulnerability-adminms.php:981 wpvulnerability-adminms.php:997
280 | #: wpvulnerability-adminms.php:1014 wpvulnerability-adminms.php:1031
281 | #: wpvulnerability-adminms.php:1048 wpvulnerability-adminms.php:1063
282 | #: wpvulnerability-adminms.php:1078 wpvulnerability-adminms.php:1093
283 | #: wpvulnerability-adminms.php:1108 wpvulnerability-adminms.php:1123
284 | #, php-format
285 | msgid "%d vulnerability"
286 | msgid_plural "%d vulnerabilities"
287 | msgstr[0] ""
288 | msgstr[1] ""
289 | 
290 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
291 | #: wpvulnerability-admin.php:911 wpvulnerability-adminms.php:997
292 | #, php-format
293 | msgid "Apache %s: "
294 | msgstr ""
295 | 
296 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
297 | #: wpvulnerability-admin.php:928 wpvulnerability-adminms.php:1014
298 | #, php-format
299 | msgid "nginx %s: "
300 | msgstr ""
301 | 
302 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
303 | #: wpvulnerability-admin.php:945 wpvulnerability-adminms.php:1031
304 | #, php-format
305 | msgid "MariaDB %s: "
306 | msgstr ""
307 | 
308 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
309 | #: wpvulnerability-admin.php:962 wpvulnerability-adminms.php:1048
310 | #, php-format
311 | msgid "MySQL %s: "
312 | msgstr ""
313 | 
314 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
315 | #: wpvulnerability-admin.php:977 wpvulnerability-adminms.php:1063
316 | #, php-format
317 | msgid "ImageMagick %s: "
318 | msgstr ""
319 | 
320 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
321 | #: wpvulnerability-admin.php:992 wpvulnerability-adminms.php:1078
322 | #, php-format
323 | msgid "curl %s: "
324 | msgstr ""
325 | 
326 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
327 | #: wpvulnerability-admin.php:1007 wpvulnerability-adminms.php:1093
328 | #, php-format
329 | msgid "memcached %s: "
330 | msgstr ""
331 | 
332 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
333 | #: wpvulnerability-admin.php:1022 wpvulnerability-adminms.php:1108
334 | #, php-format
335 | msgid "Redis %s: "
336 | msgstr ""
337 | 
338 | #. translators: Show the number of vulnerabilities in a WP-Admin dashboard
339 | #: wpvulnerability-admin.php:1037 wpvulnerability-adminms.php:1123
340 | #, php-format
341 | msgid "SQLite %s: "
342 | msgstr ""
343 | 
344 | #: wpvulnerability-admin.php:1041 wpvulnerability-adminms.php:1127
345 | msgid "Vulnerability analysis of your WordPress installation:"
346 | msgstr ""
347 | 
348 | #: wpvulnerability-admin.php:1147 wpvulnerability-adminms.php:1233
349 | msgid "More information? Visit"
350 | msgstr ""
351 | 
352 | #: wpvulnerability-admin.php:1147 wpvulnerability-adminms.php:1233
353 | msgid "Site Health"
354 | msgstr ""
355 | 
356 | #: wpvulnerability-admin.php:1164 wpvulnerability-adminms.php:1251
357 | msgid "WPVulnerability Status"
358 | msgstr ""
359 | 
360 | #: wpvulnerability-admin.php:1193 wpvulnerability-adminms.php:1286
361 | msgid "Receive notifications in your email"
362 | msgstr ""
363 | 
364 | #: wpvulnerability-admin.php:1201 wpvulnerability-adminms.php:1294
365 | msgid "Email addresses to notify (separated by commas)"
366 | msgstr ""
367 | 
368 | #: wpvulnerability-admin.php:1210 wpvulnerability-adminms.php:1303
369 | msgid "How often you want to receive notifications"
370 | msgstr ""
371 | 
372 | #: wpvulnerability-admin.php:1226 wpvulnerability-adminms.php:1318
373 | msgid "Vulnerabilities to hide"
374 | msgstr ""
375 | 
376 | #: wpvulnerability-admin.php:1234 wpvulnerability-adminms.php:1326
377 | msgid "What do you want to hide?"
378 | msgstr ""
379 | 
380 | #: wpvulnerability-adminms.php:124 wpvulnerability-adminms.php:218
381 | msgid "Settings saved."
382 | msgstr ""
383 | 
384 | #: wpvulnerability-adminms.php:307 wpvulnerability-adminms.php:321
385 | msgid "Save Changes"
386 | msgstr ""
387 | 
388 | #. translators: 1: core version
389 | #: wpvulnerability-core.php:31
390 | #, php-format
391 | msgid ""
392 | "WordPress %1$s has a known vulnerability that may be affecting this version."
393 | msgstr ""
394 | 
395 | #: wpvulnerability-core.php:69 wpvulnerability-plugins.php:106
396 | #: wpvulnerability-process.php:65 wpvulnerability-process.php:99
397 | #: wpvulnerability-themes.php:104
398 | msgid "Global score: "
399 | msgstr ""
400 | 
401 | #: wpvulnerability-core.php:72 wpvulnerability-plugins.php:109
402 | #: wpvulnerability-process.php:68 wpvulnerability-process.php:102
403 | #: wpvulnerability-themes.php:107
404 | msgid "Severity: "
405 | msgstr ""
406 | 
407 | #: wpvulnerability-general.php:632
408 | msgid "None"
409 | msgstr ""
410 | 
411 | #: wpvulnerability-general.php:633
412 | msgid "Low"
413 | msgstr ""
414 | 
415 | #: wpvulnerability-general.php:634
416 | msgid "Medium"
417 | msgstr ""
418 | 
419 | #: wpvulnerability-general.php:635
420 | msgid "High"
421 | msgstr ""
422 | 
423 | #: wpvulnerability-general.php:636
424 | msgid "Critical"
425 | msgstr ""
426 | 
427 | #: wpvulnerability-notifications.php:29
428 | msgid "Every week"
429 | msgstr ""
430 | 
431 | #: wpvulnerability-notifications.php:55
432 | msgid "Every day"
433 | msgstr ""
434 | 
435 | #. translators: %1$s the website of Database, %2$s database site name.
436 | #: wpvulnerability-notifications.php:136
437 | #, php-format
438 | msgid ""
439 | "Learn more about the WordPress Vulnerability Database API at <a "
440 | "href=\"%1$s\">%2$s</a>"
441 | msgstr ""
442 | 
443 | #: wpvulnerability-notifications.php:223
444 | msgid "No vulnerabilities found"
445 | msgstr ""
446 | 
447 | #: wpvulnerability-notifications.php:224
448 | msgid "This is likely a test. The site does not have vulnerabilities."
449 | msgstr ""
450 | 
451 | #: wpvulnerability-notifications.php:229
452 | msgid "Core vulnerabilities"
453 | msgstr ""
454 | 
455 | #: wpvulnerability-notifications.php:235
456 | msgid "Plugins vulnerabilities"
457 | msgstr ""
458 | 
459 | #: wpvulnerability-notifications.php:241
460 | msgid "Themes vulnerabilities"
461 | msgstr ""
462 | 
463 | #: wpvulnerability-notifications.php:247
464 | msgid "PHP vulnerabilities"
465 | msgstr ""
466 | 
467 | #: wpvulnerability-notifications.php:253
468 | msgid "Apache HTTPD vulnerabilities"
469 | msgstr ""
470 | 
471 | #: wpvulnerability-notifications.php:259
472 | msgid "Nginx vulnerabilities"
473 | msgstr ""
474 | 
475 | #: wpvulnerability-notifications.php:265
476 | msgid "MariaDB vulnerabilities"
477 | msgstr ""
478 | 
479 | #: wpvulnerability-notifications.php:271
480 | msgid "MySQL vulnerabilities"
481 | msgstr ""
482 | 
483 | #: wpvulnerability-notifications.php:277
484 | msgid "ImageMagick vulnerabilities"
485 | msgstr ""
486 | 
487 | #: wpvulnerability-notifications.php:283
488 | msgid "curl vulnerabilities"
489 | msgstr ""
490 | 
491 | #: wpvulnerability-notifications.php:289
492 | msgid "memcached vulnerabilities"
493 | msgstr ""
494 | 
495 | #: wpvulnerability-notifications.php:295
496 | msgid "Redis vulnerabilities"
497 | msgstr ""
498 | 
499 | #: wpvulnerability-notifications.php:301
500 | msgid "SQLite vulnerabilities"
501 | msgstr ""
502 | 
503 | #. translators: Site name.
504 | #: wpvulnerability-notifications.php:324
505 | #, php-format
506 | msgid "Vulnerability found: %s"
507 | msgstr ""
508 | 
509 | #: wpvulnerability-notifications.php:328
510 | msgid "Vulnerability found"
511 | msgstr ""
512 | 
513 | #. translators: 1: Plugin name
514 | #. translators: 1: theme name
515 | #: wpvulnerability-plugins.php:47 wpvulnerability-themes.php:41
516 | #, php-format
517 | msgid "%1$s has a known vulnerability that may be affecting this version."
518 | msgstr ""
519 | 
520 | #: wpvulnerability-plugins.php:89 wpvulnerability-process.php:50
521 | msgid "This plugin is closed. Please replace it with another."
522 | msgstr ""
523 | 
524 | #: wpvulnerability-plugins.php:92 wpvulnerability-process.php:53
525 | msgid ""
526 | "This vulnerability appears to be unpatched. Stay tuned for upcoming plugin "
527 | "updates."
528 | msgstr ""
529 | 
530 | #: wpvulnerability-plugins.php:439
531 | msgid "It hasn't been updated in over a year."
532 | msgstr ""
533 | 
534 | #: wpvulnerability-plugins.php:445
535 | msgid "It may no longer be available (closed?)."
536 | msgstr ""
537 | 
538 | #: wpvulnerability-plugins.php:483 wpvulnerability-plugins.php:490
539 | msgid "Last updated on"
540 | msgstr ""
541 | 
542 | #. translators: the number of vulnerabilities.
543 | #: wpvulnerability-plugins.php:623 wpvulnerability-themes.php:368
544 | #, php-format
545 | msgid "Vulnerabilities (%d)"
546 | msgstr ""
547 | 
548 | #. translators: the type of vulnerability.
549 | #: wpvulnerability-process.php:171
550 | #, php-format
551 | msgid "%s running"
552 | msgstr ""
553 | 
554 | #: wpvulnerability-process.php:198
555 | msgid "Plugin"
556 | msgstr ""
557 | 
558 | #: wpvulnerability-process.php:259
559 | msgid "Theme"
560 | msgstr ""
561 | 
562 | #: wpvulnerability-run.php:30
563 | msgid "Network Settings"
564 | msgstr ""
565 | 
566 | #: wpvulnerability-run.php:33
567 | msgid "Settings"
568 | msgstr ""
569 | 
570 | #: wpvulnerability-run.php:533 wpvulnerability-run.php:582
571 | #: wpvulnerability-run.php:592 wpvulnerability-run.php:636
572 | msgid "Vulnerabilities"
573 | msgstr ""
574 | 
575 | #: wpvulnerability-sitehealth.php:22
576 | msgid "There aren't plugins vulnerabilities"
577 | msgstr ""
578 | 
579 | #: wpvulnerability-sitehealth.php:25 wpvulnerability-sitehealth.php:77
580 | #: wpvulnerability-sitehealth.php:129 wpvulnerability-sitehealth.php:210
581 | msgid "Security"
582 | msgstr ""
583 | 
584 | #: wpvulnerability-sitehealth.php:30
585 | msgid "Shows possible vulnerabilities that exist in installed plugins."
586 | msgstr ""
587 | 
588 | #. translators: Number of plugins vulnerabilities.
589 | #: wpvulnerability-sitehealth.php:43
590 | #, php-format
591 | msgid "There is %d plugin with vulnerabilities"
592 | msgid_plural "There are %d plugins with vulnerabilities"
593 | msgstr[0] ""
594 | msgstr[1] ""
595 | 
596 | #: wpvulnerability-sitehealth.php:49
597 | msgid ""
598 | "We've detected potential vulnerabilities in installed plugins. Please check "
599 | "them and keep them updated."
600 | msgstr ""
601 | 
602 | #: wpvulnerability-sitehealth.php:57
603 | msgid "Update plugins"
604 | msgstr ""
605 | 
606 | #: wpvulnerability-sitehealth.php:74
607 | msgid "There aren't themes vulnerabilities"
608 | msgstr ""
609 | 
610 | #: wpvulnerability-sitehealth.php:82
611 | msgid "Shows possible vulnerabilities that exist in installed themes."
612 | msgstr ""
613 | 
614 | #. translators: Number of themes vulnerabilities.
615 | #: wpvulnerability-sitehealth.php:95
616 | #, php-format
617 | msgid "There is %d theme with vulnerabilities"
618 | msgid_plural "There are %d themes with vulnerabilities"
619 | msgstr[0] ""
620 | msgstr[1] ""
621 | 
622 | #: wpvulnerability-sitehealth.php:101
623 | msgid ""
624 | "We've detected potential vulnerabilities in installed themes. Please check "
625 | "them and keep them updated."
626 | msgstr ""
627 | 
628 | #: wpvulnerability-sitehealth.php:109
629 | msgid "Update themes"
630 | msgstr ""
631 | 
632 | #: wpvulnerability-sitehealth.php:126
633 | msgid "There aren't WordPress vulnerabilities"
634 | msgstr ""
635 | 
636 | #: wpvulnerability-sitehealth.php:134
637 | msgid "Shows possible vulnerabilities existing in the WordPress core."
638 | msgstr ""
639 | 
640 | #. translators: Number of core vulnerabilities.
641 | #: wpvulnerability-sitehealth.php:147
642 | #, php-format
643 | msgid "There is %d core vulnerability"
644 | msgid_plural "There are %d core vulnerabilities"
645 | msgstr[0] ""
646 | msgstr[1] ""
647 | 
648 | #: wpvulnerability-sitehealth.php:153
649 | msgid ""
650 | "We've detected potential vulnerabilities in this WordPress installation. "
651 | "Please check them and keep your installation updated."
652 | msgstr ""
653 | 
654 | #: wpvulnerability-sitehealth.php:161
655 | msgid "Update WordPress"
656 | msgstr ""
657 | 
658 | #: wpvulnerability-sitehealth.php:180
659 | msgid "Nginx"
660 | msgstr ""
661 | 
662 | #: wpvulnerability-sitehealth.php:189
663 | msgid "Invalid software type"
664 | msgstr ""
665 | 
666 | #: wpvulnerability-sitehealth.php:192
667 | msgid "Error"
668 | msgstr ""
669 | 
670 | #: wpvulnerability-sitehealth.php:197
671 | msgid "The specified software type is not valid."
672 | msgstr ""
673 | 
674 | #. translators: name of the software.
675 | #: wpvulnerability-sitehealth.php:207
676 | #, php-format
677 | msgid "There aren't %s vulnerabilities"
678 | msgstr ""
679 | 
680 | #. translators: software with vulnerabilities.
681 | #: wpvulnerability-sitehealth.php:216
682 | #, php-format
683 | msgid "Shows possible vulnerabilities existing in %s."
684 | msgstr ""
685 | 
686 | #. translators: Software and number of vulnerabilities.
687 | #: wpvulnerability-sitehealth.php:229
688 | #, php-format
689 | msgid "There is %1$d %2$s vulnerability"
690 | msgid_plural "There are %1$d %2$s vulnerabilities"
691 | msgstr[0] ""
692 | msgstr[1] ""
693 | 
694 | #. translators: software with vulnerabilities.
695 | #: wpvulnerability-sitehealth.php:237
696 | #, php-format
697 | msgid ""
698 | "We've detected potential vulnerabilities in %s. Please check them and keep "
699 | "your installation updated."
700 | msgstr ""
701 | 
702 | #: wpvulnerability-sitehealth.php:246
703 | msgid "How to update PHP"
704 | msgstr ""
705 | 
706 | #: wpvulnerability-sitehealth.php:361
707 | msgid "WPVulnerability Core"
708 | msgstr ""
709 | 
710 | #: wpvulnerability-sitehealth.php:369
711 | msgid "WPVulnerability Themes"
712 | msgstr ""
713 | 
714 | #: wpvulnerability-sitehealth.php:377
715 | msgid "WPVulnerability Plugins"
716 | msgstr ""
717 | 
718 | #: wpvulnerability-sitehealth.php:385
719 | msgid "WPVulnerability PHP"
720 | msgstr ""
721 | 
722 | #: wpvulnerability-sitehealth.php:393
723 | msgid "WPVulnerability Apache HTTPD"
724 | msgstr ""
725 | 
726 | #: wpvulnerability-sitehealth.php:401
727 | msgid "WPVulnerability Nginx"
728 | msgstr ""
729 | 
730 | #: wpvulnerability-sitehealth.php:409
731 | msgid "WPVulnerability MariaDB"
732 | msgstr ""
733 | 
734 | #: wpvulnerability-sitehealth.php:417
735 | msgid "WPVulnerability MySQL"
736 | msgstr ""
737 | 
738 | #: wpvulnerability-sitehealth.php:425
739 | msgid "WPVulnerability ImageMagick"
740 | msgstr ""
741 | 
742 | #: wpvulnerability-sitehealth.php:433
743 | msgid "WPVulnerability curl"
744 | msgstr ""
745 | 
746 | #: wpvulnerability-sitehealth.php:441
747 | msgid "WPVulnerability memcached"
748 | msgstr ""
749 | 
750 | #: wpvulnerability-sitehealth.php:449
751 | msgid "WPVulnerability redis"
752 | msgstr ""
753 | 
754 | #: wpvulnerability-sitehealth.php:457
755 | msgid "WPVulnerability sqlite"
756 | msgstr ""
757 | 
758 | #: wpvulnerability-themes.php:87
759 | msgid "This theme is closed. Please replace it with another."
760 | msgstr ""
761 | 
762 | #: wpvulnerability-themes.php:90
763 | msgid ""
764 | "This vulnerability appears to be unpatched. Stay tuned for upcoming theme "
765 | "updates."
766 | msgstr ""
767 | 
768 | #. Plugin URI of the plugin/theme
769 | msgid "https://www.wpvulnerability.com/"
770 | msgstr ""
771 | 
772 | #. Description of the plugin/theme
773 | msgid ""
774 | "Receive information about possible vulnerabilities in your WordPress from "
775 | "WordPress Vulnerability Database API."
776 | msgstr ""
777 | 
778 | #. Author of the plugin/theme
779 | msgid "Javier Casares"
780 | msgstr ""
781 | 
782 | #. Author URI of the plugin/theme
783 | msgid "https://www.javiercasares.com/"
784 | msgstr ""
785 | 


--------------------------------------------------------------------------------
/readme.txt:
--------------------------------------------------------------------------------
  1 | === WPVulnerability ===
  2 | Contributors: javiercasares, davidperez, lbonomo, alexclassroom
  3 | Tags: security, vulnerability, site-health
  4 | Requires at least: 4.1
  5 | Tested up to: 6.8
  6 | Stable tag: 4.0.4
  7 | Requires PHP: 5.6
  8 | Version: 4.0.4
  9 | License: GPL-2.0-or-later
 10 | License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
 11 | 
 12 | Get WordPress vulnerability alerts from the [WPVulnerability Database API](https://www.wpvulnerability.com/).
 13 | 
 14 | == Description ==
 15 | 
 16 | This plugin integrates with the WPVulnerability API to provide real-time vulnerability assessments for your WordPress core, plugins, themes, PHP version, Apache HTTPD, nginx, MariaDB, MySQL, ImageMagick, curl, memcached, Redis, and SQLite.
 17 | 
 18 | It delivers detailed reports directly within your WordPress dashboard, helping you stay aware of potential security risks. Configure the plugin to send periodic notifications about your site's security status, ensuring you remain informed without being overwhelmed. Designed for ease of use, it supports proactive security measures without storing or retrieving any personal data from your site.
 19 | 
 20 | = Data reliability =
 21 | 
 22 | The information provided by the information database comes from different sources that have been reviewed by third parties. There is no liability of any kind for the information. Act at your own risk.
 23 | 
 24 | == Using the plugin ==
 25 | 
 26 | = WP-CLI =
 27 | 
 28 | You can use the following WP-CLI commands to manage and check vulnerabilities:
 29 | 
 30 | * Core: `wp wpvulnerability core`
 31 | * Plugins: `wp wpvulnerability plugins`
 32 | * Themes: `wp wpvulnerability themes`
 33 | * PHP: `wp wpvulnerability php`
 34 | * Apache HTTPD: `wp wpvulnerability apache`
 35 | * nginx: `wp wpvulnerability nginx`
 36 | * MariaDB: `wp wpvulnerability mariadb`
 37 | * MySQL: `wp wpvulnerability mysql`
 38 | * ImageMagick: `wp wpvulnerability imagemagick`
 39 | * curl: `wp wpvulnerability curl`
 40 | * memcached: `wp wpvulnerability memcached`
 41 | * Redis: `wp wpvulnerability redis`
 42 | * SQLite: `wp wpvulnerability sqlite`
 43 | 
 44 | All commands support the `--format` option to specify the output format:
 45 | 
 46 | * `--format=table`: Displays the results in a table format (default).
 47 | * `--format=json`: Displays the results in JSON format.
 48 | 
 49 | Need help?
 50 | 
 51 | * `wp wpvulnerability --help`: Displays help information for WPVulnerability commands.
 52 | * `wp wpvulnerability [command] --help`: Displays help information for a WPVulnerability command.
 53 | 
 54 | = REST API =
 55 | 
 56 | The WPVulnerability plugin provides several **REST API endpoints** to fetch vulnerability information for different components of your WordPress site.
 57 | 
 58 | * Core: `/wpvulnerability/v1/core`
 59 | * Plugins: `/wpvulnerability/v1/plugins`
 60 | * Themes: `/wpvulnerability/v1/themes`
 61 | * PHP: `/wpvulnerability/v1/php`
 62 | * Apache HTTPD: `/wpvulnerability/v1/apache`
 63 | * nginx: `/wpvulnerability/v1/nginx`
 64 | * MariaDB: `/wpvulnerability/v1/mariadb`
 65 | * MySQL: `/wpvulnerability/v1/mysql`
 66 | * ImageMagick: `/wpvulnerability/v1/imagemagick`
 67 | * curl: `/wpvulnerability/v1/curl`
 68 | * memcached: `/wpvulnerability/v1/memcached`
 69 | * Redis: `/wpvulnerability/v1/redis`
 70 | * SQLite: `/wpvulnerability/v1/sqlite`
 71 | 
 72 | The WPVulnerability REST API uses **Application Passwords** for authentication. You need to include a valid Application Password in the Authorization header of your requests.
 73 | 
 74 | Example Request with Authentication
 75 | 
 76 | `curl -X GET https://example.com/wp-json/wpvulnerability/v1/plugins -u username:application_password`
 77 | 
 78 | Replace username with your WordPress `username` and `application_password` with your [Application Password](https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/).
 79 | 
 80 | == Extra Configurations ==
 81 | 
 82 | = "From:" mail (since: 3.2.2) =
 83 | 
 84 | If, for some reason, you need the emails sent by the plugin to have a From different from the site administrator, you can change it from the `wp-config.php` by adding a constant:
 85 | 
 86 | `define( 'WPVULNERABILITY_MAIL', 'sender@example.com' );`
 87 | 
 88 | If the constant is active, it will be visible in the configuration screen.
 89 | 
 90 | == Installation ==
 91 | 
 92 | = Automatic download =
 93 | 
 94 | Visit the plugin section in your WordPress, search for [wpvulnerability]; download and install the plugin.
 95 | 
 96 | = Manual download =
 97 | 
 98 | Extract the contents of the ZIP and upload the contents to the `/wp-content/plugins/wpvulnerability/` directory. Once uploaded, it will appear in your plugin list.
