We are excited to announce the latest updates to our Vector Scanner. These enhancements aim to improve the scanner’s performance and provide more and better results for your assets. Here are the details of the latest releaseWordPress Scanner
The scanner now includes scans for vulnerabilities in WordPress plugins, themes, and the WordPress Core version. Helping you identify and mitigate potential risks on your WordPress installations.
When the scanner detects path-normalization in Tomcat, it performs a slight brute-force test for default credentials. If default credentials are found, it can result in Remote Code Execution (RCE).
The scanner’s headless crawling capabilities have been improved to enhance endpoint detection and parameter discovery. Identifying vulnerabilities that might have been missed previously.
The scanner now includes detection for several new CVEs, including:
Additional, less notable, CVEs have also been added.
The enhanced Firebase misconfiguration detection now scans for related information even without a Firebase configuration file on the asset. This includes checks for bucket read/write permissions.
We have improved the scanner’s ability to identify and report XSS vulnerabilities specifically to better detect scenarios involving DOM-related XSS and InJS XSS.
Various bugs have been fixed, and performance enhancements have been made to ensure our scanner runs more efficiently and reliably.