wordpress

r2c

Author

unknown

Download Count*

LGPL Commons Clause

License

Wordpress audit ruleset, ported from WPScan

Run Locally

Rules (11)

php.wordpress-plugins.security.audit.wp-ajax-no-auth-and-auth-hooks-audit.wp-ajax-no-auth-and-auth-hooks-audit

returntocorp

These hooks allow the developer to handle the custom AJAX endpoints."wp_ajax_$action" hook get fires for any authenticated user and "wp_ajax_nopriv_$action" hook get fires for non-authenticated users.

php.wordpress-plugins.security.audit.wp-authorisation-checks-audit.wp-authorisation-checks-audit

returntocorp

These are some of the patterns used for authorisation. Look properly if the authorisation is proper or not.

php.wordpress-plugins.security.audit.wp-code-execution-audit.wp-code-execution-audit

returntocorp

These functions can lead to code injection if the data inside them is user-controlled. Don't use the input directly or validate the data properly before passing it to these functions.

php.wordpress-plugins.security.audit.wp-command-execution-audit.wp-command-execution-audit

returntocorp

These functions can lead to command execution if the data inside them is user-controlled. Don't use the input directly or validate the data properly before passing it to these functions.

php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit

returntocorp

Passing false or 0 as the third argument to this function will not cause the script to die, making the check useless.

php.wordpress-plugins.security.audit.wp-file-download-audit.wp-file-download-audit

returntocorp

These functions can be used to read to content of the files if the data inside is user-controlled. Don't use the input directly or validate the data properly before passing it to these functions.

php.wordpress-plugins.security.audit.wp-file-inclusion-audit.wp-file-inclusion-audit

returntocorp

These functions can lead to Local File Inclusion (LFI) or Remote File Inclusion (RFI) if the data inside is user-controlled. Validate the data properly before passing it to these functions.

php.wordpress-plugins.security.audit.wp-file-manipulation-audit.wp-file-manipulation-audit

returntocorp

These functions can be used to delete the files if the data inside the functions are user controlled. Use these functions carefully.

php.wordpress-plugins.security.audit.wp-open-redirect-audit.wp-open-redirect-audit

returntocorp

This function can be used to redirect to user supplied URLs. If user input is not sanitised or validated, this could lead to Open Redirect vulnerabilities. Use "wp_safe_redirect()" to prevent this kind of attack.

php.wordpress-plugins.security.audit.wp-php-object-injection-audit.wp-php-object-injection-audit

returntocorp

If the data used inside the patterns are directly used without proper sanitization, then this could lead to PHP Object Injection. Do not use these function with user-supplied input, use JSON functions instead.

php.wordpress-plugins.security.audit.wp-sql-injection-audit.wp-sql-injection-audit

returntocorp

Detected unsafe API methods. This could lead to SQL Injection if the used variable in the functions are user controlled and not properly escaped or sanitized. In order to prevent SQL Injection, use safe api methods like "$wpdb->prepare" properly or escape/sanitize the data properly.