 99 | 
100 | == Frequently Asked Questions ==
101 | 
102 | = Where does the vulnerability information come from? =
103 | 
104 | The origin is in the WPVulnerability.com API. The vulnerabilities that appear in this API come from different sources, such as CVEs.
105 | 
106 | = Is data from my site sent anywhere? =
107 | 
108 | No. Never. Your privacy is very important to us. We do not commercialize with your data.
109 | 
110 | = What vulnerabilities will I find? =
111 | 
112 | Vulnerabilities in WordPress Core, Plugins, Themes, PHP, Apache HTTPD, nginx, MariaDB, MySQL, ImageMagick, curl, memcached, Redis, and SQLite are documented.
113 | 
114 | = What do I do if my site has a vulnerability? =
115 | 
116 | First of all, peace of mind. Investigate what the vulnerability is and, above all, check that you have the latest version of the compromised element. We actively recommend that you keep all your WordPress and its plugins up to date. Contact your hosting provider to patch non-WordPress vulnerabilities (like web server, databases, and other software).
117 | 
118 | == Screenshots ==
119 | 
120 | 1. WP-Admin Dashboard widget.
121 | 2. Vulnerability list at Plugins list.
122 | 3. Vulnerability list at Site Health.
123 | 
124 | == Compatibility ==
125 | 
126 | * WordPress: 4.1 - 6.8
127 | * PHP: 5.6 - 8.4
128 | * WP-CLI: 2.3.0 - 2.11.0
129 | 
130 | == Changelog ==
131 | 
132 | = [4.0.4] - 2025-04-07 =
133 | 
134 | **Added**
135 | 
136 | * Extra sanitizations.
137 | 
138 | **Changed**
139 | 
140 | * Translation improvements.
141 | 
142 | **Fixed**
143 | 
144 | * Plugin and translation load.
145 | 
146 | **Compatibility**
147 | 
148 | * WordPress: 4.1 - 6.8
149 | * PHP: 5.6 - 8.4
150 | * WP-CLI: 2.3.0 - 2.11.0
151 | 
152 | **Tests**
153 | 
154 | * PHP Coding Standards: 3.12.1
155 | * WordPress Coding Standards: 3.1.0
156 | * Plugin Check (PCP): 1.4.0
157 | * SonarCloud Code Review
158 | 
159 | = [4.0.3] - 2024-10-28 =
160 | 
161 | * Recreation of the 4.0.2 version. Something did not created the 4.0.2 version.
162 | 
163 | = [4.0.2] - 2024-10-25 =
164 | 
165 | **Fixed**
166 | 
167 | * ImageMagick: it crashes in some cases where the hosting does not have ImageMagick.
168 | 
169 | **Compatibility**
170 | 
171 | * WordPress: 4.1 - 6.7
172 | * PHP: 5.6 - 8.4
173 | * WP-CLI: 2.3.0 - 2.11.0
174 | 
175 | **Tests**
176 | 
177 | * PHP Coding Standards: 3.10.3
178 | * WordPress Coding Standards: 3.1.0
179 | * Plugin Check (PCP): 1.1.0
180 | * SonarCloud Code Review
181 | 
182 | = [4.0.1] - 2024-10-04 =
183 | 
184 | **Fixed**
185 | 
186 | * API endpoints: some API endpoints were failing.
187 | * CLI endpoints: some CLI endpoints were failing.
188 | 
189 | **Compatibility**
190 | 
191 | * WordPress: 4.1 - 6.7
192 | * PHP: 5.6 - 8.4
193 | * WP-CLI: 2.3.0 - 2.11.0
194 | 
195 | **Tests**
196 | 
197 | * PHP Coding Standards: 3.10.3
198 | * WordPress Coding Standards: 3.1.0
199 | * Plugin Check (PCP): 1.1.0
200 | * SonarCloud Code Review
201 | 
202 | = [4.0.0] - 2024-10-01 =
203 | 
204 | **Added**
205 | 
206 | * ImageMagic vulnerabilities (Site Health + WP-CLI + API + mail).
207 | * curl vulnerabilities (Site Health + WP-CLI + API + mail).
208 | * memcached vulnerabilities (Site Health + WP-CLI + API + mail).
209 | * Redis vulnerabilities (Site Health + WP-CLI + API + mail).
210 | * SQLite vulnerabilities (Site Health + WP-CLI + API + mail).
211 | 
212 | **Fixed**
213 | 
214 | * Test email without email.
215 | * Improved MariaDB 11.x detection.
216 | * Improved versions detection (major-minor.patch-build).
217 | * WordPress < 5.3: use of wp_date().
218 | * WordPress < 5.0: locale detection.
219 | * Dashboard widget only for users with capabilities.
220 | * WordPress < 5.2: link to Site Health
221 | 
222 | **Changed**
223 | 
224 | * Big refactory.
225 | * Less files, less size, improved code quality.
226 | 
227 | **Compatibility**
228 | 
229 | * WordPress: 4.1 - 6.7
230 | * PHP: 5.6 - 8.4
231 | * WP-CLI: 2.3.0 - 2.11.0
232 | 
233 | **Tests**
234 | 
235 | * Manual Testing:
236 |   * WordPress 6.7 / PHP 8.4
237 |   * WordPress 6.6 / PHP 8.3
238 |   * WordPress 6.4 / PHP 8.2
239 |   * WordPress 6.1 / PHP 8.1
240 |   * WordPress 5.8 / PHP 8.0
241 |   * WordPress 5.5 / PHP 7.4
242 |   * WordPress 5.3 / PHP 7.3
243 |   * WordPress 4.9 / PHP 7.2
244 |   * WordPress 4.8 / PHP 7.1
245 |   * WordPress 4.6 / PHP 7.0
246 |   * WordPress 4.1 / PHP 5.6
247 | * PHP Coding Standards: 3.10.3
248 | * WordPress Coding Standards: 3.1.0
249 | * Plugin Check (PCP): 1.1.0
250 | * SonarCloud Code Review
251 | 
252 | = Previous versions =
253 | 
254 | If you want to see the full changelog, visit the [changelog.txt](https://plugins.trac.wordpress.org/browser/wpvulnerability/trunk/changelog.txt) file.
255 | 
256 | == Security ==
257 | 
258 | This plugin adheres to the following security measures and review protocols for each version:
259 | 
260 | * [WordPress Plugin Handbook](https://developer.wordpress.org/plugins/)
261 | * [WordPress Plugin Security](https://developer.wordpress.org/plugins/wordpress-org/plugin-security/)
262 | * [WordPress APIs Security](https://developer.wordpress.org/apis/security/)
263 | * [WordPress Coding Standards](https://github.com/WordPress/WordPress-Coding-Standards)
264 | * [Plugin Check (PCP)](https://wordpress.org/plugins/plugin-check/)
265 | * [SonarCloud Code Review](https://www.sonarsource.com/products/sonarcloud/)
266 | 
267 | == Privacy ==
268 | 
269 | * This plugin or the WordPress Vulnerability Database API does not collect any information about your site, your identity, the plugins, themes or content the site has.
270 | 
271 | == Vulnerabilities ==
272 | 
273 | * No vulnerabilities have been published up to version 4.0.4.
274 | 
275 | Found a security vulnerability? Please report it to us privately at the [WPVulnerability GitHub repository](https://github.com/javiercasares/wpvulnerability/security/advisories/new).
276 | 
277 | == Contributors ==
278 | 
279 | You can contribute to this plugin at the [WPVulnerability GitHub repository](https://github.com/javiercasares/wpvulnerability).
280 | 


--------------------------------------------------------------------------------
/wpvulnerability-api.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * WPVulnerability REST API Endpoints
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @since 3.3.0
  8 |  */
  9 | 
 10 | /**
 11 |  * Handle the core vulnerabilities REST API request.
 12 |  *
 13 |  * This function handles the request for retrieving core vulnerabilities.
 14 |  * It includes the necessary files and fetches the vulnerabilities data.
 15 |  *
 16 |  * @since 3.3.0
 17 |  *
 18 |  * @return WP_REST_Response Core vulnerabilities data or a message if none found.
 19 |  */
 20 | function wpvulnerability_rest_core_vulnerabilities() {
 21 | 	// Include the files containing the functions to get core vulnerabilities.
 22 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-general.php';
 23 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-core.php';
 24 | 
 25 | 	// Get the core vulnerabilities.
 26 | 	$core_vulnerabilities = wpvulnerability_core_get_vulnerabilities();
 27 | 
 28 | 	$core_complete   = array();
 29 | 	$vulnerabilities = array();
 30 | 
 31 | 	// Check if vulnerabilities are found and is an array.
 32 | 	if ( $core_vulnerabilities && is_array( $core_vulnerabilities ) ) {
 33 | 		// Loop through each core vulnerability.
 34 | 		foreach ( $core_vulnerabilities as $vulnerability ) {
 35 | 			$core_complete_temp = array();
 36 | 
 37 | 			// Process vulnerability version.
 38 | 			$core_complete_temp['version'] = trim( html_entity_decode( wp_kses( (string) $vulnerability['name'], 'strip' ) ) );
 39 | 
 40 | 			// Process vulnerability severity.
 41 | 			$core_complete_temp['severity'] = null;
 42 | 			if ( isset( $vulnerability['impact']['cvss']['severity'] ) ) {
 43 | 				$core_complete_temp['severity'] = wpvulnerability_severity( $vulnerability['impact']['cvss']['severity'] );
 44 | 			}
 45 | 
 46 | 			// Process CWE details.
 47 | 			$core_complete_temp['cwe'] = array();
 48 | 			if ( isset( $vulnerability['impact']['cwe'] ) && count( $vulnerability['impact']['cwe'] ) ) {
 49 | 				foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) {
 50 | 					$core_complete_temp['cwe'][] = array(
 51 | 						'name'        => trim( html_entity_decode( wp_kses( (string) $vulnerability_cwe['name'], 'strip' ) ) ),
 52 | 						'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_cwe['description'], 'strip' ) ) ),
 53 | 					);
 54 | 				}
 55 | 			}
 56 | 
 57 | 			// Process CVSS score.
 58 | 			$core_complete_temp['score'] = null;
 59 | 			if ( isset( $vulnerability['impact']['cvss']['score'] ) ) {
 60 | 				$core_complete_temp['score'] = number_format( (float) $vulnerability['impact']['cvss']['score'], 1, '.', '' );
 61 | 			}
 62 | 
 63 | 			// Process vulnerability sources.
 64 | 			$core_complete_temp['source'] = array();
 65 | 			if ( isset( $vulnerability['source'] ) && count( $vulnerability['source'] ) ) {
 66 | 				foreach ( $vulnerability['source'] as $vulnerability_source ) {
 67 | 					$core_complete_temp['source'][] = array(
 68 | 						'name'        => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['name'], 'strip' ) ) ),
 69 | 						'link'        => esc_url_raw( (string) $vulnerability_source['link'], 'strip' ),
 70 | 						'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['description'], 'strip' ) ) ),
 71 | 					);
 72 | 				}
 73 | 			}
 74 | 
 75 | 			$core_complete[] = $core_complete_temp;
 76 | 			unset( $core_complete_temp );
 77 | 		}
 78 | 	}
 79 | 
 80 | 	// Return the vulnerabilities in the response.
 81 | 	return new WP_REST_Response( $core_complete, 200 );
 82 | }
 83 | 
 84 | /**
 85 |  * Handle the plugins vulnerabilities REST API request.
 86 |  *
 87 |  * This function handles the request for retrieving plugins vulnerabilities.
 88 |  * It includes the necessary files and fetches the vulnerabilities data.
 89 |  *
 90 |  * @since 3.3.0
 91 |  *
 92 |  * @return WP_REST_Response Plugins vulnerabilities data or a message if none found.
 93 |  */
 94 | function wpvulnerability_rest_plugins_vulnerabilities() {
 95 | 	// Include the files containing the functions to get plugins vulnerabilities.
 96 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-general.php';
 97 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-plugins.php';
 98 | 
 99 | 	// Get the plugins vulnerabilities.
100 | 	$plugins_vulnerabilities = wpvulnerability_plugin_get_vulnerabilities();
101 | 
102 | 	$plugins_complete = array();
103 | 
104 | 	// Loop through each plugin vulnerability.
105 | 	foreach ( $plugins_vulnerabilities as $plugin ) {
106 | 		// Check if the plugin is vulnerable.
107 | 		if ( 1 === $plugin['vulnerable'] ) {
108 | 			$plugins_complete_temp = array();
109 | 
110 | 			// Process plugin name and slug.
111 | 			$plugins_complete_temp['name'] = trim( html_entity_decode( wp_kses( (string) $plugin['Name'], 'strip' ) ) );
112 | 			$plugins_complete_temp['slug'] = trim( html_entity_decode( wp_kses( (string) $plugin['slug'], 'strip' ) ) );
113 | 
114 | 			// Prepare the vulnerabilities array for output.
115 | 			foreach ( $plugin['vulnerabilities'] as $vulnerability ) {
116 | 				$plugins_complete_temp_vulnerabilities = array();
117 | 
118 | 				// Process vulnerability severity.
119 | 				$plugins_complete_temp_vulnerabilities['severity'] = null;
120 | 				if ( isset( $vulnerability['impact']['cvss']['severity'] ) ) {
121 | 					$plugins_complete_temp_vulnerabilities['severity'] = wpvulnerability_severity( $vulnerability['impact']['cvss']['severity'] );
122 | 				}
123 | 
124 | 				// Process vulnerability details.
125 | 				$plugins_complete_temp_vulnerabilities['version']  = trim( html_entity_decode( wp_kses( (string) $vulnerability['version'], 'strip' ) ) );
126 | 				$plugins_complete_temp_vulnerabilities['affected'] = trim( html_entity_decode( wp_kses( (string) $vulnerability['versions'], 'strip' ) ) );
127 | 				$plugins_complete_temp_vulnerabilities['name']     = trim( html_entity_decode( wp_kses( (string) $vulnerability['name'], 'strip' ) ) );
128 | 				$plugins_complete_temp_vulnerabilities['closed']   = (int) $vulnerability['closed'];
129 | 				$plugins_complete_temp_vulnerabilities['unfixed']  = (int) $vulnerability['unfixed'];
130 | 
131 | 				// Process CWE details.
132 | 				$plugins_complete_temp_vulnerabilities['cwe'] = array();
133 | 				if ( isset( $vulnerability['impact']['cwe'] ) && count( $vulnerability['impact']['cwe'] ) ) {
134 | 					foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) {
135 | 						$plugins_complete_temp_vulnerabilities['cwe'][] = array(
136 | 							'name'        => trim( html_entity_decode( wp_kses( (string) $vulnerability_cwe['name'], 'strip' ) ) ),
137 | 							'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_cwe['description'], 'strip' ) ) ),
138 | 						);
139 | 					}
140 | 				}
141 | 
142 | 				// Process CVSS score.
143 | 				$plugins_complete_temp_vulnerabilities['score'] = null;
144 | 				if ( isset( $vulnerability['impact']['cvss']['score'] ) ) {
145 | 					$plugins_complete_temp_vulnerabilities['score'] = number_format( (float) $vulnerability['impact']['cvss']['score'], 1, '.', '' );
146 | 				}
147 | 
148 | 				// Process vulnerability sources.
149 | 				$plugins_complete_temp_vulnerabilities['source'] = array();
150 | 				if ( isset( $vulnerability['source'] ) && count( $vulnerability['source'] ) ) {
151 | 					foreach ( $vulnerability['source'] as $vulnerability_source ) {
152 | 						$plugins_complete_temp_vulnerabilities['source'][] = array(
153 | 							'name' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['name'], 'strip' ) ) ),
154 | 							'link' => esc_url_raw( (string) $vulnerability_source['link'], 'strip' ),
155 | 						);
156 | 					}
157 | 				}
158 | 
159 | 				// Add processed vulnerability to the temporary array.
160 | 				$plugins_complete_temp['vulnerabilities'][] = $plugins_complete_temp_vulnerabilities;
161 | 			}
162 | 
163 | 			// Add processed plugin data to the complete array.
164 | 			$plugins_complete[] = $plugins_complete_temp;
165 | 		}
166 | 	}
167 | 
168 | 	// Return the vulnerabilities in the response.
169 | 	return new WP_REST_Response( $plugins_complete, 200 );
170 | }
171 | 
172 | /**
173 |  * Handle the themes vulnerabilities REST API request.
174 |  *
175 |  * This function handles the request for retrieving themes vulnerabilities.
176 |  * It includes the necessary files and fetches the vulnerabilities data.
177 |  *
178 |  * @since 3.3.0
179 |  *
180 |  * @return WP_REST_Response Themes vulnerabilities data or a message if none found.
181 |  */
182 | function wpvulnerability_rest_themes_vulnerabilities() {
183 | 	// Include the file containing the function to get themes vulnerabilities.
184 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-general.php';
185 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-themes.php';
186 | 
187 | 	// Get the themes vulnerabilities.
188 | 	$themes_vulnerabilities = wpvulnerability_theme_get_vulnerabilities();
189 | 
190 | 	$themes_complete = array();
191 | 
192 | 	// Loop through each theme vulnerability.
193 | 	foreach ( $themes_vulnerabilities as $theme ) {
194 | 		// Check if the theme is vulnerable.
195 | 		if ( 1 === $theme['wpvulnerability']['vulnerable'] ) {
196 | 			$themes_complete_temp = array();
197 | 
198 | 			// Process theme name and slug.
199 | 			$themes_complete_temp['name'] = trim( html_entity_decode( wp_kses( (string) $theme['wpvulnerability']['name'], 'strip' ) ) );
200 | 			$themes_complete_temp['slug'] = trim( html_entity_decode( wp_kses( (string) $theme['wpvulnerability']['slug'], 'strip' ) ) );
201 | 
202 | 			// Prepare the vulnerabilities array for output.
203 | 			foreach ( $theme['wpvulnerability']['vulnerabilities'] as $vulnerability ) {
204 | 				$themes_complete_temp_vulnerabilities = array();
205 | 
206 | 				// Process vulnerability severity.
207 | 				$themes_complete_temp_vulnerabilities['severity'] = null;
208 | 				if ( isset( $vulnerability['impact']['cvss']['severity'] ) ) {
209 | 					$themes_complete_temp_vulnerabilities['severity'] = wpvulnerability_severity( $vulnerability['impact']['cvss']['severity'] );
210 | 				}
211 | 
212 | 				// Process vulnerability details.
213 | 				$themes_complete_temp_vulnerabilities['version']  = trim( html_entity_decode( wp_kses( (string) $vulnerability['version'], 'strip' ) ) );
214 | 				$themes_complete_temp_vulnerabilities['affected'] = trim( html_entity_decode( wp_kses( (string) $vulnerability['versions'], 'strip' ) ) );
215 | 				$themes_complete_temp_vulnerabilities['name']     = trim( html_entity_decode( wp_kses( (string) $vulnerability['name'], 'strip' ) ) );
216 | 				$themes_complete_temp_vulnerabilities['closed']   = (int) $vulnerability['closed'];
217 | 				$themes_complete_temp_vulnerabilities['unfixed']  = (int) $vulnerability['unfixed'];
218 | 
219 | 				// Process CWE details.
220 | 				$themes_complete_temp_vulnerabilities['cwe'] = array();
221 | 				if ( isset( $vulnerability['impact']['cwe'] ) && count( $vulnerability['impact']['cwe'] ) ) {
222 | 					foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) {
223 | 						$themes_complete_temp_vulnerabilities['cwe'][] = array(
224 | 							'name'        => trim( html_entity_decode( wp_kses( (string) $vulnerability_cwe['name'], 'strip' ) ) ),
225 | 							'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_cwe['description'], 'strip' ) ) ),
226 | 						);
227 | 					}
228 | 				}
229 | 
230 | 				// Process CVSS score.
231 | 				$themes_complete_temp_vulnerabilities['score'] = null;
232 | 				if ( isset( $vulnerability['impact']['cvss']['score'] ) ) {
233 | 					$themes_complete_temp_vulnerabilities['score'] = number_format( (float) $vulnerability['impact']['cvss']['score'], 1, '.', '' );
234 | 				}
235 | 
236 | 				// Process vulnerability sources.
237 | 				$themes_complete_temp_vulnerabilities['source'] = array();
238 | 				if ( isset( $vulnerability['source'] ) && count( $vulnerability['source'] ) ) {
239 | 					foreach ( $vulnerability['source'] as $vulnerability_source ) {
240 | 						$themes_complete_temp_vulnerabilities['source'][] = array(
241 | 							'name' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['name'], 'strip' ) ) ),
242 | 							'link' => esc_url_raw( (string) $vulnerability_source['link'], 'strip' ),
243 | 						);
244 | 					}
245 | 				}
246 | 
247 | 				// Add processed vulnerability to the temporary array.
248 | 				$themes_complete_temp['vulnerabilities'][] = $themes_complete_temp_vulnerabilities;
249 | 			}
250 | 
251 | 			// Add processed theme data to the complete array.
252 | 			$themes_complete[] = $themes_complete_temp;
253 | 		}
254 | 	}
255 | 
256 | 	// Return the vulnerabilities in the response.
257 | 	return new WP_REST_Response( $themes_complete, 200 );
258 | }
259 | 
260 | /**
261 |  * Handle vulnerabilities REST API request for different software types.
262 |  *
263 |  * This function processes the request to retrieve vulnerabilities for the specified software type.
264 |  * It loads the necessary files and fetches the vulnerability data, then returns the data in a structured format.
265 |  *
266 |  * @since 3.5.0
267 |  *
268 |  * @param string $software_type The type of software to retrieve vulnerabilities for.
269 |  * @return WP_REST_Response The vulnerabilities data or an empty array if none found.
270 |  */
271 | function wpvulnerability_rest_software_vulnerabilities( $software_type ) {
272 | 	// Include the general file for retrieving vulnerabilities.
273 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-general.php';
274 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-software.php';
275 | 
276 | 	// Get vulnerabilities based on the software type.
277 | 	$vulnerabilities = array();
278 | 	switch ( $software_type ) {
279 | 		case 'php':
280 | 		case 'apache':
281 | 		case 'nginx':
282 | 		case 'mariadb':
283 | 		case 'mysql':
284 | 		case 'imagemagick':
285 | 		case 'curl':
286 | 		case 'memcached':
287 | 		case 'redis':
288 | 		case 'sqlite':
289 | 			$vulnerabilities = wpvulnerability_get_vulnerabilities( $software_type, wpvulnerability_get_software_version( $software_type ) );
290 | 			break;
291 | 		default:
292 | 			WP_REST_Response( array(), 400 ); // Invalid software type.
293 | 	}
294 | 
295 | 	$complete_vulnerabilities = array();
296 | 
297 | 	if ( isset( $vulnerabilities ) && is_array( $vulnerabilities ) ) {
298 | 		// Process each vulnerability.
299 | 		foreach ( $vulnerabilities as $vulnerability ) {
300 | 			$temp = array();
301 | 
302 | 			$temp['version']  = trim( html_entity_decode( wp_kses( (string) $vulnerability['version'], 'strip' ) ) );
303 | 			$temp['affected'] = trim( html_entity_decode( wp_kses( (string) $vulnerability['versions'], 'strip' ) ) );
304 | 			$temp['unfixed']  = (int) $vulnerability['unfixed'];
305 | 
306 | 			// Process vulnerability sources.
307 | 			$temp['source'] = array();
308 | 			if ( isset( $vulnerability['source'] ) && count( $vulnerability['source'] ) ) {
309 | 				foreach ( $vulnerability['source'] as $source ) {
310 | 					$temp['source'][] = array(
311 | 						'name'        => trim( html_entity_decode( wp_kses( (string) $source['id'], 'strip' ) ) ),
312 | 						'description' => trim( html_entity_decode( wp_kses( (string) $source['description'], 'strip' ) ) ),
313 | 						'link'        => esc_url_raw( (string) $source['link'], 'strip' ),
314 | 					);
315 | 				}
316 | 			}
317 | 
318 | 			// Add processed vulnerability to the complete array.
319 | 			$complete_vulnerabilities[] = $temp;
320 | 		}
321 | 	}
322 | 
323 | 	// Return the vulnerabilities in the response.
324 | 	return new WP_REST_Response( $complete_vulnerabilities, 200 );
325 | }
326 | 
327 | /**
328 |  * Handle the PHP vulnerabilities REST API request.
329 |  *
330 |  * @since 3.3.0
331 |  *
332 |  * @return WP_REST_Response PHP vulnerabilities data or a message if none found.
333 |  */
334 | function wpvulnerability_rest_php_vulnerabilities() {
335 | 	return wpvulnerability_rest_software_vulnerabilities( 'php' );
336 | }
337 | 
338 | /**
339 |  * Handle the Apache vulnerabilities REST API request.
340 |  *
341 |  * @since 3.3.0
342 |  *
343 |  * @return WP_REST_Response Apache vulnerabilities data or a message if none found.
344 |  */
345 | function wpvulnerability_rest_apache_vulnerabilities() {
346 | 	return wpvulnerability_rest_software_vulnerabilities( 'apache' );
347 | }
348 | 
349 | /**
350 |  * Handle the Nginx vulnerabilities REST API request.
351 |  *
352 |  * @since 3.3.0
353 |  *
354 |  * @return WP_REST_Response Nginx vulnerabilities data or a message if none found.
355 |  */
356 | function wpvulnerability_rest_nginx_vulnerabilities() {
357 | 	return wpvulnerability_rest_software_vulnerabilities( 'nginx' );
358 | }
359 | 
360 | /**
361 |  * Handle the MariaDB vulnerabilities REST API request.
362 |  *
363 |  * @since 3.4.0
364 |  *
365 |  * @return WP_REST_Response MariaDB vulnerabilities data or an empty array if none found.
366 |  */
367 | function wpvulnerability_rest_mariadb_vulnerabilities() {
368 | 	return wpvulnerability_rest_software_vulnerabilities( 'mariadb' );
369 | }
370 | 
371 | /**
372 |  * Handle the MySQL vulnerabilities REST API request.
373 |  *
374 |  * @since 3.4.0
375 |  *
376 |  * @return WP_REST_Response MySQL vulnerabilities data or an empty array if none found.
377 |  */
378 | function wpvulnerability_rest_mysql_vulnerabilities() {
379 | 	return wpvulnerability_rest_software_vulnerabilities( 'mysql' );
380 | }
381 | 
382 | /**
383 |  * Handle the ImageMagick vulnerabilities REST API request.
384 |  *
385 |  * @since 3.5.0
386 |  *
387 |  * @return WP_REST_Response ImageMagick vulnerabilities data or an empty array if none found.
388 |  */
389 | function wpvulnerability_rest_imagemagick_vulnerabilities() {
390 | 	return wpvulnerability_rest_software_vulnerabilities( 'imagemagick' );
391 | }
392 | 
393 | /**
394 |  * Handle the curl vulnerabilities REST API request.
395 |  *
396 |  * @since 3.5.0
397 |  *
398 |  * @return WP_REST_Response curl vulnerabilities data or an empty array if none found.
399 |  */
400 | function wpvulnerability_rest_curl_vulnerabilities() {
401 | 	return wpvulnerability_rest_software_vulnerabilities( 'curl' );
402 | }
403 | 
404 | /**
405 |  * Handle the memcached vulnerabilities REST API request.
406 |  *
407 |  * @since 3.5.0
408 |  *
409 |  * @return WP_REST_Response memcached vulnerabilities data or an empty array if none found.
410 |  */
411 | function wpvulnerability_rest_memcached_vulnerabilities() {
412 | 	return wpvulnerability_rest_software_vulnerabilities( 'memcached' );
413 | }
414 | 
415 | /**
416 |  * Handle the Redis vulnerabilities REST API request.
417 |  *
418 |  * @since 3.5.0
419 |  *
420 |  * @return WP_REST_Response Redis vulnerabilities data or an empty array if none found.
421 |  */
422 | function wpvulnerability_rest_redis_vulnerabilities() {
423 | 	return wpvulnerability_rest_software_vulnerabilities( 'redis' );
424 | }
425 | 
426 | /**
427 |  * Handle the SQLite vulnerabilities REST API request.
428 |  *
429 |  * @since 3.5.0
430 |  *
431 |  * @return WP_REST_Response SQLite vulnerabilities data or an empty array if none found.
432 |  */
433 | function wpvulnerability_rest_sqlite_vulnerabilities() {
434 | 	return wpvulnerability_rest_software_vulnerabilities( 'sqlite' );
435 | }
436 | 
437 | /**
438 |  * Custom permission check for the WPVulnerability REST API.
439 |  *
440 |  * This function checks if the request is authenticated using an Application Password.
441 |  *
442 |  * @since 3.3.0
443 |  *
444 |  * @param WP_REST_Request $request The REST API request.
445 |  *
446 |  * @return bool True if the user has permission, false otherwise.
447 |  */
448 | function wpvulnerability_permission_check( WP_REST_Request $request ) {
449 | 
450 | 	// Check if application passwords are available.
451 | 	if ( wp_is_application_passwords_available() ) {
452 | 		$authorization_header = $request->get_header( 'authorization' );
453 | 
454 | 		// Check if the authorization header is present and properly formatted.
455 | 		if ( $authorization_header && preg_match( '/^Basic\s(.+)$/i', $authorization_header, $matches ) ) {
456 | 			$auth_string             = base64_decode( (string) $matches[1] ); // phpcs:ignore
457 | 			list( $user, $password ) = explode( ':', $auth_string );
458 | 
459 | 			// Authenticate the user using the application password.
460 | 			if ( wp_authenticate_application_password( null, $user, $password ) instanceof WP_User ) {
461 | 				return true;
462 | 			}
463 | 		}
464 | 	}
465 | 
466 | 	return false;
467 | }
468 | 
469 | /**
470 |  * Registers REST API routes for WPVulnerability.
471 |  *
472 |  * This function sets up the REST API routes for WPVulnerability to handle requests
473 |  * related to vulnerabilities in various components like core, plugins, themes, PHP, and more.
474 |  *
475 |  * @since 3.3.0
476 |  *
477 |  * @return void
478 |  */
479 | function wpvulnerability_register_rest_routes() {
480 | 
481 | 	// Define the endpoints to be registered.
482 | 	$endpoints = array(
483 | 		'core',
484 | 		'plugins',
485 | 		'themes',
486 | 		'php',
487 | 		'apache',
488 | 		'nginx',
489 | 		'mariadb',
490 | 		'mysql',
491 | 		'imagemagick',
492 | 		'curl',
493 | 		'memcached',
494 | 		'redis',
495 | 		'sqlite',
496 | 	);
497 | 
498 | 	// Loop through each endpoint and register it.
499 | 	foreach ( $endpoints as $endpoint ) {
500 | 		register_rest_route(
501 | 			'wpvulnerability/v1',            // Namespace and version.
502 | 			'/' . $endpoint,                 // Endpoint URL.
503 | 			array(
504 | 				'methods'             => 'GET',  // HTTP method.
505 | 				'callback'            => 'wpvulnerability_rest_' . $endpoint . '_vulnerabilities',  // Callback function.
506 | 				'permission_callback' => 'wpvulnerability_permission_check',  // Permission check callback.
507 | 			)
508 | 		);
509 | 	}
510 | }
511 | 
512 | // Hook to initialize REST API endpoints.
513 | add_action( 'rest_api_init', 'wpvulnerability_register_rest_routes' );
514 | 


--------------------------------------------------------------------------------
/wpvulnerability-core.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Core functions
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @version 2.0.0
  8 |  */
  9 | 
 10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 11 | 
 12 | /**
 13 |  * Adds a vulnerability notice under vulnerable core.
 14 |  *
 15 |  * @since 2.0.0
 16 |  *
 17 |  * @return void
 18 |  */
 19 | function wpvulnerability_core_info_after() {
 20 | 
 21 | 	// Retrieve the vulnerabilities for core from the options table and decode the JSON.
 22 | 	if ( is_multisite() ) {
 23 | 		$core_vulnerabilities = json_decode( get_site_option( 'wpvulnerability-core' ), true );
 24 | 	} else {
 25 | 		$core_vulnerabilities = json_decode( get_option( 'wpvulnerability-core' ), true );
 26 | 	}
 27 | 
 28 | 	// Generate the vulnerability notice message.
 29 | 	$message = sprintf(
 30 | 		/* translators: 1: core version */
 31 | 		__( 'WordPress %1$s has a known vulnerability that may be affecting this version.', 'wpvulnerability' ),
 32 | 		get_bloginfo( 'version' )
 33 | 	);
 34 | 
 35 | 	$information  = '<p class="text-red"><img src="' . esc_url( WPVULNERABILITY_PLUGIN_URL ) . 'assets/logo16.png" style="height: 16px; vertical-align: text-top; width: 16px;" alt="" title="WPVulnerability"> <strong>' . $message . '</strong></p>';
 36 | 	$information .= '<table class="wp-list-table widefat wpvulnerability">';
 37 | 
 38 | 	// Loop through all vulnerabilities for the current version and add their details to the table row HTML markup.
 39 | 	if ( is_array( $core_vulnerabilities ) ) {
 40 | 		foreach ( $core_vulnerabilities as $vulnerability ) {
 41 | 
 42 | 			$what = array();
 43 | 			if ( isset( $vulnerability['impact']['cwe'] ) ) {
 44 | 				foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) {
 45 | 					$what[] = '<div><b>' . wp_kses( (string) $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post( (string) $vulnerability_cwe['description'] ) . '</i></div>';
 46 | 				}
 47 | 			}
 48 | 
 49 | 			$sources = array();
 50 | 			if ( isset( $vulnerability['source'] ) ) {
 51 | 				foreach ( $vulnerability['source'] as $vulnerability_source ) {
 52 | 					$sources[] = '<a href="' . esc_url_raw( (string) $vulnerability_source['link'] ) . '" target="_blank" rel="external nofollow noopener noreferrer">[+]</a>&nbsp;' . wp_kses( (string) $vulnerability_source['name'], 'strip' );
 53 | 				}
 54 | 			}
 55 | 			$source = count( $sources ) ? '<div style="padding-bottom: 5px;">' . implode( '<br>', $sources ) . '</div>' : '';
 56 | 
 57 | 			$score    = isset( $vulnerability['impact']['cvss']['score'] ) ? number_format( (float) $vulnerability['impact']['cvss']['score'], 1, '.', '' ) : null;
 58 | 			$severity = isset( $vulnerability['impact']['cvss']['severity'] ) ? wpvulnerability_severity( $vulnerability['impact']['cvss']['severity'] ) : null;
 59 | 
 60 | 			$information .= '<tr>';
 61 | 			$information .= '<td style="max-width: 256px; min-width: 96px;">WordPress <b>' . wp_kses( (string) $vulnerability['name'], 'strip' ) . '</b></td>';
 62 | 			$information .= '<td>';
 63 | 			if ( count( $what ) ) {
 64 | 				$information .= '<div style="padding-bottom: 5px;">' . implode( '', $what ) . '</div>';
 65 | 			}
 66 | 			if ( ! is_null( $score ) || ! is_null( $severity ) ) {
 67 | 				$information .= '<div style="padding-bottom: 5px;">';
 68 | 				if ( ! is_null( $score ) ) {
 69 | 					$information .= '<div>' . __( 'Global score: ', 'wpvulnerability' ) . $score . ' / 10</div>';
 70 | 				}
 71 | 				if ( ! is_null( $severity ) ) {
 72 | 					$information .= '<div>' . __( 'Severity: ', 'wpvulnerability' ) . $severity . '</div>';
 73 | 				}
 74 | 				$information .= '</div>';
 75 | 			}
 76 | 			$information .= wp_kses( (string) $source, 'post' );
 77 | 			$information .= '</td>';
 78 | 			$information .= '</tr>';
 79 | 		}
 80 | 	}
 81 | 
 82 | 	$information .= '</table>';
 83 | 
 84 | 	echo $information; // phpcs:ignore
 85 | }
 86 | 
 87 | /**
 88 |  * Retrieves vulnerabilities for a given WordPress core version and updates its data.
 89 |  *
 90 |  * @since 2.0.0
 91 |  *
 92 |  * @return array|false The updated core data array or false if no vulnerabilities are found.
 93 |  */
 94 | function wpvulnerability_get_fresh_core_vulnerabilities() {
 95 | 
 96 | 	// Get the core version and sanitize it.
 97 | 	$version = wpvulnerability_sanitize_version( get_bloginfo( 'version' ) );
 98 | 
 99 | 	// Retrieve vulnerabilities for the core version.
100 | 	$response = wpvulnerability_get_core( $version, 0 );
101 | 
102 | 	$core_data = array();
103 | 
104 | 	// If no vulnerabilities are found, return false.
105 | 	if ( empty( $response ) ) {
106 | 		return false;
107 | 	}
108 | 
109 | 	// If vulnerabilities are found, update the core data.
110 | 	foreach ( $response as $v ) {
111 | 		if ( isset( $v['name'], $v['source'], $v['impact'] ) ) { // Ensure expected keys exist.
112 | 			$core_data[] = array(
113 | 				'name'   => wp_kses( (string) $v['name'], 'strip' ),
114 | 				'source' => $v['source'],
115 | 				'impact' => $v['impact'],
116 | 			);
117 | 		}
118 | 	}
119 | 
120 | 	return ! empty( $core_data ) ? $core_data : false; // Return false if core_data is empty.
121 | }
122 | 
123 | /**
124 |  * Get Vulnerabilities
125 |  *
126 |  * Retrieves and caches the vulnerabilities for the installed WordPress core version.
127 |  *
128 |  * @since 2.0.0
129 |  *
130 |  * @return string JSON-encoded array of core data with vulnerabilities and vulnerable status.
131 |  */
132 | function wpvulnerability_core_get_installed() {
133 | 
134 | 	$wpvulnerability_core_vulnerable = 0;
135 | 
136 | 	// Get fresh core vulnerabilities.
137 | 	$core = wpvulnerability_get_fresh_core_vulnerabilities();
138 | 
139 | 	// Check if vulnerabilities were found and count them.
140 | 	if ( is_array( $core ) && count( $core ) > 0 ) {
141 | 		$wpvulnerability_core_vulnerable = count( $core );
142 | 	}
143 | 
144 | 	// Cache the vulnerability data and the timestamp for cache expiration.
145 | 	if ( is_multisite() ) {
146 | 		update_site_option( 'wpvulnerability-core', wp_json_encode( $core ) );
147 | 		update_site_option( 'wpvulnerability-core-vulnerable', wp_json_encode( number_format( $wpvulnerability_core_vulnerable, 0, '.', '' ) ) );
148 | 		update_site_option( 'wpvulnerability-core-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
149 | 	} else {
150 | 		update_option( 'wpvulnerability-core', wp_json_encode( $core ) );
151 | 		update_option( 'wpvulnerability-core-vulnerable', wp_json_encode( number_format( $wpvulnerability_core_vulnerable, 0, '.', '' ) ) );
152 | 		update_option( 'wpvulnerability-core-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
153 | 	}
154 | 
155 | 	// Return the JSON-encoded array of core vulnerabilities.
156 | 	return wp_json_encode( $core );
157 | }
158 | 
159 | /**
160 |  * Get the cached vulnerabilities or update the cache if it's stale or missing.
161 |  *
162 |  * @since 2.0.0
163 |  *
164 |  * @return array Array of core with their vulnerabilities.
165 |  */
166 | function wpvulnerability_core_get_vulnerabilities() {
167 | 
168 | 	// Initialize variables.
169 | 	$core_data_cache = null;
170 | 	$core_data       = null;
171 | 
172 | 	if ( is_multisite() ) {
173 | 		// Get the cached core data and decode it for multisite.
174 | 		$core_data_cache = json_decode( get_site_option( 'wpvulnerability-core-cache' ), true );
175 | 		$core_data       = json_decode( get_site_option( 'wpvulnerability-core' ), true );
176 | 	} else {
177 | 		// Get the cached core data and decode it for single site.
178 | 		$core_data_cache = json_decode( get_option( 'wpvulnerability-core-cache' ), true );
179 | 		$core_data       = json_decode( get_option( 'wpvulnerability-core' ), true );
180 | 	}
181 | 
182 | 	// If the cache is stale or the core data is empty, update the cache.
183 | 	if ( ( null !== $core_data_cache && $core_data_cache < time() ) || empty( $core_data ) ) {
184 | 		$core_data = json_decode( wpvulnerability_core_get_installed(), true );
185 | 	}
186 | 
187 | 	// Return the core data with vulnerabilities.
188 | 	return $core_data;
189 | }
190 | 
191 | /**
192 |  * Update the core cache and remove any old cache data.
193 |  *
194 |  * @since 2.0.0
195 |  *
196 |  * @return void
197 |  */
198 | function wpvulnerability_core_get_vulnerabilities_clean() {
199 | 	wpvulnerability_clear_cache( 'core' );
200 | 	wpvulnerability_core_get_installed();
201 | }
202 | 
203 | /**
204 |  * Adds vulnerability information after the core version and notices on the update-core.php page.
205 |  *
206 |  * @since 2.0.0
207 |  *
208 |  * @return void
209 |  */
210 | function wpvulnerability_core_page() {
211 | 
212 | 	// Check if the current page is the update-core.php page.
213 | 	global $pagenow;
214 | 	if ( wpvulnerability_analyze_filter( 'core' ) && 'update-core.php' === $pagenow && wpvulnerability_capabilities() ) {
215 | 
216 | 		// Get the vulnerabilities for the core.
217 | 		$core = wpvulnerability_core_get_vulnerabilities();
218 | 
219 | 		// If there are vulnerabilities, add an action to display them after the core auto updates settings.
220 | 		if ( is_array( $core ) && ! empty( $core ) ) {
221 | 			add_action( 'after_core_auto_updates_settings', 'wpvulnerability_core_info_after' );
222 | 		}
223 | 	}
224 | }
225 | // Add notices for vulnerable core on the core page.
226 | add_action( 'admin_head', 'wpvulnerability_core_page' );
227 | 


--------------------------------------------------------------------------------
/wpvulnerability-notifications.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Notifications functions
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @version 2.0.0
  8 |  */
  9 | 
 10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 11 | 
 12 | /**
 13 |  * Adds a custom schedule for a weekly cron job.
 14 |  *
 15 |  * This function adds a new schedule interval of one week (604800 seconds)
 16 |  * to the system's available cron schedules. It allows tasks to be scheduled
 17 |  * to run every week using the 'weekly' interval.
 18 |  *
 19 |  * @since 2.0.0
 20 |  *
 21 |  * @param array $schedules The existing system schedules.
 22 |  *
 23 |  * @return array The updated list of schedules with the added weekly interval.
 24 |  */
 25 | function wpvulnerability_add_every_week( $schedules ) {
 26 | 	// Add a weekly schedule interval of 604800 seconds (1 week).
 27 | 	$schedules['weekly'] = array(
 28 | 		'interval' => 604800,
 29 | 		'display'  => __( 'Every week', 'wpvulnerability' ),
 30 | 	);
 31 | 
 32 | 	// Return the modified list of schedules.
 33 | 	return $schedules;
 34 | }
 35 | // Hook the function to the 'cron_schedules' filter to add the custom schedule.
 36 | add_filter( 'cron_schedules', 'wpvulnerability_add_every_week' );
 37 | 
 38 | /**
 39 |  * Adds a custom schedule for daily events.
 40 |  *
 41 |  * This function adds a new schedule interval of one day (86400 seconds)
 42 |  * to the system's available cron schedules. It allows tasks to be scheduled
 43 |  * to run every day using the 'daily' interval.
 44 |  *
 45 |  * @since 2.0.0
 46 |  *
 47 |  * @param array $schedules List of available schedules.
 48 |  *
 49 |  * @return array Modified list of available schedules with the added daily interval.
 50 |  */
 51 | function wpvulnerability_add_every_day( $schedules ) {
 52 | 	// Define a new schedule with a 24 hour interval.
 53 | 	$schedules['daily'] = array(
 54 | 		'interval' => 86400,
 55 | 		'display'  => __( 'Every day', 'wpvulnerability' ),
 56 | 	);
 57 | 
 58 | 	// Return the modified list of schedules.
 59 | 	return $schedules;
 60 | }
 61 | // Hook the function to the 'cron_schedules' filter to add the custom schedule.
 62 | add_filter( 'cron_schedules', 'wpvulnerability_add_every_day' );
 63 | 
 64 | /**
 65 |  * Prepares the HTML email message.
 66 |  *
 67 |  * This function generates an HTML email message with the given title and content.
 68 |  * It includes basic styling and structure to ensure compatibility with most email clients.
 69 |  *
 70 |  * @since 2.0.0
 71 |  *
 72 |  * @param string $title   The title of the email message.
 73 |  * @param string $content The content of the email message.
 74 |  *
 75 |  * @return string The prepared HTML email message.
 76 |  */
 77 | function wpvulnerability_email_prepare( $title, $content ) {
 78 | 
 79 | 	$message  = '';
 80 | 	$message .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . "\n";
 81 | 	$message .= '<html xmlns="http://www.w3.org/1999/xhtml" style="box-sizing: border-box; margin: 0;">' . "\n";
 82 | 	$message .= '<head>' . "\n";
 83 | 	$message .= '	<meta name="viewport" content="width=device-width">' . "\n";
 84 | 	$message .= '	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">' . "\n";
 85 | 	$message .= '	<title>WPVulnerability</title>' . "\n";
 86 | 	$message .= '	<style type="text/css">' . "\n";
 87 | 	$message .= '	img { max-width: 100%; }' . "\n";
 88 | 	$message .= '  body { -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.2em; }' . "\n";
 89 | 	$message .= '  body { background-color: #f6f6f6; }' . "\n";
 90 | 	$message .= '  @media only screen and (max-width: 640px) {' . "\n";
 91 | 	$message .= '		body { padding: 0 !important; }' . "\n";
 92 | 	$message .= '		h1, h2, h3, h4 { margin: 20px 0 5px 0 !important; }' . "\n";
 93 | 	$message .= '		.container { padding: 0 !important; width: 100% !important; }' . "\n";
 94 | 	$message .= '		.content { padding: 0 !important; }' . "\n";
 95 | 	$message .= '		.content-wrap { padding: 10px !important; }' . "\n";
 96 | 	$message .= '		.invoice { width: 100% !important; }' . "\n";
 97 | 	$message .= '  }' . "\n";
 98 | 	$message .= '	</style>' . "\n";
 99 | 	$message .= '</head>' . "\n";
100 | 	$message .= '<body itemscope itemtype="http://schema.org/EmailMessage" style="box-sizing: border-box; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;" bgcolor="#f6f6f6">' . "\n";
101 | 	$message .= '	<table class="body-wrap" style="box-sizing: border-box; width: 100%; background-color: #f6f6f6; margin: 0;" bgcolor="#f6f6f6">' . "\n";
102 | 	$message .= '		<tr style="box-sizing: border-box; margin: 0;">' . "\n";
103 | 	$message .= '			<td style="box-sizing: border-box; vertical-align: top; margin: 0;" valign="top"></td>' . "\n";
104 | 	$message .= '			<td class="container" width="600" style="box-sizing: border-box; vertical-align: top; display: block !important; max-width: 600px !important; clear: both !important; margin: 0 auto;" valign="top">' . "\n";
105 | 	$message .= '				<div class="content" style="box-sizing: border-box; max-width: 600px; display: block; margin: 0 auto; padding: 20px;">' . "\n";
106 | 	$message .= '					<table class="main" width="100%" cellpadding="0" cellspacing="0" style="box-sizing: border-box; border-radius: 3px; background-color: #fff; margin: 0; border: 1px solid #e9e9e9;" bgcolor="#fff">' . "\n";
107 | 	$message .= '						<tr style="box-sizing: border-box; margin: 0;">' . "\n";
108 | 	$message .= '							<td class="content-wrap aligncenter" style="box-sizing: border-box; vertical-align: top; text-align: center; margin: 0; padding: 20px;" align="center" valign="top">' . "\n";
109 | 	$message .= '								<table width="100%" cellpadding="0" cellspacing="0" style="box-sizing: border-box; margin: 0;">' . "\n";
110 | 	$message .= '									<tr style="box-sizing: border-box; margin: 0;">' . "\n";
111 | 	$message .= '										<td class="content-block" style="box-sizing: border-box; vertical-align: top; margin: 0; padding: 0 0 20px; text-align: center;" valign="top">' . "\n";
112 | 	$message .= '											<img class="aligncenter" src="' . WPVULNERABILITY_PLUGIN_URL . 'assets/logo64.png" width="64" height="64" alt="WPVulnerability">' . "\n";
113 | 	$message .= '											<h1 class="aligncenter" style="box-sizing: border-box; color: #000; line-height: 1.2em; text-align: center; margin: 40px 0 0;" align="center">' . esc_html( $title ) . '</h1>' . "\n";
114 | 
115 | 	// Add the site URL based on the multisite configuration.
116 | 	if ( is_multisite() ) {
117 | 		$message .= '											<p class="aligncenter" style="box-sizing: border-box; color: #000; line-height: 1.2em; text-align: center; margin: 5px 0 0;" align="center"><a href="' . esc_url( network_site_url() ) . '" target="_blank" rel="noopener noreferrer">' . esc_html( network_site_url() ) . '</a></p>' . "\n";
118 | 	} else {
119 | 		$message .= '											<p class="aligncenter" style="box-sizing: border-box; color: #000; line-height: 1.2em; text-align: center; margin: 5px 0 0;" align="center"><a href="' . esc_url( site_url() ) . '" target="_blank" rel="noopener noreferrer">' . esc_html( site_url() ) . '</a></p>' . "\n";
120 | 	}
121 | 
122 | 	$message .= '										</td>' . "\n";
123 | 	$message .= '									</tr>' . "\n";
124 | 	$message .= '									<tr style="box-sizing: border-box; margin: 0;">' . "\n";
125 | 	$message .= '										<td class="content-block alignleft" style="box-sizing: border-box; vertical-align: top; text-align: left; margin: 0; padding: 0 0 20px;" valign="top">' . "\n";
126 | 	$message .= $content; // Add the main content of the email.
127 | 	$message .= '									</td>' . "\n";
128 | 	$message .= '									</tr>' . "\n";
129 | 	$message .= '								</table>' . "\n";
130 | 	$message .= '								<div class="footer" style="box-sizing: border-box; width: 100%; clear: both; color: #999; margin: 0; padding: 20px;">' . "\n";
131 | 	$message .= '									<table width="100%" style="box-sizing: border-box; margin: 0;">' . "\n";
132 | 	$message .= '										<tr style="box-sizing: border-box; margin: 0;">' . "\n";
133 | 	$message .= '											<td class="aligncenter content-block" style="box-sizing: border-box; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;" align="center" valign="top">' . "\n";
134 | 	$message .= sprintf(
135 | 		// translators: %1$s the website of Database, %2$s database site name.
136 | 		__( 'Learn more about the WordPress Vulnerability Database API at <a href="%1$s">%2$s</a>', 'wpvulnerability' ),
137 | 		'https://www.wpvulnerability.com/',
138 | 		'WPVulnerability'
139 | 	);
140 | 	$message .= '											</td>' . "\n";
141 | 	$message .= '										</tr>' . "\n";
142 | 
143 | 	// Add the site URL in the footer based on the multisite configuration.
144 | 	if ( is_multisite() ) {
145 | 		$message .= '											<td class="aligncenter content-block" style="box-sizing: border-box; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;" align="center" valign="top"><a href="' . esc_url( network_site_url() ) . '" target="_blank" rel="noopener noreferrer">' . esc_html( network_site_url() ) . '</a></td>' . "\n";
146 | 	} else {
147 | 		$message .= '											<td class="aligncenter content-block" style="box-sizing: border-box; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;" align="center" valign="top"><a href="' . esc_url( site_url() ) . '" target="_blank" rel="noopener noreferrer">' . esc_html( site_url() ) . '</a></td>' . "\n";
148 | 	}
149 | 
150 | 	$message .= '										</tr>' . "\n";
151 | 	$message .= '									</table>' . "\n";
152 | 	$message .= '								</div>' . "\n";
153 | 	$message .= '							</td>' . "\n";
154 | 	$message .= '							<td style="box-sizing: border-box; vertical-align: top; margin: 0;" valign="top"></td>' . "\n";
155 | 	$message .= '						</tr>' . "\n";
156 | 	$message .= '					</table>' . "\n";
157 | 	$message .= '				</div>' . "\n";
158 | 	$message .= '			</td>' . "\n";
159 | 	$message .= '		</tr>' . "\n";
160 | 	$message .= '	</table>' . "\n";
161 | 	$message .= '</body>' . "\n";
162 | 	$message .= '</html>';
163 | 
164 | 	// Return the prepared HTML email message.
165 | 	return $message;
166 | }
167 | 
168 | /**
169 |  * Executes the vulnerability notification process for a WordPress site.
170 |  *
171 |  * This function checks for vulnerabilities in the WordPress core, plugins, themes, PHP environment, and web server components.
172 |  * It generates an HTML email report detailing any vulnerabilities found. If the function is called with
173 |  * the $forced parameter set to true, it will send an email even if no vulnerabilities are found, which is useful for testing purposes.
174 |  *
175 |  * @since 2.0.0
176 |  *
177 |  * @param bool $forced Optional. If set to true, forces the sending of a notification email regardless of whether vulnerabilities are found. Default false.
178 |  * @return string|false Returns the email content if the email was successfully sent, false otherwise.
179 |  */
180 | function wpvulnerability_execute_notification( $forced = false ) {
181 | 	$email_content            = '';
182 | 	$wpvulnerability_settings = is_multisite() ? get_site_option( 'wpvulnerability-config' ) : get_option( 'wpvulnerability-config' );
183 | 
184 | 	// Check if forced email sending is not required.
185 | 	if ( ! $forced && ( empty( $wpvulnerability_settings['emails'] ) || empty( $wpvulnerability_settings['period'] ) ) ) {
186 | 		return false;
187 | 	}
188 | 
189 | 	// Generate HTML for core, plugins, and themes vulnerabilities.
190 | 	$html_core = wpvulnerability_analyze_filter( 'core' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-core-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-core-vulnerable' ) ) ) ? wpvulnerability_html_core() : null;
191 | 
192 | 	$html_plugins = wpvulnerability_analyze_filter( 'plugins' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-plugins-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-plugins-vulnerable' ) ) ) ? wpvulnerability_html_plugins() : null;
193 | 
194 | 	$html_themes = wpvulnerability_analyze_filter( 'themes' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-themes-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-themes-vulnerable' ) ) ) ? wpvulnerability_html_themes() : null;
195 | 
196 | 	// Generate HTML for PHP, Apache, Nginx, MariaDB, MySQL... vulnerabilities.
197 | 	$html_php = wpvulnerability_analyze_filter( 'php' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-php-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-php-vulnerable' ) ) ) ? wpvulnerability_html_software( 'php' ) : null;
198 | 
199 | 	$html_apache = wpvulnerability_analyze_filter( 'apache' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-apache-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-apache-vulnerable' ) ) ) ? wpvulnerability_html_software( 'apache' ) : null;
200 | 
201 | 	$html_nginx = wpvulnerability_analyze_filter( 'nginx' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-nginx-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-nginx-vulnerable' ) ) ) ? wpvulnerability_html_software( 'nginx' ) : null;
202 | 
203 | 	$html_mariadb = wpvulnerability_analyze_filter( 'mariadb' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-mariadb-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-mariadb-vulnerable' ) ) ) ? wpvulnerability_html_software( 'mariadb' ) : null;
204 | 
205 | 	$html_mysql = wpvulnerability_analyze_filter( 'mysql' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-mysql-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-mysql-vulnerable' ) ) ) ? wpvulnerability_html_software( 'mysql' ) : null;
206 | 
207 | 	$html_imagemagick = wpvulnerability_analyze_filter( 'imagemagick' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-imagemagick-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-imagemagick-vulnerable' ) ) ) ? wpvulnerability_html_software( 'imagemagick' ) : null;
208 | 
209 | 	$html_curl = wpvulnerability_analyze_filter( 'curl' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-curl-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-curl-vulnerable' ) ) ) ? wpvulnerability_html_software( 'curl' ) : null;
210 | 
211 | 	$html_memcached = wpvulnerability_analyze_filter( 'memcached' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-memcached-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-memcached-vulnerable' ) ) ) ? wpvulnerability_html_software( 'memcached' ) : null;
212 | 
213 | 	$html_redis = wpvulnerability_analyze_filter( 'redis' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-redis-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-redis-vulnerable' ) ) ) ? wpvulnerability_html_software( 'redis' ) : null;
214 | 
215 | 	$html_sqlite = wpvulnerability_analyze_filter( 'sqlite' ) && ( is_multisite() ? json_decode( get_site_option( 'wpvulnerability-sqlite-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-sqlite-vulnerable' ) ) ) ? wpvulnerability_html_software( 'sqlite' ) : null;
216 | 
217 | 	$all_empty = ( empty( $html_core ) && empty( $html_plugins ) && empty( $html_themes ) && empty( $html_php ) && empty( $html_apache ) && empty( $html_nginx ) && empty( $html_mariadb ) && empty( $html_mysql ) && empty( $html_imagemagick ) && empty( $html_curl ) && empty( $html_memcached ) && empty( $html_redis ) && empty( $html_sqlite ) );
218 | 
219 | 	// If forced email sending is not enabled and no vulnerabilities were found, exit the function.
220 | 	if ( ! $forced && $all_empty ) {
221 | 		return false;
222 | 	} elseif ( $forced && $all_empty ) {
223 | 		$email_content .= '<h2>' . esc_html__( 'No vulnerabilities found', 'wpvulnerability' ) . '</h2>';
224 | 		$email_content .= '<p>' . esc_html__( 'This is likely a test. The site does not have vulnerabilities.', 'wpvulnerability' ) . '</p>';
225 | 	}
226 | 
227 | 	// Append core vulnerabilities HTML to the email content.
228 | 	if ( ! empty( $html_core ) ) {
229 | 		$email_content .= '<h2>' . esc_html__( 'Core vulnerabilities', 'wpvulnerability' ) . '</h2>';
230 | 		$email_content .= $html_core;
231 | 	}
232 | 
233 | 	// Append plugins vulnerabilities HTML to the email content.
234 | 	if ( ! empty( $html_plugins ) ) {
235 | 		$email_content .= '<h2>' . esc_html__( 'Plugins vulnerabilities', 'wpvulnerability' ) . '</h2>';
236 | 		$email_content .= $html_plugins;
237 | 	}
238 | 
239 | 	// Append themes vulnerabilities HTML to the email content.
240 | 	if ( ! empty( $html_themes ) ) {
241 | 		$email_content .= '<h2>' . esc_html__( 'Themes vulnerabilities', 'wpvulnerability' ) . '</h2>';
242 | 		$email_content .= $html_themes;
243 | 	}
244 | 
245 | 	// Append PHP vulnerabilities HTML to the email content.
246 | 	if ( ! empty( $html_php ) ) {
247 | 		$email_content .= '<h2>' . esc_html__( 'PHP vulnerabilities', 'wpvulnerability' ) . '</h2>';
248 | 		$email_content .= $html_php;
249 | 	}
250 | 
251 | 	// Append Apache vulnerabilities HTML to the email content.
252 | 	if ( ! empty( $html_apache ) ) {
253 | 		$email_content .= '<h2>' . esc_html__( 'Apache HTTPD vulnerabilities', 'wpvulnerability' ) . '</h2>';
254 | 		$email_content .= $html_apache;
255 | 	}
256 | 
257 | 	// Append Nginx vulnerabilities HTML to the email content.
258 | 	if ( ! empty( $html_nginx ) ) {
259 | 		$email_content .= '<h2>' . esc_html__( 'Nginx vulnerabilities', 'wpvulnerability' ) . '</h2>';
260 | 		$email_content .= $html_nginx;
261 | 	}
262 | 
263 | 	// Append MariaDB vulnerabilities HTML to the email content.
264 | 	if ( ! empty( $html_mariadb ) ) {
265 | 		$email_content .= '<h2>' . esc_html__( 'MariaDB vulnerabilities', 'wpvulnerability' ) . '</h2>';
266 | 		$email_content .= $html_mariadb;
267 | 	}
268 | 
269 | 	// Append MySQL vulnerabilities HTML to the email content.
270 | 	if ( ! empty( $html_mysql ) ) {
271 | 		$email_content .= '<h2>' . esc_html__( 'MySQL vulnerabilities', 'wpvulnerability' ) . '</h2>';
272 | 		$email_content .= $html_mysql;
273 | 	}
274 | 
275 | 	// Append ImageMagick vulnerabilities HTML to the email content.
276 | 	if ( ! empty( $html_imagemagick ) ) {
277 | 		$email_content .= '<h2>' . esc_html__( 'ImageMagick vulnerabilities', 'wpvulnerability' ) . '</h2>';
278 | 		$email_content .= $html_imagemagick;
279 | 	}
280 | 
281 | 	// Append curl vulnerabilities HTML to the email content.
282 | 	if ( ! empty( $html_curl ) ) {
283 | 		$email_content .= '<h2>' . esc_html__( 'curl vulnerabilities', 'wpvulnerability' ) . '</h2>';
284 | 		$email_content .= $html_curl;
285 | 	}
286 | 
287 | 	// Append memcached vulnerabilities HTML to the email content.
288 | 	if ( ! empty( $html_memcached ) ) {
289 | 		$email_content .= '<h2>' . esc_html__( 'memcached vulnerabilities', 'wpvulnerability' ) . '</h2>';
290 | 		$email_content .= $html_memcached;
291 | 	}
292 | 
293 | 	// Append Redis vulnerabilities HTML to the email content.
294 | 	if ( ! empty( $html_redis ) ) {
295 | 		$email_content .= '<h2>' . esc_html__( 'Redis vulnerabilities', 'wpvulnerability' ) . '</h2>';
296 | 		$email_content .= $html_redis;
297 | 	}
298 | 
299 | 	// Append SQLite vulnerabilities HTML to the email content.
300 | 	if ( ! empty( $html_sqlite ) ) {
301 | 		$email_content .= '<h2>' . esc_html__( 'SQLite vulnerabilities', 'wpvulnerability' ) . '</h2>';
302 | 		$email_content .= $html_sqlite;
303 | 	}
304 | 
305 | 	// Get the site name.
306 | 	$admin_site = is_multisite() ? get_site_option( 'network_name_option' ) : get_bloginfo( 'name' );
307 | 
308 | 	// Get the admin email.
309 | 	$admin_email = is_multisite() ? get_site_option( 'admin_email' ) : get_bloginfo( 'admin_email' );
310 | 	$from_email  = $admin_email;
311 | 
312 | 	// Check if WPVULNERABILITY_MAIL is defined and valid, and use it if available.
313 | 	if ( defined( 'WPVULNERABILITY_MAIL' ) ) {
314 | 		$wpvulnerability_sender_email = sanitize_email( trim( WPVULNERABILITY_MAIL ) );
315 | 		if ( is_email( $wpvulnerability_sender_email ) ) {
316 | 			$from_email = $wpvulnerability_sender_email;
317 | 		}
318 | 		unset( $wpvulnerability_sender_email );
319 | 	}
320 | 
321 | 	// Prepare email subject and content.
322 | 	$email_subject = sprintf(
323 | 		// translators: Site name.
324 | 		__( 'Vulnerability found: %s', 'wpvulnerability' ),
325 | 		$admin_site
326 | 	);
327 | 
328 | 	$email_prepared = wpvulnerability_email_prepare( esc_html__( 'Vulnerability found', 'wpvulnerability' ), $email_content );
329 | 
330 | 	// Prepare email headers.
331 | 	$email_headers   = array();
332 | 	$email_headers[] = 'From: WPVulnerability <' . $from_email . '>';
333 | 	$email_headers[] = 'Content-Type: text/html; charset=UTF-8';
334 | 
335 | 	if ( $forced && ( empty( $wpvulnerability_settings['emails'] ) ) ) {
336 | 		// Determine the recipient email.
337 | 		$wpvulnerability_settings['emails'][] = $admin_email;
338 | 	}
339 | 
340 | 	// Send the email.
341 | 	$wpmail = wp_mail( $wpvulnerability_settings['emails'], $email_subject, $email_prepared, $email_headers );
342 | 
343 | 	return $wpmail;
344 | }
345 | 


--------------------------------------------------------------------------------
/wpvulnerability-process.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Process functions
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @version 2.0.0
  8 |  */
  9 | 
 10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 11 | 
 12 | /**
 13 |  * Convert vulnerabilities into pretty HTML
 14 |  *
 15 |  * @version 2.0.0
 16 |  *
 17 |  * @param string $type Type: core, plugin, theme, php, apache, nginx, mariadb, mysql, imagemagick, curl.
 18 |  * @param array  $vulnerabilities Vulnerability data.
 19 |  *
 20 |  * @return string The HTML representation of vulnerabilities.
 21 |  */
 22 | function wpvulnerability_html( $type, $vulnerabilities ) {
 23 | 	$html = '';
 24 | 
 25 | 	if ( in_array( $type, array( 'plugin', 'theme' ), true ) ) {
 26 | 		foreach ( $vulnerabilities as $vulnerability ) {
 27 | 			$what = array();
 28 | 			if ( isset( $vulnerability['impact']['cwe'] ) ) {
 29 | 				foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) {
 30 | 					$what[] = '<div><b>' . wp_kses( (string) $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post( (string) $vulnerability_cwe['description'] ) . '</i></div>';
 31 | 				}
 32 | 			}
 33 | 
 34 | 			$sources = array();
 35 | 			if ( isset( $vulnerability['source'] ) ) {
 36 | 				foreach ( $vulnerability['source'] as $vulnerability_source ) {
 37 | 					$sources[] = '<a href="' . esc_url_raw( (string) $vulnerability_source['link'], 'strip' ) . '" target="_blank">[+]</a>&nbsp;' . wp_kses( (string) $vulnerability_source['name'], 'strip' );
 38 | 				}
 39 | 			}
 40 | 
 41 | 			$source = count( $sources ) ? '<div style="padding-bottom: 5px;">' . implode( '<br>', $sources ) . '</div>' : '';
 42 | 
 43 | 			$score    = isset( $vulnerability['impact']['cvss']['score'] ) ? number_format( (float) $vulnerability['impact']['cvss']['score'], 1, '.', '' ) : null;
 44 | 			$severity = isset( $vulnerability['impact']['cvss']['severity'] ) ? wpvulnerability_severity( $vulnerability['impact']['cvss']['severity'] ) : null;
 45 | 
 46 | 			$html .= '<h4>' . wp_kses( (string) $vulnerability['name'], 'strip' ) . '</h4>';
 47 | 			if ( (int) $vulnerability['closed'] || (int) $vulnerability['unfixed'] ) {
 48 | 				$html .= '<div style="padding-bottom: 5px;">';
 49 | 				if ( (int) $vulnerability['closed'] ) {
 50 | 					$html .= '<div class="text-red">' . __( 'This plugin is closed. Please replace it with another.', 'wpvulnerability' ) . '</div>';
 51 | 				}
 52 | 				if ( (int) $vulnerability['unfixed'] ) {
 53 | 					$html .= '<div class="text-red">' . __( 'This vulnerability appears to be unpatched. Stay tuned for upcoming plugin updates.', 'wpvulnerability' ) . '</div>';
 54 | 				}
 55 | 				$html .= '</div>';
 56 | 			}
 57 | 
 58 | 			if ( count( $what ) ) {
 59 | 				$html .= '<div style="padding-bottom: 5px;">' . implode( '', $what ) . '</div>';
 60 | 			}
 61 | 
 62 | 			if ( ! is_null( $score ) || ! is_null( $severity ) ) {
 63 | 				$html .= '<div style="padding-bottom: 5px;">';
 64 | 				if ( ! is_null( $score ) ) {
 65 | 					$html .= '<div>' . __( 'Global score: ', 'wpvulnerability' ) . $score . ' / 10</div>';
 66 | 				}
 67 | 				if ( ! is_null( $severity ) ) {
 68 | 					$html .= '<div>' . __( 'Severity: ', 'wpvulnerability' ) . $severity . '</div>';
 69 | 				}
 70 | 				$html .= '</div>';
 71 | 			}
 72 | 
 73 | 			$html .= wp_kses( (string) $source, 'post' );
 74 | 		}
 75 | 	} elseif ( 'core' === $type ) {
 76 | 		foreach ( $vulnerabilities as $vulnerability ) {
 77 | 			$what = array();
 78 | 			foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) {
 79 | 				$what[] = '<div><b>' . wp_kses( (string) $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post( (string) $vulnerability_cwe['description'] ) . '</i></div>';
 80 | 			}
 81 | 
 82 | 			$sources = array();
 83 | 			foreach ( $vulnerability['source'] as $vulnerability_source ) {
 84 | 				$sources[] = '<a href="' . esc_url_raw( (string) $vulnerability_source['link'], 'strip' ) . '" target="_blank">[+]</a>&nbsp;' . wp_kses( (string) $vulnerability_source['name'], 'strip' );
 85 | 			}
 86 | 			$source = '<div style="padding-bottom: 5px;">' . implode( '<br>', $sources ) . '</div>';
 87 | 
 88 | 			$score    = isset( $vulnerability['impact']['cvss']['score'] ) ? number_format( (float) $vulnerability['impact']['cvss']['score'], 1, '.', '' ) : null;
 89 | 			$severity = isset( $vulnerability['impact']['cvss']['severity'] ) ? wpvulnerability_severity( $vulnerability['impact']['cvss']['severity'] ) : null;
 90 | 
 91 | 			$html .= '<h3> WordPress ' . wp_kses( (string) $vulnerability['name'], 'strip' ) . '</h3>';
 92 | 			if ( count( $what ) ) {
 93 | 				$html .= '<div style="padding-bottom: 5px;">' . implode( '', $what ) . '</div>';
 94 | 			}
 95 | 
 96 | 			if ( ! is_null( $score ) || ! is_null( $severity ) ) {
 97 | 				$html .= '<div style="padding-bottom: 5px;">';
 98 | 				if ( ! is_null( $score ) ) {
 99 | 					$html .= '<div>' . __( 'Global score: ', 'wpvulnerability' ) . $score . ' / 10</div>';
100 | 				}
101 | 				if ( ! is_null( $severity ) ) {
102 | 					$html .= '<div>' . __( 'Severity: ', 'wpvulnerability' ) . $severity . '</div>';
103 | 				}
104 | 				$html .= '</div>';
105 | 			}
106 | 
107 | 			$html .= wp_kses( (string) $source, 'post' );
108 | 		}
109 | 	} elseif ( in_array( $type, array( 'php', 'apache', 'nginx', 'mariadb', 'mysql', 'imagemagick', 'curl', 'memcached', 'redis', 'sqlite' ), true ) ) {
110 | 		foreach ( $vulnerabilities as $vulnerability ) {
111 | 			$sources = array();
112 | 			foreach ( $vulnerability['source'] as $vulnerability_source ) {
113 | 				$sources[] = '<a href="' . esc_url_raw( (string) $vulnerability_source['link'], 'strip' ) . '" target="_blank">[+]</a>&nbsp;' . wp_kses( (string) $vulnerability_source['id'], 'strip' ) . '<br>' . wp_kses( (string) $vulnerability_source['description'], 'strip' );
114 | 			}
115 | 			$source = '<div style="padding-bottom: 5px;">' . implode( '<br>', $sources ) . '</div>';
116 | 
117 | 			$html .= '<h4> ' . wp_kses( (string) $vulnerability['name'], 'strip' ) . '</h4>';
118 | 			$html .= '<div style="padding-bottom: 5px;"></div>';
119 | 			$html .= wp_kses( (string) $source, 'post' );
120 | 		}
121 | 	}
122 | 
123 | 	return $html;
124 | }
125 | 
126 | /**
127 |  * Convert vulnerabilities into HTML format.
128 |  *
129 |  * @version 3.5.0
130 |  *
131 |  * @param string $type Type of software (php, apache, nginx, mariadb, mysql, imagemagick, curl).
132 |  * @return string|false The HTML output if vulnerabilities were found, false otherwise.
133 |  */
134 | function wpvulnerability_html_software( $type ) {
135 | 	$html              = '';
136 | 	$found             = false;
137 | 		$software_name = null;
138 | 
139 | 	// Include the software vulnerabilities file.
140 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-software.php';
141 | 
142 | 	// Map software types to their names.
143 | 	$software_names = array(
144 | 		'php'         => 'PHP',
145 | 		'apache'      => 'Apache HTTP',
146 | 		'nginx'       => 'Nginx',
147 | 		'mariadb'     => 'MariaDB',
148 | 		'mysql'       => 'MySQL',
149 | 		'imagemagick' => 'ImageMagick',
150 | 		'curl'        => 'curl',
151 | 		'memcached'   => 'memcached',
152 | 		'redis'       => 'redis',
153 | 		'sqlite'      => 'sqlite',
154 | 	);
155 | 
156 | 	// Check if the type is valid and get the software name.
157 | 	if ( isset( $software_names[ $type ] ) ) {
158 | 		$software_name = $software_names[ $type ];
159 | 	} else {
160 | 		return false; // Invalid type.
161 | 	}
162 | 
163 | 		$version     = wpvulnerability_sanitize_and_validate_version( wpvulnerability_get_software_version( $type ) );
164 | 	$vulnerabilities = wpvulnerability_get_vulnerabilities( $type, $version );
165 | 
166 | 	// Check if vulnerabilities were found.
167 | 	if ( is_array( $vulnerabilities ) && 0 < count( $vulnerabilities ) ) {
168 | 		$found = true;
169 | 
170 | 		// translators: the type of vulnerability.
171 | 		$html .= '<h3>' . sprintf( esc_html__( '%s running', 'wpvulnerability' ), esc_html( $software_name ) ) . ': ' . wp_kses( (string) $version, 'strip' ) . '</h3>';
172 | 		$html .= wpvulnerability_html( $type, $vulnerabilities );
173 | 
174 | 	}
175 | 
176 | 	return $found ? $html : false;
177 | }
178 | 
179 | /**
180 |  * Convert plugin vulnerabilities into HTML format.
181 |  *
182 |  * @version 2.0.0
183 |  *
184 |  * @return string|false The HTML output if plugin vulnerabilities were found, false otherwise.
185 |  */
186 | function wpvulnerability_html_plugins() {
187 | 	$html  = '';
188 | 	$found = false;
189 | 
190 | 	$plugins = wpvulnerability_plugin_get_vulnerabilities();
191 | 
192 | 	foreach ( $plugins as $file_path => $plugin_data ) {
193 | 		// Check if the plugin is marked as vulnerable.
194 | 		if ( isset( $plugin_data['vulnerable'] ) && 1 === $plugin_data['vulnerable'] ) {
195 | 			$found = true;
196 | 
197 | 			// Generate HTML markup for the plugin vulnerability.
198 | 			$html .= '<h3>' . esc_html__( 'Plugin', 'wpvulnerability' ) . ': ' . wp_kses( (string) $plugin_data['Name'], 'strip' ) . '</h3>';
199 | 			$html .= wpvulnerability_html( 'plugin', $plugin_data['vulnerabilities'] );
200 | 		}
201 | 	}
202 | 
203 | 	// Return the HTML if vulnerabilities were found.
204 | 	return $found ? $html : false;
205 | }
206 | 
207 | /**
208 |  * Convert plugin vulnerabilities into list format.
209 |  *
210 |  * @version 2.2.0
211 |  *
212 |  * @return string|false The HTML output if plugin vulnerabilities were found, false otherwise.
213 |  */
214 | function wpvulnerability_list_plugins() {
215 | 	$html  = '<ul class="inside">';
216 | 	$found = false;
217 | 
218 | 	// Get vulnerabilities data for plugins.
219 | 	$plugins = wpvulnerability_plugin_get_vulnerabilities();
220 | 
221 | 	// Iterate through each plugin's data.
222 | 	foreach ( $plugins as $file_path => $plugin_data ) {
223 | 		// Check if the plugin is marked as vulnerable.
224 | 		if ( isset( $plugin_data['vulnerable'] ) && 1 === $plugin_data['vulnerable'] ) {
225 | 			$found = true;
226 | 
227 | 			// Generate HTML markup for the plugin vulnerability.
228 | 			$html .= '<li>' . wp_kses( (string) $plugin_data['Name'], 'strip' ) . '</li>';
229 | 		}
230 | 	}
231 | 
232 | 	$html .= '</ul>';
233 | 
234 | 	// Return the HTML if vulnerabilities were found.
235 | 	return $found ? $html : false;
236 | }
237 | 
238 | /**
239 |  * Convert theme vulnerabilities into HTML format.
240 |  *
241 |  * @version 2.0.0
242 |  *
243 |  * @return string|false The HTML output if theme vulnerabilities were found, false otherwise.
244 |  */
245 | function wpvulnerability_html_themes() {
246 | 	$html  = '';
247 | 	$found = false;
248 | 
249 | 	// Get vulnerabilities data for themes.
250 | 	$themes = wpvulnerability_theme_get_vulnerabilities();
251 | 
252 | 	// Iterate through each theme's data.
253 | 	foreach ( $themes as $theme_data ) {
254 | 		// Check if the theme is marked as vulnerable.
255 | 		if ( isset( $theme_data['wpvulnerability']['vulnerable'] ) && 1 === $theme_data['wpvulnerability']['vulnerable'] ) {
256 | 			$found = true;
257 | 
258 | 			// Generate HTML markup for the theme vulnerability.
259 | 			$html .= '<h3>' . esc_html__( 'Theme', 'wpvulnerability' ) . ': ' . wp_kses( (string) $theme_data['wpvulnerability']['name'], 'strip' ) . '</h3>';
260 | 			$html .= wpvulnerability_html( 'theme', $theme_data['wpvulnerability']['vulnerabilities'] );
261 | 		}
262 | 	}
263 | 
264 | 	// Return the HTML if vulnerabilities were found.
265 | 	return $found ? $html : false;
266 | }
267 | 
268 | /**
269 |  * Convert theme vulnerabilities into list format.
270 |  *
271 |  * @version 2.2.0
272 |  *
273 |  * @return string|false The HTML output if theme vulnerabilities were found, false otherwise.
274 |  */
275 | function wpvulnerability_list_themes() {
276 | 	$html  = '<ul class="inside">';
277 | 	$found = false;
278 | 
279 | 	// Get vulnerabilities data for themes.
280 | 	$themes = wpvulnerability_theme_get_vulnerabilities();
281 | 
282 | 	// Iterate through each theme's data.
283 | 	foreach ( $themes as $theme_data ) {
284 | 		// Check if the theme is marked as vulnerable.
285 | 		if ( isset( $theme_data['wpvulnerability']['vulnerable'] ) && 1 === $theme_data['wpvulnerability']['vulnerable'] ) {
286 | 			$found = true;
287 | 
288 | 			// Generate HTML markup for the theme vulnerability.
289 | 			$html .= '<li>' . wp_kses( (string) $theme_data['wpvulnerability']['name'], 'strip' ) . '</li>';
290 | 		}
291 | 	}
292 | 
293 | 	$html .= '</ul>';
294 | 
295 | 	// Return the HTML if vulnerabilities were found.
296 | 	return $found ? $html : false;
297 | }
298 | 
299 | /**
300 |  * Convert core vulnerabilities into HTML format.
301 |  *
302 |  * @version 2.0.0
303 |  *
304 |  * @return string|false The HTML output if core vulnerabilities were found, false otherwise.
305 |  */
306 | function wpvulnerability_html_core() {
307 | 	$html  = '';
308 | 	$found = false;
309 | 
310 | 	// Get vulnerabilities data for WordPress core.
311 | 	$core = wpvulnerability_core_get_vulnerabilities();
312 | 
313 | 	// Check if there are any vulnerabilities.
314 | 	if ( is_array( $core ) && count( $core ) ) {
315 | 		$found = true;
316 | 
317 | 		// Generate HTML markup for the core vulnerabilities.
318 | 		$html .= wpvulnerability_html( 'core', $core );
319 | 	}
320 | 
321 | 	// Return the HTML if vulnerabilities were found.
322 | 	return $found ? $html : false;
323 | }
324 | 


--------------------------------------------------------------------------------
/wpvulnerability-run.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Running functions
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @version 2.0.0
  8 |  */
  9 | 
 10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 11 | 
 12 | /**
 13 |  * Adds a settings link to the plugin row in the plugins list.
 14 |  *
 15 |  * This function conditionally adds either a network admin settings link for multisite
 16 |  * or a standard settings link for single site installations.
 17 |  *
 18 |  * @since 3.5.0
 19 |  *
 20 |  * @param array $links The links that appear in the plugin row.
 21 |  *
 22 |  * @return array The modified array of links.
 23 |  */
 24 | function wpvulnerability_add_settings_link( $links ) {
 25 | 	// Check if the user has the required capabilities to view the settings link.
 26 | 	if ( wpvulnerability_capabilities() ) {
 27 | 		// Determine the correct settings link based on the environment.
 28 | 		if ( is_multisite() && is_network_admin() ) {
 29 | 			// Network admin settings link for multisite.
 30 | 			$links[] = '<a href="' . network_admin_url( 'settings.php?page=wpvulnerability-options' ) . '">' . __( 'Network Settings', 'wpvulnerability' ) . '</a>';
 31 | 		} elseif ( ! is_multisite() && is_admin() ) {
 32 | 			// Standard settings link for single site.
 33 | 			$links[] = '<a href="' . get_admin_url( null, 'options-general.php?page=wpvulnerability-options' ) . '">' . __( 'Settings', 'wpvulnerability' ) . '</a>';
 34 | 		}
 35 | 	}
 36 | 	return $links;
 37 | }
 38 | 
 39 | // Hook the function to the appropriate filters.
 40 | if ( is_multisite() ) {
 41 | 	add_filter( 'network_admin_plugin_action_links_' . WPVULNERABILITY_PLUGIN_BASE, 'wpvulnerability_add_settings_link' );
 42 | } else {
 43 | 	add_filter( 'plugin_action_links_' . WPVULNERABILITY_PLUGIN_BASE, 'wpvulnerability_add_settings_link' );
 44 | }
 45 | 
 46 | /**
 47 |  * Updates the plugin's vulnerability data.
 48 |  *
 49 |  * This function updates the vulnerability data for WordPress core, plugins, themes, PHP, Apache, nginx, MariaDB, and MySQL.
 50 |  * It ensures that the required functions are available by including the necessary files.
 51 |  * After updating the vulnerabilities, it flushes the WordPress cache.
 52 |  *
 53 |  * @since 2.0.0
 54 |  *
 55 |  * @return void
 56 |  */
 57 | function wpvulnerability_update_database_data() {
 58 | 
 59 | 	// Ensure necessary files are included for core, plugins, and themes.
 60 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-core.php';
 61 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-plugins.php';
 62 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-themes.php';
 63 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-software.php';
 64 | 
 65 | 	wpvulnerability_delete_transients();
 66 | 
 67 | 	// Update core, plugins, and themes vulnerabilities.
 68 | 	wpvulnerability_core_get_vulnerabilities_clean();
 69 | 	wpvulnerability_plugin_get_vulnerabilities_clean();
 70 | 	wpvulnerability_theme_get_vulnerabilities_clean();
 71 | 
 72 | 	// Array of software types to update.
 73 | 	$software_types = array( 'php', 'apache', 'nginx', 'mariadb', 'mysql', 'imagemagick', 'curl', 'memcached', 'redis', 'sqlite' );
 74 | 
 75 | 	// Update vulnerabilities for each software type.
 76 | 	foreach ( $software_types as $software ) {
 77 | 		wpvulnerability_get_vulnerabilities_clean( $software );
 78 | 	}
 79 | 
 80 | 	wpvulnerability_statistics_get();
 81 | 
 82 | 	// Clean the WordPress cache.
 83 | 	wp_cache_flush();
 84 | }
 85 | 
 86 | /**
 87 |  * Updates the plugin's vulnerability data if the cache has expired.
 88 |  *
 89 |  * This function checks if the cached vulnerability data for various components (core, plugins, themes, PHP, Apache, nginx, MariaDB, MySQL) has expired and updates it accordingly.
 90 |  * It ensures that the required functions are available by including the necessary files.
 91 |  * The function handles both multisite and single site installations.
 92 |  *
 93 |  * @since 3.0.0
 94 |  *
 95 |  * @return void
 96 |  */
 97 | function wpvulnerability_expired_database_data() {
 98 | 
 99 | 	// Ensure necessary files are included for core, plugins, and themes.
100 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-core.php';
101 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-plugins.php';
102 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-themes.php';
103 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-software.php';
104 | 
105 | 	// Current time for cache expiration comparison.
106 | 	$cache_time = time();
107 | 
108 | 	// Check and update core, plugins, and themes vulnerabilities if cache has expired.
109 | 	$components = array(
110 | 		'core'   => 'wpvulnerability-core-cache',
111 | 		'plugin' => 'wpvulnerability-plugins-cache',
112 | 		'theme'  => 'wpvulnerability-themes-cache',
113 | 	);
114 | 
115 | 	foreach ( $components as $component => $cache_key ) {
116 | 		$cache_value = is_multisite() ? get_site_option( $cache_key ) : get_option( $cache_key );
117 | 
118 | 		if ( json_decode( $cache_value ) < $cache_time ) {
119 | 			call_user_func( "wpvulnerability_{$component}_get_vulnerabilities_clean" );
120 | 		}
121 | 	}
122 | 
123 | 	// Array of software types to update.
124 | 	$software_types = array( 'php', 'apache', 'nginx', 'mariadb', 'mysql', 'imagemagick', 'curl', 'memcached', 'redis', 'sqlite' );
125 | 
126 | 	// Ensure necessary files are included and update vulnerabilities for each software type.
127 | 	foreach ( $software_types as $software ) {
128 | 		if ( is_multisite() ) {
129 | 			if ( json_decode( get_site_option( 'wpvulnerability-' . $software . '-cache' ) ) < $cache_time ) {
130 | 				wpvulnerability_get_vulnerabilities_clean( $software );
131 | 			}
132 | 		} elseif ( json_decode( get_option( 'wpvulnerability-' . $software . '-cache' ) ) < $cache_time ) {
133 | 				wpvulnerability_get_vulnerabilities_clean( $software );
134 | 		}
135 | 	}
136 | 
137 | 	wpvulnerability_statistics_get();
138 | 
139 | 	unset( $cache_time );
140 | }
141 | 
142 | /**
143 |  * Callback function for when the plugin is activated.
144 |  * Adds plugin data options if they are not already created.
145 |  *
146 |  * @since 2.0.0
147 |  *
148 |  * @return void
149 |  */
150 | function wpvulnerability_activation() {
151 | 	$is_multisite  = is_multisite();
152 | 	$config_key    = $is_multisite ? 'get_site_option' : 'get_option';
153 | 	$add_option    = $is_multisite ? 'add_site_option' : 'add_option';
154 | 	$update_option = $is_multisite ? 'update_site_option' : 'update_option';
155 | 
156 | 	wpvulnerability_delete_transients();
157 | 
158 | 	// Add wpvulnerability-config option if it does not exist.
159 | 	if ( ! $config_key( 'wpvulnerability-config' ) ) {
160 | 		$default_config = array(
161 | 			'emails' => get_bloginfo( 'admin_email' ),
162 | 			'period' => 'weekly',
163 | 		);
164 | 		$add_option( 'wpvulnerability-config', $default_config );
165 | 	}
166 | 
167 | 	// Add other options if they do not exist.
168 | 	$options = array(
169 | 		'wpvulnerability-plugins'                => '',
170 | 		'wpvulnerability-plugins-cache'          => 0,
171 | 		'wpvulnerability-plugins-vulnerable'     => 0,
172 | 		'wpvulnerability-plugins-data'           => '',
173 | 		'wpvulnerability-plugins-data-cache'     => 0,
174 | 		'wpvulnerability-themes'                 => '',
175 | 		'wpvulnerability-themes-cache'           => 0,
176 | 		'wpvulnerability-themes-vulnerable'      => 0,
177 | 		'wpvulnerability-core'                   => '',
178 | 		'wpvulnerability-core-cache'             => 0,
179 | 		'wpvulnerability-core-vulnerable'        => 0,
180 | 		'wpvulnerability-php'                    => '',
181 | 		'wpvulnerability-php-cache'              => 0,
182 | 		'wpvulnerability-php-vulnerable'         => 0,
183 | 		'wpvulnerability-apache'                 => '',
184 | 		'wpvulnerability-apache-cache'           => 0,
185 | 		'wpvulnerability-apache-vulnerable'      => 0,
186 | 		'wpvulnerability-nginx'                  => '',
187 | 		'wpvulnerability-nginx-cache'            => 0,
188 | 		'wpvulnerability-nginx-vulnerable'       => 0,
189 | 		'wpvulnerability-mariadb'                => '',
190 | 		'wpvulnerability-mariadb-cache'          => 0,
191 | 		'wpvulnerability-mariadb-vulnerable'     => 0,
192 | 		'wpvulnerability-mysql'                  => '',
193 | 		'wpvulnerability-mysql-cache'            => 0,
194 | 		'wpvulnerability-mysql-vulnerable'       => 0,
195 | 		'wpvulnerability-imagemagick'            => '',
196 | 		'wpvulnerability-imagemagick-cache'      => 0,
197 | 		'wpvulnerability-imagemagick-vulnerable' => 0,
198 | 		'wpvulnerability-curl'                   => '',
199 | 		'wpvulnerability-curl-cache'             => 0,
200 | 		'wpvulnerability-curl-vulnerable'        => 0,
201 | 		'wpvulnerability-memcached'              => '',
202 | 		'wpvulnerability-memcached-cache'        => 0,
203 | 		'wpvulnerability-memcached-vulnerable'   => 0,
204 | 		'wpvulnerability-redis'                  => '',
205 | 		'wpvulnerability-redis-cache'            => 0,
206 | 		'wpvulnerability-redis-vulnerable'       => 0,
207 | 		'wpvulnerability-sqlite'                 => '',
208 | 		'wpvulnerability-sqlite-cache'           => 0,
209 | 		'wpvulnerability-sqlite-vulnerable'      => 0,
210 | 		'wpvulnerability-statistics'             => '',
211 | 		'wpvulnerability-statistics-cache'       => 0,
212 | 	);
213 | 
214 | 	foreach ( $options as $key => $value ) {
215 | 		if ( ! $config_key( $key ) ) {
216 | 			$add_option( $key, $value );
217 | 		}
218 | 	}
219 | 
220 | 	// Add wpvulnerability-analyze option if it does not exist.
221 | 	if ( ! $config_key( 'wpvulnerability-analyze' ) ) {
222 | 		$default_analyze = array(
223 | 			'core'        => 0,
224 | 			'plugins'     => 0,
225 | 			'themes'      => 0,
226 | 			'php'         => 0,
227 | 			'apache'      => 0,
228 | 			'nginx'       => 0,
229 | 			'mariadb'     => 0,
230 | 			'mysql'       => 0,
231 | 			'imagemagick' => 0,
232 | 			'curl'        => 0,
233 | 			'memcached'   => 0,
234 | 			'redis'       => 0,
235 | 			'sqlite'      => 0,
236 | 		);
237 | 		$current_option  = $config_key( 'wpvulnerability-analyze' );
238 | 
239 | 		if ( false === $current_option ) {
240 | 			$add_option( 'wpvulnerability-analyze', $default_analyze );
241 | 		} else {
242 | 			$updated_option = array_merge( $default_analyze, $current_option );
243 | 			if ( $updated_option !== $current_option ) {
244 | 				$update_option( 'wpvulnerability-analyze', $updated_option );
245 | 			}
246 | 		}
247 | 	}
248 | }
249 | 
250 | /**
251 |  * Callback function to run when the plugin is deactivated.
252 |  * Deletes options and removes scheduled wp-cron jobs.
253 |  *
254 |  * @since 2.0.0
255 |  *
256 |  * @return void
257 |  */
258 | function wpvulnerability_deactivation() {
259 | 	$options = array(
260 | 		'wpvulnerability_settings',
261 | 		'wpvulnerability-data',
262 | 		'wpvulnerability-analyze',
263 | 		'wpvulnerability-themes',
264 | 		'wpvulnerability-themes-cache',
265 | 		'wpvulnerability-themes-vulnerable',
266 | 		'wpvulnerability-plugins',
267 | 		'wpvulnerability-plugins-cache',
268 | 		'wpvulnerability-plugins-vulnerable',
269 | 		'wpvulnerability-core',
270 | 		'wpvulnerability-core-cache',
271 | 		'wpvulnerability-core-vulnerable',
272 | 		'wpvulnerability-php',
273 | 		'wpvulnerability-php-cache',
274 | 		'wpvulnerability-php-vulnerable',
275 | 		'wpvulnerability-apache',
276 | 		'wpvulnerability-apache-cache',
277 | 		'wpvulnerability-apache-vulnerable',
278 | 		'wpvulnerability-nginx',
279 | 		'wpvulnerability-nginx-cache',
280 | 		'wpvulnerability-nginx-vulnerable',
281 | 		'wpvulnerability-mariadb',
282 | 		'wpvulnerability-mariadb-cache',
283 | 		'wpvulnerability-mariadb-vulnerable',
284 | 		'wpvulnerability-mysql',
285 | 		'wpvulnerability-mysql-cache',
286 | 		'wpvulnerability-mysql-vulnerable',
287 | 		'wpvulnerability-imagemagick',
288 | 		'wpvulnerability-imagemagick-cache',
289 | 		'wpvulnerability-imagemagick-vulnerable',
290 | 		'wpvulnerability-curl',
291 | 		'wpvulnerability-curl-cache',
292 | 		'wpvulnerability-curl-vulnerable',
293 | 		'wpvulnerability-memcached',
294 | 		'wpvulnerability-memcached-cache',
295 | 		'wpvulnerability-memcached-vulnerable',
296 | 		'wpvulnerability-redis',
297 | 		'wpvulnerability-redis-cache',
298 | 		'wpvulnerability-redis-vulnerable',
299 | 		'wpvulnerability-sqlite',
300 | 		'wpvulnerability-sqlite-cache',
301 | 		'wpvulnerability-sqlite-vulnerable',
302 | 		'wpvulnerability-statistics',
303 | 		'wpvulnerability-statistics-cache',
304 | 	);
305 | 
306 | 	// Delete options based on the installation type.
307 | 	$delete_option_func = is_multisite() ? 'delete_site_option' : 'delete_option';
308 | 	foreach ( $options as $option ) {
309 | 		$delete_option_func( $option );
310 | 	}
311 | 
312 | 	wpvulnerability_delete_transients();
313 | 
314 | 	// Unschedule and remove scheduled wp-cron jobs.
315 | 	$cron_jobs = array(
316 | 		'wpvulnerability_notification',
317 | 		'wpvulnerability_update_database',
318 | 		'wpvulnerability_pull_db_data_event',
319 | 	);
320 | 	foreach ( $cron_jobs as $job ) {
321 | 		wp_unschedule_event( wp_next_scheduled( $job ), $job );
322 | 		wp_clear_scheduled_hook( $job );
323 | 	}
324 | }
325 | 
326 | /**
327 |  * Deletes all transients that start with 'wpvulnerability_'.
328 |  *
329 |  * @since 3.5.0
330 |  *
331 |  * @return void
332 |  */
333 | function wpvulnerability_delete_transients() {
334 | 	global $wpdb;
335 | 
336 | 	// Determine if the site is multisite.
337 | 	$is_multisite = is_multisite();
338 | 
339 | 	// Define the prefix according to whether it is multisite or not.
340 | 	$transient_prefix = $is_multisite ? '_site_transient_wpvulnerability_' : '_transient_wpvulnerability_';
341 | 
342 | 	// Prepare the LIKE pattern securely.
343 | 	$like_pattern = $wpdb->esc_like( $transient_prefix ) . '%';
344 | 
345 | 	// Try to get transients from cache first.
346 | 	$cache_key  = 'wpvulnerability_transients_list';
347 | 	$transients = wp_cache_get( $cache_key );
348 | 
349 | 	if ( false === $transients ) {
350 | 		// If cache is empty, query the database for matching transients.
351 | 		$transients = $wpdb->get_col( // phpcs:ignore
352 | 			$wpdb->prepare(
353 | 				"SELECT option_name FROM {$wpdb->options} WHERE option_name LIKE %s",
354 | 				$like_pattern
355 | 			)
356 | 		); // phpcs:ignore
357 | 
358 | 		// Store the result in cache for future use.
359 | 		wp_cache_set( $cache_key, $transients, '', HOUR_IN_SECONDS );
360 | 	}
361 | 
362 | 	// If no transients are found, exit early.
363 | 	if ( empty( $transients ) ) {
364 | 		return;
365 | 	}
366 | 
367 | 	foreach ( $transients as $transient ) {
368 | 		if ( $is_multisite ) {
369 | 			// For multisite, delete using delete_site_transient.
370 | 			$transient_name = str_replace( '_site_transient_', '', $transient );
371 | 			delete_site_transient( $transient_name );
372 | 		} else {
373 | 			// For single sites, delete using delete_transient.
374 | 			$transient_name = str_replace( '_transient_', '', $transient );
375 | 			delete_transient( $transient_name );
376 | 		}
377 | 	}
378 | 
379 | 	// Optionally clear the cache after deletion.
380 | 	wp_cache_delete( $cache_key );
381 | }
382 | 
383 | /**
384 |  * Callback function to run when the plugin is uninstalled.
385 |  * Deletes options and removes scheduled wp-cron jobs.
386 |  *
387 |  * @since 3.0.0
388 |  *
389 |  * @return void
390 |  */
391 | function wpvulnerability_uninstall() {
392 | 	// Delete deprecated options.
393 | 	delete_option( 'wpvulnerability_settings' );
394 | 	delete_option( 'wpvulnerability-data' );
395 | 
396 | 	// Options to delete for both single site and multisite.
397 | 	$options = array(
398 | 		'wpvulnerability-themes',
399 | 		'wpvulnerability-themes-cache',
400 | 		'wpvulnerability-themes-vulnerable',
401 | 		'wpvulnerability-plugins',
402 | 		'wpvulnerability-plugins-cache',
403 | 		'wpvulnerability-plugins-vulnerable',
404 | 		'wpvulnerability-core',
405 | 		'wpvulnerability-core-cache',
406 | 		'wpvulnerability-core-vulnerable',
407 | 		'wpvulnerability-php',
408 | 		'wpvulnerability-php-cache',
409 | 		'wpvulnerability-php-vulnerable',
410 | 		'wpvulnerability-apache',
411 | 		'wpvulnerability-apache-cache',
412 | 		'wpvulnerability-apache-vulnerable',
413 | 		'wpvulnerability-nginx',
414 | 		'wpvulnerability-nginx-cache',
415 | 		'wpvulnerability-nginx-vulnerable',
416 | 		'wpvulnerability-mariadb',
417 | 		'wpvulnerability-mariadb-cache',
418 | 		'wpvulnerability-mariadb-vulnerable',
419 | 		'wpvulnerability-mysql',
420 | 		'wpvulnerability-mysql-cache',
421 | 		'wpvulnerability-mysql-vulnerable',
422 | 		'wpvulnerability-imagemagick',
423 | 		'wpvulnerability-imagemagick-cache',
424 | 		'wpvulnerability-imagemagick-vulnerable',
425 | 		'wpvulnerability-curl',
426 | 		'wpvulnerability-curl-cache',
427 | 		'wpvulnerability-curl-vulnerable',
428 | 		'wpvulnerability-memcached',
429 | 		'wpvulnerability-memcached-cache',
430 | 		'wpvulnerability-memcached-vulnerable',
431 | 		'wpvulnerability-redis',
432 | 		'wpvulnerability-redis-cache',
433 | 		'wpvulnerability-redis-vulnerable',
434 | 		'wpvulnerability-sqlite',
435 | 		'wpvulnerability-sqlite-cache',
436 | 		'wpvulnerability-sqlite-vulnerable',
437 | 		'wpvulnerability-statistics',
438 | 		'wpvulnerability-statistics-cache',
439 | 		'wpvulnerability-analyze',
440 | 	);
441 | 
442 | 	// Delete options based on the installation type.
443 | 	$delete_option_func = is_multisite() ? 'delete_site_option' : 'delete_option';
444 | 	foreach ( $options as $option ) {
445 | 		$delete_option_func( $option );
446 | 	}
447 | 
448 | 	// Delete config data.
449 | 	$delete_option_func( 'wpvulnerability-config' );
450 | 
451 | 	wpvulnerability_delete_transients();
452 | 
453 | 	// Unschedule and remove scheduled wp-cron jobs.
454 | 	$cron_jobs = array(
455 | 		'wpvulnerability_notification',
456 | 		'wpvulnerability_update_database',
457 | 	);
458 | 	foreach ( $cron_jobs as $job ) {
459 | 		wp_unschedule_event( wp_next_scheduled( $job ), $job );
460 | 		wp_clear_scheduled_hook( $job );
461 | 	}
462 | }
463 | 
464 | /**
465 |  * Filters and returns the WPVulnerability analysis setting for a given type.
466 |  *
467 |  * This function retrieves the WPVulnerability analysis settings, either from
468 |  * the single site or the multisite network, depending on the WordPress setup.
469 |  * It returns false if the specified type ('core', 'plugins', 'themes',
470 |  * 'php', 'apache', 'nginx', 'mariadb', 'mysql') is set. If the type is not set or is invalid, it returns true.
471 |  *
472 |  * @since 3.3.0
473 |  *
474 |  * @param string $type The type of analysis setting to retrieve ('core', 'plugins', 'themes', 'php', 'apache', 'nginx', 'mariadb', 'mysql').
475 |  *
476 |  * @return bool False if the specified type is set, true if not set or invalid.
477 |  */
478 | function wpvulnerability_analyze_filter( $type ) {
479 | 	// Retrieve the analysis settings based on the WordPress setup.
480 | 	$wpvulnerability_analyze = is_multisite() ? get_site_option( 'wpvulnerability-analyze', array() ) : get_option( 'wpvulnerability-analyze', array() );
481 | 
482 | 	// Define the valid types for analysis.
483 | 	$valid_types = array( 'core', 'plugins', 'themes', 'php', 'apache', 'nginx', 'mariadb', 'mysql', 'imagemagick', 'curl', 'memcached', 'redis', 'sqlite' );
484 | 
485 | 	if ( in_array( $type, $valid_types, true ) ) {
486 | 		return ! ( isset( $wpvulnerability_analyze[ $type ] ) && (int) $wpvulnerability_analyze[ $type ] );
487 | 	}
488 | 
489 | 	return true; // Return true for invalid types.
490 | }
491 | 
492 | /**
493 |  * Clean the cache after an update.
494 |  *
495 |  * This function is triggered after a plugin or theme update to clean the cache
496 |  * and refresh the vulnerability data.
497 |  *
498 |  * @since 2.0.0
499 |  *
500 |  * @return void
501 |  */
502 | add_action( 'upgrader_process_complete', 'wpvulnerability_update_database_data', 10, 2 );
503 | 
504 | /**
505 |  * Adds a notification count to the Plugins menu item in the WordPress admin if there are vulnerable plugins.
506 |  *
507 |  * This function retrieves the number of vulnerable plugins from the cache, either from a single site
508 |  * or a multisite setup, and displays the count in the WordPress admin menu next to the Plugins menu item.
509 |  * The count is shown with a gold background (#FFD700) and black text.
510 |  *
511 |  * @since 3.3.5
512 |  *
513 |  * @return void
514 |  */
515 | function wpvulnerability_counter_plugins() {
516 | 
517 | 	if ( ! wpvulnerability_analyze_filter( 'plugins' ) ) {
518 | 		return; // Skip if plugin analysis is disabled.
519 | 	}
520 | 
521 | 	// Retrieve the number of vulnerable plugins from cache.
522 | 	$wpvulnerability_plugins_count = is_multisite() && is_network_admin()
523 | 		? get_site_option( 'wpvulnerability-plugins-vulnerable' )
524 | 		: get_option( 'wpvulnerability-plugins-vulnerable' );
525 | 
526 | 	// Decode the count from JSON, default to 0 if not set.
527 | 	$wpvulnerability_plugins_total = $wpvulnerability_plugins_count ? json_decode( $wpvulnerability_plugins_count ) : 0;
528 | 
529 | 	if ( $wpvulnerability_plugins_total > 0 ) {
530 | 		global $menu;
531 | 		foreach ( $menu as $key => $value ) {
532 | 			if ( 'plugins.php' === $menu[ $key ][2] ) {
533 | 				$menu[ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . __( 'Vulnerabilities', 'wpvulnerability' ) . '">' . esc_html( $wpvulnerability_plugins_total ) . '</span></span>'; // phpcs:ignore
534 | 				break;
535 | 			}
536 | 		}
537 | 	}
538 | }
539 | 
540 | // Hook into the appropriate admin menu action based on the site type.
541 | if ( is_multisite() && is_network_admin() ) {
542 | 	add_action( 'network_admin_menu', 'wpvulnerability_counter_plugins' );
543 | } elseif ( ! is_multisite() ) {
544 | 	add_action( 'admin_menu', 'wpvulnerability_counter_plugins' );
545 | }
546 | 
547 | /**
548 |  * Adds a notification count to the Themes menu item in the WordPress admin if there are vulnerable themes.
549 |  *
550 |  * This function retrieves the number of vulnerable themes from the cache, either from a single site
551 |  * or a multisite setup, and displays the count in the WordPress admin menu next to the Themes menu item.
552 |  * The count is displayed with a gold background (#FFD700) and black text.
553 |  *
554 |  * @since 3.3.5
555 |  *
556 |  * @return void
557 |  */
558 | function wpvulnerability_counter_themes() {
559 | 
560 | 	if ( ! wpvulnerability_analyze_filter( 'themes' ) ) {
561 | 		return; // Skip if theme analysis is disabled.
562 | 	}
563 | 
564 | 	// Retrieve the number of theme vulnerabilities from cache.
565 | 	$wpvulnerability_themes_count = ( is_multisite() && is_network_admin() )
566 | 		? get_site_option( 'wpvulnerability-themes-vulnerable' )
567 | 		: get_option( 'wpvulnerability-themes-vulnerable' );
568 | 
569 | 	// Decode the count from JSON, default to 0 if not set.
570 | 	$wpvulnerability_themes_total = $wpvulnerability_themes_count ? json_decode( $wpvulnerability_themes_count ) : 0;
571 | 
572 | 	if ( $wpvulnerability_themes_total > 0 ) {
573 | 
574 | 		// Check if we are in a multisite setup or not.
575 | 		if ( ! is_multisite() ) {
576 | 			global $submenu;
577 | 
578 | 			// Check if the submenu for themes exists.
579 | 			if ( isset( $submenu['themes.php'] ) ) {
580 | 				foreach ( $submenu['themes.php'] as $key => $value ) {
581 | 					if ( 'themes.php' === $submenu['themes.php'][ $key ][2] ) {
582 | 						$submenu['themes.php'][ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . esc_html__( 'Vulnerabilities', 'wpvulnerability' ) . '">' . esc_html( $wpvulnerability_themes_total ) . '</span></span>'; // phpcs:ignore
583 | 						break;
584 | 					}
585 | 				}
586 | 			}
587 | 		} elseif ( is_network_admin() ) {
588 | 			global $menu;
589 | 
590 | 			foreach ( $menu as $key => $value ) {
591 | 				if ( 'themes.php' === $menu[ $key ][2] ) {
592 | 					$menu[ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . esc_html__( 'Vulnerabilities', 'wpvulnerability' ) . '">' . esc_html( $wpvulnerability_themes_total ) . '</span></span>'; // phpcs:ignore
593 | 					break;
594 | 				}
595 | 			}
596 | 		}
597 | 	}
598 | }
599 | 
600 | // Hook into the appropriate admin menu action based on the site type.
601 | if ( is_multisite() && is_network_admin() ) {
602 | 	add_action( 'network_admin_menu', 'wpvulnerability_counter_themes' );
603 | } elseif ( ! is_multisite() ) {
604 | 	add_action( 'admin_menu', 'wpvulnerability_counter_themes' );
605 | }
606 | 
607 | /**
608 |  * Adds a notification count to the Updates submenu item under Dashboard in the WordPress admin if there are core updates.
609 |  *
610 |  * This function checks for core updates and then displays the count in the WordPress admin submenu
611 |  * next to the Updates menu item with a gold background (#FFD700) and black text.
612 |  *
613 |  * @since 3.3.5
614 |  *
615 |  * @return void
616 |  */
617 | function wpvulnerability_counter_core() {
618 | 
619 | 	if ( ! wpvulnerability_analyze_filter( 'core' ) ) {
620 | 		return; // Skip if core analysis is disabled.
621 | 	}
622 | 
623 | 	// Retrieve the number of core vulnerabilities from cache.
624 | 	$wpvulnerability_core_count = is_multisite() && is_network_admin()
625 | 		? get_site_option( 'wpvulnerability-core-vulnerable' )
626 | 		: get_option( 'wpvulnerability-core-vulnerable' );
627 | 
628 | 	// Decode the count from JSON, default to 0 if not set.
629 | 	$wpvulnerability_core_total = $wpvulnerability_core_count ? json_decode( $wpvulnerability_core_count ) : 0;
630 | 
631 | 	if ( $wpvulnerability_core_total > 0 ) {
632 | 		global $submenu;
633 | 		if ( isset( $submenu['index.php'] ) ) {
634 | 			foreach ( $submenu['index.php'] as $key => $value ) {
635 | 				if ( 'update-core.php' === $submenu['index.php'][ $key ][2] ) {
636 | 					$submenu['index.php'][ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . __( 'Vulnerabilities', 'wpvulnerability' ) . '">' . esc_html( $wpvulnerability_core_total ) . '</span></span>'; // phpcs:ignore
637 | 					break;
638 | 				}
639 | 			}
640 | 		}
641 | 	}
642 | }
643 | 
644 | // Hook into the appropriate admin menu action based on the site type.
645 | if ( is_multisite() && is_network_admin() ) {
646 | 	add_action( 'network_admin_menu', 'wpvulnerability_counter_core' );
647 | } elseif ( ! is_multisite() ) {
648 | 	add_action( 'admin_menu', 'wpvulnerability_counter_core' );
649 | }
650 | 


--------------------------------------------------------------------------------
/wpvulnerability-schedule.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * Scheduling functions
 4 |  *
 5 |  * @package WPVulnerability
 6 |  *
 7 |  * @version 3.1.0
 8 |  */
 9 | 
10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
11 | 
12 | /**
13 |  * Schedule Automatic Vulnerability Database Update.
14 |  * If the 'wpvulnerability_update_database' event is not already scheduled, schedule it to run twice daily.
15 |  *
16 |  * @since 2.0.0
17 |  *
18 |  * @return void
19 |  */
20 | if ( ! wp_next_scheduled( 'wpvulnerability_update_database' ) ) {
21 | 	// Schedule the event only for the main site in a multisite network or for a single site.
22 | 	if ( ! is_multisite() || ( is_multisite() && is_main_site() ) ) {
23 | 		wp_schedule_event( time(), 'twicedaily', 'wpvulnerability_update_database' );
24 | 	}
25 | }
26 | 
27 | // Hook the event to the function that updates the database.
28 | add_action( 'wpvulnerability_update_database', 'wpvulnerability_update_database_data' );
29 | 
30 | /**
31 |  * Schedule vulnerability notification and execute notification function.
32 |  *
33 |  * @since 2.0.0
34 |  *
35 |  * @return void
36 |  */
37 | $wpvulnerability_s = array();
38 | if ( is_multisite() ) {
39 | 	$wpvulnerability_s = get_site_option( 'wpvulnerability-config' );
40 | } else {
41 | 	$wpvulnerability_s = get_option( 'wpvulnerability-config' );
42 | }
43 | 
44 | // Check if notification period is set.
45 | if ( isset( $wpvulnerability_s['period'] ) ) {
46 | 
47 | 	// Check if notification is not already scheduled.
48 | 	if ( ! wp_next_scheduled( 'wpvulnerability_notification' ) ) {
49 | 
50 | 		// Schedule notification.
51 | 		if ( ! is_multisite() || ( is_multisite() && is_main_site() ) ) {
52 | 			wp_schedule_event( time(), $wpvulnerability_s['period'], 'wpvulnerability_notification' );
53 | 		}
54 | 	}
55 | 
56 | 	// Add action to execute notification function.
57 | 	add_action( 'wpvulnerability_notification', 'wpvulnerability_execute_notification' );
58 | }
59 | 
60 | // Clean up.
61 | unset( $wpvulnerability_s );
62 | 


--------------------------------------------------------------------------------
/wpvulnerability-sitehealth.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Site Health functions
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @version 2.0.0
  8 |  */
  9 | 
 10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 11 | 
 12 | /**
 13 |  * Tests for vulnerabilities in installed plugins.
 14 |  *
 15 |  * @version 2.0.0
 16 |  *
 17 |  * @return array Returns an array with the results of the vulnerability test.
 18 |  */
 19 | function wpvulnerability_test_plugins() {
 20 | 	// Define the initial test result values.
 21 | 	$result = array(
 22 | 		'label'       => __( 'There aren\'t plugins vulnerabilities', 'wpvulnerability' ),
 23 | 		'status'      => 'good',
 24 | 		'badge'       => array(
 25 | 			'label' => __( 'Security', 'wpvulnerability' ),
 26 | 			'color' => 'green',
 27 | 		),
 28 | 		'description' => sprintf(
 29 | 			'<p>%s</p>',
 30 | 			__( 'Shows possible vulnerabilities that exist in installed plugins.', 'wpvulnerability' )
 31 | 		),
 32 | 		'actions'     => '',
 33 | 		'test'        => 'wpvulnerability_plugins',
 34 | 	);
 35 | 
 36 | 	// Check if any plugin vulnerabilities were found.
 37 | 	$wpvulnerability_test_plugins_counter = is_multisite() ? json_decode( get_site_option( 'wpvulnerability-plugins-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-plugins-vulnerable' ) );
 38 | 
 39 | 	if ( $wpvulnerability_test_plugins_counter ) {
 40 | 		$result['status'] = 'critical';
 41 | 		$result['label']  = sprintf(
 42 | 			// translators: Number of plugins vulnerabilities.
 43 | 			_n( 'There is %d plugin with vulnerabilities', 'There are %d plugins with vulnerabilities', $wpvulnerability_test_plugins_counter, 'wpvulnerability' ),
 44 | 			$wpvulnerability_test_plugins_counter
 45 | 		);
 46 | 		$result['badge']['color'] = 'red';
 47 | 		$result['description']    = sprintf(
 48 | 			'<p>%1$s</p> %2$s',
 49 | 			__( 'We\'ve detected potential vulnerabilities in installed plugins. Please check them and keep them updated.', 'wpvulnerability' ),
 50 | 			wpvulnerability_html_plugins()
 51 | 		);
 52 | 
 53 | 		// Add action links to update plugins.
 54 | 		$result['actions'] .= sprintf(
 55 | 			'<p><a href="%s">%s</a></p>',
 56 | 			esc_url( is_multisite() ? network_admin_url( 'plugins.php' ) : admin_url( 'plugins.php' ) ),
 57 | 			__( 'Update plugins', 'wpvulnerability' )
 58 | 		);
 59 | 	}
 60 | 
 61 | 	return $result;
 62 | }
 63 | 
 64 | /**
 65 |  * Tests for vulnerabilities in installed themes.
 66 |  *
 67 |  * @version 2.0.0
 68 |  *
 69 |  * @return array Returns an array with the results of the vulnerability test.
 70 |  */
 71 | function wpvulnerability_test_themes() {
 72 | 	// Define the initial test result values.
 73 | 	$result = array(
 74 | 		'label'       => __( 'There aren\'t themes vulnerabilities', 'wpvulnerability' ),
 75 | 		'status'      => 'good',
 76 | 		'badge'       => array(
 77 | 			'label' => __( 'Security', 'wpvulnerability' ),
 78 | 			'color' => 'green',
 79 | 		),
 80 | 		'description' => sprintf(
 81 | 			'<p>%s</p>',
 82 | 			__( 'Shows possible vulnerabilities that exist in installed themes.', 'wpvulnerability' )
 83 | 		),
 84 | 		'actions'     => '',
 85 | 		'test'        => 'wpvulnerability_themes',
 86 | 	);
 87 | 
 88 | 	// Check if any theme vulnerabilities were found.
 89 | 	$wpvulnerability_test_themes_counter = is_multisite() ? json_decode( get_site_option( 'wpvulnerability-themes-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-themes-vulnerable' ) );
 90 | 
 91 | 	if ( $wpvulnerability_test_themes_counter ) {
 92 | 		$result['status'] = 'critical';
 93 | 		$result['label']  = sprintf(
 94 | 			// translators: Number of themes vulnerabilities.
 95 | 			_n( 'There is %d theme with vulnerabilities', 'There are %d themes with vulnerabilities', $wpvulnerability_test_themes_counter, 'wpvulnerability' ),
 96 | 			$wpvulnerability_test_themes_counter
 97 | 		);
 98 | 		$result['badge']['color'] = 'red';
 99 | 		$result['description']    = sprintf(
100 | 			'<p>%1$s</p> %2$s',
101 | 			__( 'We\'ve detected potential vulnerabilities in installed themes. Please check them and keep them updated.', 'wpvulnerability' ),
102 | 			wpvulnerability_html_themes()
103 | 		);
104 | 
105 | 		// Add action links to update themes.
106 | 		$result['actions'] .= sprintf(
107 | 			'<p><a href="%s">%s</a></p>',
108 | 			esc_url( is_multisite() ? network_admin_url( 'themes.php' ) : admin_url( 'themes.php' ) ),
109 | 			__( 'Update themes', 'wpvulnerability' )
110 | 		);
111 | 	}
112 | 
113 | 	return $result;
114 | }
115 | 
116 | /**
117 |  * Tests for vulnerabilities in core.
118 |  *
119 |  * @version 2.0.0
120 |  *
121 |  * @return array Returns an array with the results of the vulnerability test.
122 |  */
123 | function wpvulnerability_test_core() {
124 | 	// Define the initial test result values.
125 | 	$result = array(
126 | 		'label'       => __( 'There aren\'t WordPress vulnerabilities', 'wpvulnerability' ),
127 | 		'status'      => 'good',
128 | 		'badge'       => array(
129 | 			'label' => __( 'Security', 'wpvulnerability' ),
130 | 			'color' => 'green',
131 | 		),
132 | 		'description' => sprintf(
133 | 			'<p>%s</p>',
134 | 			__( 'Shows possible vulnerabilities existing in the WordPress core.', 'wpvulnerability' )
135 | 		),
136 | 		'actions'     => '',
137 | 		'test'        => 'wpvulnerability_core',
138 | 	);
139 | 
140 | 	// Check if any core vulnerabilities were found.
141 | 	$wpvulnerability_test_core_counter = is_multisite() ? json_decode( get_site_option( 'wpvulnerability-core-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-core-vulnerable' ) );
142 | 
143 | 	if ( $wpvulnerability_test_core_counter ) {
144 | 		$result['status'] = 'critical';
145 | 		$result['label']  = sprintf(
146 | 			// translators: Number of core vulnerabilities.
147 | 			_n( 'There is %d core vulnerability', 'There are %d core vulnerabilities', $wpvulnerability_test_core_counter, 'wpvulnerability' ),
148 | 			$wpvulnerability_test_core_counter
149 | 		);
150 | 		$result['badge']['color'] = 'red';
151 | 		$result['description']    = sprintf(
152 | 			'<p>%1$s</p> %2$s',
153 | 			__( 'We\'ve detected potential vulnerabilities in this WordPress installation. Please check them and keep your installation updated.', 'wpvulnerability' ),
154 | 			wpvulnerability_html_core()
155 | 		);
156 | 
157 | 		// Add action links to update WordPress.
158 | 		$result['actions'] .= sprintf(
159 | 			'<p><a href="%s">%s</a></p>',
160 | 			esc_url( is_multisite() ? network_admin_url( 'update-core.php' ) : admin_url( 'update-core.php' ) ),
161 | 			__( 'Update WordPress', 'wpvulnerability' )
162 | 		);
163 | 	}
164 | 
165 | 	return $result;
166 | }
167 | 
168 | /**
169 |  * Tests for vulnerabilities in a specified software component.
170 |  *
171 |  * @version 3.5.0
172 |  *
173 |  * @param string $software The type of software to test (php, apache, nginx, mariadb, mysql).
174 |  * @return array Returns an array with the results of the vulnerability test.
175 |  */
176 | function wpvulnerability_test_software( $software ) {
177 | 	$software_list = array(
178 | 		'php'         => __( 'PHP', 'wpvulnerability' ),
179 | 		'apache'      => __( 'Apache HTTPD', 'wpvulnerability' ),
180 | 		'nginx'       => __( 'Nginx', 'wpvulnerability' ),
181 | 		'mariadb'     => __( 'MariaDB', 'wpvulnerability' ),
182 | 		'mysql'       => __( 'MySQL', 'wpvulnerability' ),
183 | 		'imagemagick' => __( 'ImageMagick', 'wpvulnerability' ),
184 | 		'curl'        => __( 'curl', 'wpvulnerability' ),
185 | 	);
186 | 
187 | 	if ( ! array_key_exists( $software, $software_list ) ) {
188 | 		return array(
189 | 			'label'       => __( 'Invalid software type', 'wpvulnerability' ),
190 | 			'status'      => 'error',
191 | 			'badge'       => array(
192 | 				'label' => __( 'Error', 'wpvulnerability' ),
193 | 				'color' => 'red',
194 | 			),
195 | 			'description' => sprintf(
196 | 				'<p>%s</p>',
197 | 				__( 'The specified software type is not valid.', 'wpvulnerability' )
198 | 			),
199 | 			'actions'     => '',
200 | 			'test'        => 'wpvulnerability_' . $software,
201 | 		);
202 | 	}
203 | 
204 | 	// Define the initial test result values.
205 | 	$result = array(
206 | 		// translators: name of the software.
207 | 		'label'       => sprintf( __( 'There aren\'t %s vulnerabilities', 'wpvulnerability' ), $software_list[ $software ] ),
208 | 		'status'      => 'good',
209 | 		'badge'       => array(
210 | 			'label' => __( 'Security', 'wpvulnerability' ),
211 | 			'color' => 'green',
212 | 		),
213 | 		'description' => sprintf(
214 | 			'<p>%s</p>',
215 | 			// translators: software with vulnerabilities.
216 | 			sprintf( __( 'Shows possible vulnerabilities existing in %s.', 'wpvulnerability' ), $software_list[ $software ] )
217 | 		),
218 | 		'actions'     => '',
219 | 		'test'        => 'wpvulnerability_' . $software,
220 | 	);
221 | 
222 | 	// Check if any vulnerabilities were found.
223 | 	$vulnerability_counter = is_multisite() ? json_decode( get_site_option( 'wpvulnerability-' . $software . '-vulnerable' ) ) : json_decode( get_option( 'wpvulnerability-' . $software . '-vulnerable' ) );
224 | 
225 | 	if ( $vulnerability_counter ) {
226 | 		$result['status'] = 'critical';
227 | 		$result['label']  = sprintf(
228 | 			// translators: Software and number of vulnerabilities.
229 | 			_n( 'There is %1$d %2$s vulnerability', 'There are %1$d %2$s vulnerabilities', $vulnerability_counter, 'wpvulnerability' ),
230 | 			$vulnerability_counter,
231 | 			$software_list[ $software ]
232 | 		);
233 | 		$result['badge']['color'] = 'red';
234 | 		$result['description']    = sprintf(
235 | 			'<p>%1$s</p> %2$s',
236 | 			// translators: software with vulnerabilities.
237 | 			sprintf( __( 'We\'ve detected potential vulnerabilities in %s. Please check them and keep your installation updated.', 'wpvulnerability' ), $software_list[ $software ] ),
238 | 			wpvulnerability_html_software( $software )
239 | 		);
240 | 
241 | 		// Add specific action links if necessary.
242 | 		if ( 'php' === $software ) {
243 | 			$result['actions'] .= sprintf(
244 | 				'<p><a href="%s">%s</a></p>',
245 | 				esc_url( wp_get_update_php_url() ),
246 | 				__( 'How to update PHP', 'wpvulnerability' )
247 | 			);
248 | 		}
249 | 	}
250 | 
251 | 	return $result;
252 | }
253 | 
254 | /**
255 |  * Tests for vulnerabilities in MySQL.
256 |  *
257 |  * @return array Returns an array with the results of the vulnerability test.
258 |  */
259 | function wpvulnerability_test_mysql() {
260 | 	return wpvulnerability_test_software( 'mysql' );
261 | }
262 | 
263 | /**
264 |  * Tests for vulnerabilities in MariaDB.
265 |  *
266 |  * @return array Returns an array with the results of the vulnerability test.
267 |  */
268 | function wpvulnerability_test_mariadb() {
269 | 	return wpvulnerability_test_software( 'mariadb' );
270 | }
271 | 
272 | /**
273 |  * Tests for vulnerabilities in Apache.
274 |  *
275 |  * @return array Returns an array with the results of the vulnerability test.
276 |  */
277 | function wpvulnerability_test_apache() {
278 | 	return wpvulnerability_test_software( 'apache' );
279 | }
280 | 
281 | /**
282 |  * Tests for vulnerabilities in Nginx.
283 |  *
284 |  * @return array Returns an array with the results of the vulnerability test.
285 |  */
286 | function wpvulnerability_test_nginx() {
287 | 	return wpvulnerability_test_software( 'nginx' );
288 | }
289 | 
290 | /**
291 |  * Tests for vulnerabilities in PHP.
292 |  *
293 |  * @return array Returns an array with the results of the vulnerability test.
294 |  */
295 | function wpvulnerability_test_php() {
296 | 	return wpvulnerability_test_software( 'php' );
297 | }
298 | 
299 | /**
300 |  * Tests for vulnerabilities in ImageMagick.
301 |  *
302 |  * @return array Returns an array with the results of the vulnerability test.
303 |  */
304 | function wpvulnerability_test_imagemagick() {
305 | 	return wpvulnerability_test_software( 'imagemagick' );
306 | }
307 | 
308 | /**
309 |  * Tests for vulnerabilities in curl.
310 |  *
311 |  * @return array Returns an array with the results of the vulnerability test.
312 |  */
313 | function wpvulnerability_test_curl() {
314 | 	return wpvulnerability_test_software( 'curl' );
315 | }
316 | 
317 | /**
318 |  * Tests for vulnerabilities in memcached.
319 |  *
320 |  * @return array Returns an array with the results of the vulnerability test.
321 |  */
322 | function wpvulnerability_test_memcached() {
323 | 	return wpvulnerability_test_software( 'memcached' );
324 | }
325 | 
326 | /**
327 |  * Tests for vulnerabilities in Redis.
328 |  *
329 |  * @return array Returns an array with the results of the vulnerability test.
330 |  */
331 | function wpvulnerability_test_redis() {
332 | 	return wpvulnerability_test_software( 'redis' );
333 | }
334 | 
335 | /**
336 |  * Tests for vulnerabilities in SQLite.
337 |  *
338 |  * @return array Returns an array with the results of the vulnerability test.
339 |  */
340 | function wpvulnerability_test_sqlite() {
341 | 	return wpvulnerability_test_software( 'sqlite' );
342 | }
343 | 
344 | /**
345 |  * Adds vulnerability tests to the Health Check & Troubleshooting page.
346 |  *
347 |  * This function registers various vulnerability tests for different components of the site, such as
348 |  * WordPress core, themes, plugins, PHP, Apache, Nginx, MariaDB, and MySQL, to the Site Health status page.
349 |  *
350 |  * @since 2.0.0
351 |  *
352 |  * @param array $tests Array of current site status tests.
353 |  *
354 |  * @return array The updated array of site status tests.
355 |  */
356 | function wpvulnerability_tests( $tests ) {
357 | 
358 | 	if ( wpvulnerability_analyze_filter( 'core' ) ) {
359 | 		// Add test for Core WordPress vulnerabilities.
360 | 		$tests['direct']['wpvulnerability_core'] = array(
361 | 			'label' => __( 'WPVulnerability Core', 'wpvulnerability' ),
362 | 			'test'  => 'wpvulnerability_test_core',
363 | 		);
364 | 	}
365 | 
366 | 	if ( wpvulnerability_analyze_filter( 'themes' ) ) {
367 | 		// Add test for Theme vulnerabilities.
368 | 		$tests['direct']['wpvulnerability_themes'] = array(
369 | 			'label' => __( 'WPVulnerability Themes', 'wpvulnerability' ),
370 | 			'test'  => 'wpvulnerability_test_themes',
371 | 		);
372 | 	}
373 | 
374 | 	if ( wpvulnerability_analyze_filter( 'plugins' ) ) {
375 | 		// Add test for Plugin vulnerabilities.
376 | 		$tests['direct']['wpvulnerability_plugins'] = array(
377 | 			'label' => __( 'WPVulnerability Plugins', 'wpvulnerability' ),
378 | 			'test'  => 'wpvulnerability_test_plugins',
379 | 		);
380 | 	}
381 | 
382 | 	if ( wpvulnerability_analyze_filter( 'php' ) ) {
383 | 		// Add test for PHP vulnerabilities.
384 | 		$tests['direct']['wpvulnerability_php'] = array(
385 | 			'label' => __( 'WPVulnerability PHP', 'wpvulnerability' ),
386 | 			'test'  => 'wpvulnerability_test_php',
387 | 		);
388 | 	}
389 | 
390 | 	if ( wpvulnerability_analyze_filter( 'apache' ) ) {
391 | 		// Add test for Apache vulnerabilities.
392 | 		$tests['direct']['wpvulnerability_apache'] = array(
393 | 			'label' => __( 'WPVulnerability Apache HTTPD', 'wpvulnerability' ),
394 | 			'test'  => 'wpvulnerability_test_apache',
395 | 		);
396 | 	}
397 | 
398 | 	if ( wpvulnerability_analyze_filter( 'nginx' ) ) {
399 | 		// Add test for Nginx vulnerabilities.
400 | 		$tests['direct']['wpvulnerability_nginx'] = array(
401 | 			'label' => __( 'WPVulnerability Nginx', 'wpvulnerability' ),
402 | 			'test'  => 'wpvulnerability_test_nginx',
403 | 		);
404 | 	}
405 | 
406 | 	if ( wpvulnerability_analyze_filter( 'mariadb' ) ) {
407 | 		// Add test for MariaDB vulnerabilities.
408 | 		$tests['direct']['wpvulnerability_mariadb'] = array(
409 | 			'label' => __( 'WPVulnerability MariaDB', 'wpvulnerability' ),
410 | 			'test'  => 'wpvulnerability_test_mariadb',
411 | 		);
412 | 	}
413 | 
414 | 	if ( wpvulnerability_analyze_filter( 'mysql' ) ) {
415 | 		// Add test for MySQL vulnerabilities.
416 | 		$tests['direct']['wpvulnerability_mysql'] = array(
417 | 			'label' => __( 'WPVulnerability MySQL', 'wpvulnerability' ),
418 | 			'test'  => 'wpvulnerability_test_mysql',
419 | 		);
420 | 	}
421 | 
422 | 	if ( wpvulnerability_analyze_filter( 'imagemagick' ) ) {
423 | 		// Add test for ImageMagick vulnerabilities.
424 | 		$tests['direct']['wpvulnerability_imagemagick'] = array(
425 | 			'label' => __( 'WPVulnerability ImageMagick', 'wpvulnerability' ),
426 | 			'test'  => 'wpvulnerability_test_imagemagick',
427 | 		);
428 | 	}
429 | 
430 | 	if ( wpvulnerability_analyze_filter( 'curl' ) ) {
431 | 		// Add test for curl vulnerabilities.
432 | 		$tests['direct']['wpvulnerability_curl'] = array(
433 | 			'label' => __( 'WPVulnerability curl', 'wpvulnerability' ),
434 | 			'test'  => 'wpvulnerability_test_curl',
435 | 		);
436 | 	}
437 | 
438 | 	if ( wpvulnerability_analyze_filter( 'memcached' ) ) {
439 | 		// Add test for memcached vulnerabilities.
440 | 		$tests['direct']['wpvulnerability_memcached'] = array(
441 | 			'label' => __( 'WPVulnerability memcached', 'wpvulnerability' ),
442 | 			'test'  => 'wpvulnerability_test_memcached',
443 | 		);
444 | 	}
445 | 
446 | 	if ( wpvulnerability_analyze_filter( 'redis' ) ) {
447 | 		// Add test for Redis vulnerabilities.
448 | 		$tests['direct']['wpvulnerability_redis'] = array(
449 | 			'label' => __( 'WPVulnerability redis', 'wpvulnerability' ),
450 | 			'test'  => 'wpvulnerability_test_redis',
451 | 		);
452 | 	}
453 | 
454 | 	if ( wpvulnerability_analyze_filter( 'sqlite' ) ) {
455 | 		// Add test for SQLite vulnerabilities.
456 | 		$tests['direct']['wpvulnerability_sqlite'] = array(
457 | 			'label' => __( 'WPVulnerability sqlite', 'wpvulnerability' ),
458 | 			'test'  => 'wpvulnerability_test_sqlite',
459 | 		);
460 | 	}
461 | 
462 | 	return $tests;
463 | }
464 | 
465 | // Adds the vulnerability tests to the site status tests.
466 | add_filter( 'site_status_tests', 'wpvulnerability_tests' );
467 | 


--------------------------------------------------------------------------------
/wpvulnerability-software.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Software functions
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @version 3.5.0
  8 |  */
  9 | 
 10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 11 | 
 12 | /**
 13 |  * Retrieves the specified software version.
 14 |  *
 15 |  * This function returns the version of PHP, Apache, Nginx, MySQL, or MariaDB
 16 |  * after performing necessary validations. It ensures that the returned value
 17 |  * is clean and sanitized.
 18 |  *
 19 |  * @since 3.5.0
 20 |  *
 21 |  * @param string $software The name of the software ('php', 'apache', 'nginx', 'mysql', 'mariadb').
 22 |  * @return string|null The sanitized version of the software, or null if not found.
 23 |  */
 24 | function wpvulnerability_get_software_version( $software ) {
 25 | 	switch ( $software ) {
 26 | 		case 'php':
 27 | 			return wp_kses( wpvulnerability_detect_php(), 'strip' );
 28 | 
 29 | 		case 'apache':
 30 | 		case 'nginx':
 31 | 			$webserver = wpvulnerability_detect_webserver();
 32 | 			if ( isset( $webserver['id'] ) && $webserver['id'] === $software && ! empty( $webserver['version'] ) ) {
 33 | 				return wp_kses( (string) $webserver['version'], 'strip' );
 34 | 			}
 35 | 			break;
 36 | 
 37 | 		case 'mysql':
 38 | 		case 'mariadb':
 39 | 			$sqlserver = wpvulnerability_detect_sqlserver();
 40 | 			if ( isset( $sqlserver['id'] ) && $sqlserver['id'] === $software && ! empty( $sqlserver['version'] ) ) {
 41 | 				return wp_kses( (string) $sqlserver['version'], 'strip' );
 42 | 			}
 43 | 			break;
 44 | 
 45 | 		case 'imagemagick':
 46 | 			return wp_kses( wpvulnerability_detect_imagemagick(), 'strip' );
 47 | 
 48 | 		case 'curl':
 49 | 			return wp_kses( wpvulnerability_detect_curl(), 'strip' );
 50 | 
 51 | 		case 'memcached':
 52 | 			return wp_kses( wpvulnerability_detect_memcached(), 'strip' );
 53 | 
 54 | 		case 'redis':
 55 | 			return wp_kses( wpvulnerability_detect_redis(), 'strip' );
 56 | 
 57 | 		case 'sqlite':
 58 | 			return wp_kses( wpvulnerability_detect_sqlite(), 'strip' );
 59 | 
 60 | 		default:
 61 | 			return null;
 62 | 	}
 63 | }
 64 | 
 65 | /**
 66 |  * Retrieves vulnerabilities for a given software version and updates its data.
 67 |  *
 68 |  * This function detects the installed software version, checks for vulnerabilities using an external API,
 69 |  * and updates the data array with the vulnerabilities found.
 70 |  *
 71 |  * @since 3.5.0
 72 |  *
 73 |  * @param string $software The software name (e.g., 'php', 'apache', 'nginx', 'mysql', 'mariadb').
 74 |  *
 75 |  * @return array The updated data array containing vulnerability information.
 76 |  */
 77 | function wpvulnerability_get_fresh_vulnerabilities( $software ) {
 78 | 
 79 | 	$version = null;
 80 | 	$data    = array(
 81 | 		'vulnerabilities' => null,
 82 | 		'vulnerable'      => 0,
 83 | 	);
 84 | 
 85 | 	switch ( $software ) {
 86 | 		case 'php':
 87 | 		case 'apache':
 88 | 		case 'nginx':
 89 | 		case 'mysql':
 90 | 		case 'mariadb':
 91 | 		case 'imagemagick':
 92 | 		case 'curl':
 93 | 		case 'memcached':
 94 | 		case 'redis':
 95 | 		case 'sqlite':
 96 | 			$version = wpvulnerability_get_software_version( $software );
 97 | 			break;
 98 | 
 99 | 		default:
100 | 			return $data;
101 | 	}
102 | 
103 | 	if ( $version ) {
104 | 		switch ( $software ) {
105 | 			case 'php':
106 | 			case 'apache':
107 | 			case 'nginx':
108 | 			case 'mysql':
109 | 			case 'mariadb':
110 | 			case 'imagemagick':
111 | 			case 'curl':
112 | 			case 'memcached':
113 | 			case 'redis':
114 | 			case 'sqlite':
115 | 				$api_response = wpvulnerability_get_vulnerabilities( $software, $version, 0 );
116 | 				break;
117 | 		}
118 | 
119 | 		if ( ! empty( $api_response ) ) {
120 | 			$data['vulnerabilities'] = $api_response;
121 | 			$data['vulnerable']      = 1;
122 | 		}
123 | 	}
124 | 
125 | 	return $data;
126 | }
127 | 
128 | 
129 | /**
130 |  * Get Installed Software
131 |  *
132 |  * Retrieves the list of installed software versions, checks for vulnerabilities,
133 |  * caches the data, and sends an email notification if vulnerabilities are detected.
134 |  *
135 |  * @since 3.5.0
136 |  *
137 |  * @param string $software The software name (e.g., 'php', 'apache').
138 |  *
139 |  * @return string JSON-encoded array of software data with vulnerabilities and vulnerable status.
140 |  */
141 | function wpvulnerability_get_installed( $software ) {
142 | 
143 | 	$wpvulnerability_software_vulnerable = 0;
144 | 
145 | 	// Retrieve fresh vulnerabilities for the installed software version.
146 | 	$data = wpvulnerability_get_fresh_vulnerabilities( $software );
147 | 
148 | 	// Check if the software version is vulnerable and count the vulnerabilities.
149 | 	if ( isset( $data['vulnerable'] ) && (int) $data['vulnerable'] ) {
150 | 		$wpvulnerability_software_vulnerable = count( $data['vulnerabilities'] );
151 | 	}
152 | 
153 | 	// Cache the vulnerability data and the timestamp for cache expiration.
154 | 	if ( is_multisite() ) {
155 | 		update_site_option( 'wpvulnerability-' . $software, wp_json_encode( $data ) );
156 | 		update_site_option( 'wpvulnerability-' . $software . '-vulnerable', wp_json_encode( number_format( $wpvulnerability_software_vulnerable, 0, '.', '' ) ) );
157 | 		update_site_option( 'wpvulnerability-' . $software . '-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
158 | 	} else {
159 | 		update_option( 'wpvulnerability-' . $software, wp_json_encode( $data ) );
160 | 		update_option( 'wpvulnerability-' . $software . '-vulnerable', wp_json_encode( number_format( $wpvulnerability_software_vulnerable, 0, '.', '' ) ) );
161 | 		update_option( 'wpvulnerability-' . $software . '-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
162 | 	}
163 | 
164 | 	// Return the JSON-encoded array of software data.
165 | 	return wp_json_encode( $data );
166 | }
167 | 
168 | /**
169 |  * Get the cached vulnerabilities or update the cache if it's stale or missing.
170 |  *
171 |  * @since 3.5.0
172 |  *
173 |  * @param string $software The software name (e.g., 'php', 'apache').
174 |  *
175 |  * @return array|null Array of software data with vulnerabilities, or null if software is invalid.
176 |  */
177 | function wpvulnerability_software_get_vulnerabilities( $software ) {
178 | 
179 | 	$valid_software = array( 'php', 'apache', 'mariadb', 'mysql', 'nginx', 'imagemagick', 'curl', 'memcached', 'redis', 'sqlite' );
180 | 
181 | 	// Use strict comparison for in_array.
182 | 	if ( in_array( $software, $valid_software, true ) ) {
183 | 		if ( is_multisite() ) {
184 | 
185 | 			// Get the cached data and decode it.
186 | 			$data_cache = json_decode( get_site_option( 'wpvulnerability-' . $software . '-cache' ) );
187 | 
188 | 			// Get the installed data and decode it.
189 | 			$data = json_decode( get_site_option( 'wpvulnerability-' . $software ), true );
190 | 
191 | 		} else {
192 | 
193 | 			// Get the cached data and decode it.
194 | 			$data_cache = json_decode( get_option( 'wpvulnerability-' . $software . '-cache' ) );
195 | 
196 | 			// Get the installed data and decode it.
197 | 			$data = json_decode( get_option( 'wpvulnerability-' . $software ), true );
198 | 
199 | 		}
200 | 
201 | 		// If the cache is stale or the data is empty, update the cache.
202 | 		if ( $data_cache < time() || empty( $data ) ) {
203 | 
204 | 			// Get the installed data and update the cache.
205 | 			$data = json_decode( wpvulnerability_get_installed( $software ), true );
206 | 
207 | 		}
208 | 
209 | 		return $data;
210 | 	} else {
211 | 		return null;
212 | 	}
213 | }
214 | 
215 | /**
216 |  * Update the software cache and remove any old cache data.
217 |  *
218 |  * @since 3.0.0
219 |  *
220 |  * @param string $software The software name (e.g., 'php', 'apache').
221 |  *
222 |  * @return void
223 |  */
224 | function wpvulnerability_get_vulnerabilities_clean( $software ) {
225 | 
226 | 	// Update the installed software cache.
227 | 	wpvulnerability_get_installed( $software );
228 | }
229 | 


--------------------------------------------------------------------------------
/wpvulnerability-themes.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Themes functions
  4 |  *
  5 |  * @package WPVulnerability
  6 |  *
  7 |  * @version 2.0.0
  8 |  */
  9 | 
 10 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 11 | 
 12 | /**
 13 |  * Adds a vulnerability notice under vulnerable themes.
 14 |  *
 15 |  * @since 2.0.0
 16 |  *
 17 |  * @param string $theme_file Main themes folder/file name.
 18 |  * @param array  $theme_data Theme data.
 19 |  *
 20 |  * @return void
 21 |  */
 22 | function wpvulnerability_theme_info_after( $theme_file, $theme_data ) {
 23 | 
 24 | 	// Retrieve the vulnerabilities for all themes from the options table and decode the JSON.
 25 | 	if ( is_multisite() ) {
 26 | 		$theme_vulnerabilities = json_decode( get_site_option( 'wpvulnerability-themes' ), true );
 27 | 	} else {
 28 | 		$theme_vulnerabilities = json_decode( get_option( 'wpvulnerability-themes' ), true );
 29 | 	}
 30 | 
 31 | 	// Determine whether the theme is active and add an appropriate CSS class to the table row.
 32 | 	$current_theme = wp_get_theme();
 33 | 	$tr_class      = '';
 34 | 	if ( $theme_file === $current_theme->get_stylesheet() ) {
 35 | 		$tr_class .= 'active';
 36 | 	}
 37 | 
 38 | 	// Generate the vulnerability notice message with the theme name.
 39 | 	$message = sprintf(
 40 | 		/* translators: 1: theme name */
 41 | 		__( '%1$s has a known vulnerability that may be affecting this version.', 'wpvulnerability' ),
 42 | 		wp_kses( (string) $theme_data->get( 'Name' ), 'strip' )
 43 | 	);
 44 | 
 45 | 	// Begin generating the table row HTML markup with appropriate CSS classes and the vulnerability notice message.
 46 | 	$information  = '<tr class="wpvulnerability ' . esc_attr( $tr_class ) . '">';
 47 | 	$information .= '<td colspan="4">';
 48 | 	$information .= '<p class="text-red"><img src="' . esc_url( WPVULNERABILITY_PLUGIN_URL ) . 'assets/logo16.png" style="height: 16px; vertical-align: text-top; width: 16px;" alt="" title="WPVulnerability"> <strong>' . esc_html( $message ) . '</strong></p>';
 49 | 	$information .= '<table>';
 50 | 
 51 | 	// Loop through all vulnerabilities for the current theme and add their details to the table row HTML markup.
 52 | 	$vulnerabilities = $theme_vulnerabilities[ $theme_file ]['wpvulnerability']['vulnerabilities'];
 53 | 
 54 | 	foreach ( $vulnerabilities as $vulnerability ) {
 55 | 		$what = array();
 56 | 		if ( isset( $vulnerability['impact']['cwe'] ) ) {
 57 | 			foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) {
 58 | 				$what[] = '<div><b>' . wp_kses( (string) $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post( (string) $vulnerability_cwe['description'] ) . '</i></div>';
 59 | 			}
 60 | 		}
 61 | 
 62 | 		$sources = array();
 63 | 		if ( isset( $vulnerability['source'] ) ) {
 64 | 			foreach ( $vulnerability['source'] as $vulnerability_source ) {
 65 | 				$sources[] = '<a href="' . esc_url_raw( (string) $vulnerability_source['link'], 'strip' ) . '" target="_blank" rel="external nofollow noopener noreferrer">[+]</a>&nbsp;' . wp_kses( (string) $vulnerability_source['name'], 'strip' );
 66 | 			}
 67 | 		}
 68 | 		if ( count( $sources ) ) {
 69 | 			$source = '<div style="padding-bottom: 5px;">' . implode( '<br>', $sources ) . '</div>';
 70 | 		}
 71 | 
 72 | 		$score = null;
 73 | 		if ( isset( $vulnerability['impact']['cvss']['score'] ) ) {
 74 | 			$score = number_format( (float) $vulnerability['impact']['cvss']['score'], 1, '.', '' );
 75 | 		}
 76 | 		$severity = null;
 77 | 		if ( isset( $vulnerability['impact']['cvss']['severity'] ) ) {
 78 | 			$severity = wpvulnerability_severity( $vulnerability['impact']['cvss']['severity'] );
 79 | 		}
 80 | 
 81 | 		$information .= '<tr>';
 82 | 		$information .= '<td style="max-width: 256px; min-width: 96px;"><b>' . wp_kses( (string) $vulnerability['versions'], 'strip' ) . '</b></td>';
 83 | 		$information .= '<td>';
 84 | 		if ( (int) $vulnerability['closed'] || (int) $vulnerability['unfixed'] ) {
 85 | 			$information .= '<div style="padding-bottom: 5px;">';
 86 | 			if ( (int) $vulnerability['closed'] ) {
 87 | 				$information .= '<div class="text-red">' . __( 'This theme is closed. Please replace it with another.', 'wpvulnerability' ) . '</div>';
 88 | 			}
 89 | 			if ( (int) $vulnerability['unfixed'] ) {
 90 | 				$information .= '<div class="text-red">' . __( 'This vulnerability appears to be unpatched. Stay tuned for upcoming theme updates.', 'wpvulnerability' ) . '</div>';
 91 | 			}
 92 | 			$information .= '</div>';
 93 | 		}
 94 | 		if ( count( $what ) ) {
 95 | 			$information .= '<div style="padding-bottom: 5px;">';
 96 | 			foreach ( $what as $w ) {
 97 | 				$information .= $w;
 98 | 			}
 99 | 			$information .= '</div>';
100 | 		}
101 | 		if ( ! is_null( $score ) || ! is_null( $severity ) ) {
102 | 			$information .= '<div style="padding-bottom: 5px;">';
103 | 			if ( ! is_null( $score ) ) {
104 | 				$information .= '<div>' . __( 'Global score: ', 'wpvulnerability' ) . $score . ' / 10</div>';
105 | 			}
106 | 			if ( ! is_null( $severity ) ) {
107 | 				$information .= '<div>' . __( 'Severity: ', 'wpvulnerability' ) . $severity . '</div>';
108 | 			}
109 | 			$information .= '</div>';
110 | 		}
111 | 		$information .= wp_kses( (string) $source, 'post' );
112 | 		$information .= '</td>';
113 | 		$information .= '</tr>';
114 | 	}
115 | 
116 | 	$information .= '</table>';
117 | 	$information .= '</td>';
118 | 	$information .= '</tr>';
119 | 
120 | 	echo $information; // phpcs:ignore
121 | }
122 | 
123 | /**
124 |  * Retrieves vulnerabilities for a given theme and updates its data.
125 |  *
126 |  * @since 2.0.0
127 |  *
128 |  * @param array  $theme_data The theme data array.
129 |  * @param string $theme_slug The slug to the theme.
130 |  *
131 |  * @return array The updated theme data array.
132 |  */
133 | function wpvulnerability_get_fresh_theme_vulnerabilities( $theme_data, $theme_slug ) {
134 | 
135 | 	// Get the theme version and slug from the theme data.
136 | 	$theme_version        = wp_kses( (string) $theme_data['data']->get( 'Version' ), 'strip' );
137 | 	$theme_data_v['slug'] = $theme_slug;
138 | 
139 | 	// Initialize vulnerability related fields.
140 | 	$theme_data_v['name']            = isset( $theme_data['data'] ) ? $theme_data['data']->get( 'Name' ) : '';
141 | 	$theme_data_v['vulnerabilities'] = null;
142 | 	$theme_data_v['vulnerable']      = 0;
143 | 
144 | 	// Retrieve vulnerabilities for the theme using its slug and version.
145 | 	if ( isset( $theme_slug ) && ! empty( $theme_slug ) ) {
146 | 
147 | 		$theme_api_response = wpvulnerability_get_theme( $theme_slug, $theme_version, 0 );
148 | 
149 | 		// If vulnerabilities are found, update the theme data accordingly.
150 | 		if ( ! empty( $theme_api_response ) ) {
151 | 
152 | 			$theme_data_v['vulnerabilities'] = $theme_api_response;
153 | 			$theme_data_v['vulnerable']      = 1;
154 | 
155 | 		}
156 | 	}
157 | 
158 | 	return $theme_data_v;
159 | }
160 | 
161 | /**
162 |  * Get Installed Themes
163 |  * Retrieves the list of installed themes, checks for vulnerabilities in each of them, caches the data, and sends an email notification if vulnerabilities are detected.
164 |  *
165 |  * @since 2.0.0
166 |  *
167 |  * @return string JSON-encoded array of theme data with vulnerabilities and vulnerable status.
168 |  */
169 | function wpvulnerability_theme_get_installed() {
170 | 
171 | 	$wpvulnerability_themes_vulnerable = 0;
172 | 
173 | 	$themes_v = array();
174 | 	$themes   = wp_get_themes();
175 | 
176 | 	foreach ( $themes as $slug => $theme_data ) {
177 | 
178 | 		// Store the theme data.
179 | 		$themes_v[ $slug ]['data'] = $theme_data;
180 | 
181 | 		// Get fresh vulnerabilities for the theme.
182 | 		$themes_v[ $slug ]['wpvulnerability'] = wpvulnerability_get_fresh_theme_vulnerabilities( $themes_v[ $slug ], $slug );
183 | 
184 | 		// If the theme is vulnerable, increment the vulnerable themes counter.
185 | 		if ( isset( $themes_v[ $slug ]['wpvulnerability']['vulnerable'] ) && 1 === (int) $themes_v[ $slug ]['wpvulnerability']['vulnerable'] ) {
186 | 			++$wpvulnerability_themes_vulnerable;
187 | 		}
188 | 	}
189 | 
190 | 	// Update options for multisite installations.
191 | 	if ( is_multisite() ) {
192 | 		update_site_option( 'wpvulnerability-themes', wp_json_encode( $themes_v ) );
193 | 		update_site_option( 'wpvulnerability-themes-vulnerable', wp_json_encode( number_format( $wpvulnerability_themes_vulnerable, 0, '.', '' ) ) );
194 | 		update_site_option( 'wpvulnerability-themes-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
195 | 
196 | 		// Update options for single site installations.
197 | 	} else {
198 | 		update_option( 'wpvulnerability-themes', wp_json_encode( $themes_v ) );
199 | 		update_option( 'wpvulnerability-themes-vulnerable', wp_json_encode( number_format( $wpvulnerability_themes_vulnerable, 0, '.', '' ) ) );
200 | 		update_option( 'wpvulnerability-themes-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
201 | 	}
202 | 
203 | 	return wp_json_encode( $themes_v );
204 | }
205 | 
206 | /**
207 |  * Get the cached themes vulnerabilities or update the cache if it's stale or missing.
208 |  *
209 |  * @since 2.0.0
210 |  *
211 |  * @return array Array of installed themes with their vulnerabilities.
212 |  */
213 | function wpvulnerability_theme_get_vulnerabilities() {
214 | 
215 | 	if ( is_multisite() ) {
216 | 		// Get the cached theme data and decode it.
217 | 		$theme_data_cache = json_decode( get_site_option( 'wpvulnerability-themes-cache' ) );
218 | 
219 | 		// Get the installed theme data and decode it.
220 | 		$theme_data = json_decode( get_site_option( 'wpvulnerability-themes' ), true );
221 | 
222 | 	} else {
223 | 		// Get the cached theme data and decode it.
224 | 		$theme_data_cache = json_decode( get_option( 'wpvulnerability-themes-cache' ) );
225 | 
226 | 		// Get the installed theme data and decode it.
227 | 		$theme_data = json_decode( get_option( 'wpvulnerability-themes' ), true );
228 | 	}
229 | 
230 | 	// If the cache is stale or the theme data is empty, update the cache.
231 | 	if ( ( isset( $theme_data_cache ) && $theme_data_cache < time() ) || empty( $theme_data ) ) {
232 | 		// Get the installed theme data and update the cache.
233 | 		$theme_data = json_decode( wpvulnerability_theme_get_installed(), true );
234 | 	}
235 | 
236 | 	return $theme_data;
237 | }
238 | 
239 | /**
240 |  * Update the installed themes cache and remove any old cache data.
241 |  *
242 |  * @since 2.0.0
243 |  *
244 |  * @return void
245 |  */
246 | function wpvulnerability_theme_get_vulnerabilities_clean() {
247 | 	wpvulnerability_clear_cache( 'themes' );
248 | 	wpvulnerability_theme_get_installed();
249 | }
250 | 
251 | /**
252 |  * Admin Head
253 |  * Adds vulnerability information after the theme row and notices on the theme page based on the installed theme cache.
254 |  *
255 |  * @since 2.0.0
256 |  *
257 |  * @return void
258 |  */
259 | function wpvulnerability_theme_page() {
260 | 
261 | 	// Check if the current page is the themes page.
262 | 	global $pagenow;
263 | 	if ( wpvulnerability_analyze_filter( 'themes' ) && 'themes.php' === $pagenow && wpvulnerability_capabilities() ) {
264 | 
265 | 		// Get the vulnerabilities for the installed themes.
266 | 		$themes = wpvulnerability_theme_get_vulnerabilities();
267 | 
268 | 		// Loop through the themes and add vulnerability information after the theme row for vulnerable themes.
269 | 		foreach ( $themes as $theme_file => $theme_data ) {
270 | 
271 | 			if ( isset( $theme_data['wpvulnerability']['vulnerable'] ) && 1 === (int) $theme_data['wpvulnerability']['vulnerable'] ) {
272 | 				add_action( 'after_theme_row_' . esc_attr( $theme_file ), 'wpvulnerability_theme_info_after', 10, 2 );
273 | 			}
274 | 		}
275 | 	}
276 | }
277 | // Add notices for vulnerable themes on the theme page.
278 | add_action( 'admin_head', 'wpvulnerability_theme_page' );
279 | 
280 | /**
281 |  * Filters the themes list to show only vulnerable themes when the "Vulnerable" tab is selected.
282 |  *
283 |  * This function hooks into the WordPress themes listing in the network admin to filter the displayed themes
284 |  * based on their vulnerability status. When the "Vulnerable" tab is selected (identified by the `theme_status=vulnerable`
285 |  * query parameter), it filters the themes list to include only those themes with known vulnerabilities.
286 |  *
287 |  * The function retrieves the vulnerabilities for all themes from the WordPress options table and compares
288 |  * them against the active list of themes. Themes without vulnerabilities are removed from the list, leaving
289 |  * only those that are considered vulnerable.
290 |  *
291 |  * @since 3.3.5
292 |  *
293 |  * @global object $wp_list_table The WordPress list table object for managing themes.
294 |  *
295 |  * @return void
296 |  */
297 | function wpvulnerability_themes_filter() {
298 | 	if ( isset( $_GET['theme_status'] ) && 'vulnerable' === $_GET['theme_status'] ) { // phpcs:ignore
299 | 
300 | 		global $wp_list_table;
301 | 
302 | 		// Retrieve the vulnerabilities for all themes from the options table and decode the JSON.
303 | 		$theme_vulnerabilities = is_multisite()
304 | 			? json_decode( get_site_option( 'wpvulnerability-themes' ), true )
305 | 			: json_decode( get_option( 'wpvulnerability-themes' ), true );
306 | 
307 | 		// Loop through the items in the themes list table.
308 | 		foreach ( $wp_list_table->items as $theme_file => $theme_data ) {
309 | 
310 | 			if ( ! isset( $theme_vulnerabilities[ $theme_file ]['wpvulnerability']['vulnerable'] ) ||
311 | 				0 === (int) $theme_vulnerabilities[ $theme_file ]['wpvulnerability']['vulnerable'] ) {
312 | 
313 | 				unset( $wp_list_table->items[ $theme_file ] );
314 | 			}
315 | 		}
316 | 	}
317 | }
318 | 
319 | /**
320 |  * Initializes the vulnerability filtering for the themes list in the network admin area of a multisite installation.
321 |  *
322 |  * This function checks if the current environment is a multisite network and whether the user is in the network
323 |  * admin area. If both conditions are met, it hooks into the 'admin_head-themes.php' action to apply a filter that
324 |  * shows only vulnerable themes in the themes list.
325 |  *
326 |  * @since 3.3.5
327 |  *
328 |  * @return void
329 |  */
330 | function wpvulnerability_themes_filter_init() {
331 | 	if ( is_multisite() && is_network_admin() ) {
332 | 		add_action( 'admin_head-themes.php', 'wpvulnerability_themes_filter' );
333 | 	}
334 | }
335 | add_action( 'network_admin_menu', 'wpvulnerability_themes_filter_init' );
336 | 
337 | /**
338 |  * Adds a "Vulnerable" tab to the WordPress themes page that displays the count of vulnerable themes.
339 |  *
340 |  * This function checks the cache for the number of vulnerable themes and adds a new tab to the themes
341 |  * management page in the WordPress admin area. The tab displays the count of vulnerable themes and highlights it
342 |  * if it is currently active. The tab is added only in the network admin area of a multisite installation.
343 |  *
344 |  * @since 3.3.5
345 |  *
346 |  * @param array $views An array of existing theme views (tabs) in the WordPress admin themes page.
347 |  *
348 |  * @return array The modified array of views including the "Vulnerable" tab.
349 |  */
350 | function wpvulnerability_themes_view( $views ) {
351 | 	if ( ! wpvulnerability_analyze_filter( 'themes' ) ) {
352 | 		return $views;
353 | 	}
354 | 
355 | 	$wpvulnerability_themes_count = is_multisite() ? get_site_option( 'wpvulnerability-themes-vulnerable' ) : null;
356 | 
357 | 	$wpvulnerability_themes_total = 0;
358 | 	if ( $wpvulnerability_themes_count ) {
359 | 		$wpvulnerability_themes_total = json_decode( $wpvulnerability_themes_count );
360 | 	}
361 | 
362 | 	if ( is_multisite() && is_network_admin() ) {
363 | 		$views['vulnerable'] = sprintf(
364 | 			'<a href="%s"%s>%s</a>',
365 | 			network_admin_url( 'themes.php?theme_status=vulnerable' ),
366 | 			( isset( $_GET['theme_status'] ) && 'vulnerable' === $_GET['theme_status'] ? ' class="current"' : '' ), // phpcs:ignore
367 | 			// translators: the number of vulnerabilities.
368 | 			sprintf( __( 'Vulnerabilities (%d)', 'wpvulnerability' ), $wpvulnerability_themes_total )
369 | 		);
370 | 	}
371 | 
372 | 	return $views;
373 | }
374 | 
375 | /**
376 |  * Adds a custom filter to the themes page in the WordPress admin to display a tab for vulnerable themes.
377 |  *
378 |  * This function hooks into the 'views_themes-network' filter to add a custom tab or view for displaying vulnerable themes
379 |  * on the themes management page in the WordPress network admin area. The tab is added only in a multisite setup
380 |  * and specifically in the network admin context.
381 |  *
382 |  * @since 3.3.5
383 |  *
384 |  * @return void
385 |  */
386 | function wpvulnerability_themes_add_tab() {
387 | 	if ( is_multisite() && is_network_admin() ) {
388 | 		add_filter( 'views_themes-network', 'wpvulnerability_themes_view' );
389 | 	}
390 | }
391 | add_action( 'admin_head', 'wpvulnerability_themes_add_tab' );
392 | 


--------------------------------------------------------------------------------
/wpvulnerability.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Plugin Name: WPVulnerability
  4 |  * Plugin URI: https://www.wpvulnerability.com/
  5 |  * Description: Receive information about possible vulnerabilities in your WordPress from WordPress Vulnerability Database API.
  6 |  * Requires at least: 4.1
  7 |  * Requires PHP: 5.6
  8 |  * Version: 4.0.4
  9 |  * Author: Javier Casares
 10 |  * Author URI: https://www.javiercasares.com/
 11 |  * License: GPL-2.0-or-later
 12 |  * License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
 13 |  * Text Domain: wpvulnerability
 14 |  * Domain Path: /languages
 15 |  *
 16 |  * @package WPVulnerability
 17 |  *
 18 |  * @version 2.0.0
 19 |  */
 20 | 
 21 | defined( 'ABSPATH' ) || die( 'No script kiddies please!' );
 22 | 
 23 | /**
 24 |  * Set some constants that I can change in future versions.
 25 |  */
 26 | define( 'WPVULNERABILITY_PLUGIN_VERSION', '4.0.4' );
 27 | define( 'WPVULNERABILITY_API_HOST', 'https://www.wpvulnerability.net/' );
 28 | define( 'WPVULNERABILITY_CACHE_HOURS', 12 );
 29 | 
 30 | /**
 31 |  * Set some useful constants.
 32 |  */
 33 | define( 'WPVULNERABILITY_PLUGIN_URL', plugins_url( '/', __FILE__ ) );
 34 | define( 'WPVULNERABILITY_PLUGIN_FILE', __FILE__ );
 35 | define( 'WPVULNERABILITY_PLUGIN_BASE', plugin_basename( __FILE__ ) );
 36 | define( 'WPVULNERABILITY_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
 37 | 
 38 | /**
 39 |  * Initialize the plugin.
 40 |  *
 41 |  * @since 2.0.0
 42 |  *
 43 |  * @return void
 44 |  */
 45 | function wpvulnerability_plugin_init() {
 46 | 	/*
 47 | 	 * Load the plugin's localization files.
 48 | 	 *
 49 | 	 * @since 2.0.0
 50 | 	 */
 51 | 	load_plugin_textdomain( 'wpvulnerability', false, dirname( WPVULNERABILITY_PLUGIN_BASE ) . '/languages' );
 52 | 
 53 | 	wpvulnerability_activation();
 54 | 
 55 | 	/*
 56 | 	 * Global functions, where the magic happens.
 57 | 	 *
 58 | 	 * @since 2.0.0
 59 | 	 */
 60 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-general.php';
 61 | 
 62 | 	/*
 63 | 	 * The admin panel for the configuration.
 64 | 	 *
 65 | 	 * @since 2.0.0
 66 | 	 */
 67 | 	if ( is_multisite() && is_network_admin() ) {
 68 | 		require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-adminms.php';
 69 | 	} elseif ( ! is_multisite() && is_admin() ) {
 70 | 		require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-admin.php';
 71 | 	}
 72 | 
 73 | 	/*
 74 | 	 * The functions to work with the data.
 75 | 	 *
 76 | 	 * @since 2.0.0
 77 | 	 */
 78 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-core.php';
 79 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-plugins.php';
 80 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-themes.php';
 81 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-software.php';
 82 | 
 83 | 	/*
 84 | 	 * All the plugin really does.
 85 | 	 *
 86 | 	 * @since 2.0.0
 87 | 	 */
 88 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-process.php';
 89 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-notifications.php';
 90 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-sitehealth.php';
 91 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-cli.php';
 92 | 
 93 | 	// Update non-cached data.
 94 | 	wpvulnerability_expired_database_data();
 95 | }
 96 | 
 97 | /*
 98 |  * Only load if it's admin / super admin.
 99 |  */
100 | if (
101 | 		( ! is_multisite() && is_admin() ) ||
102 | 		( is_multisite() && ( is_network_admin() || is_main_site() ) ) ||
103 | 		( defined( 'WP_CLI' ) && WP_CLI ) ||
104 | 		wp_doing_cron()
105 | 	) {
106 | 
107 | 	require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-run.php';
108 | 	register_activation_hook( WPVULNERABILITY_PLUGIN_FILE, 'wpvulnerability_activation' );
109 | 	register_deactivation_hook( WPVULNERABILITY_PLUGIN_FILE, 'wpvulnerability_deactivation' );
110 | 	register_uninstall_hook( WPVULNERABILITY_PLUGIN_FILE, 'wpvulnerability_uninstall' );
111 | 	add_action( 'init', 'wpvulnerability_plugin_init' );
112 | }
113 | 
114 | /*
115 |  * The plugin really needs this.
116 |  *
117 |  * @since 3.1.0
118 |  */
119 | require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-schedule.php';
120 | require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-api.php';
121 | 


--------------------------------------------------------------------------------