WPVulnerability plugin changelog

Added

• GUI reorganized with tabs.
• New log tab, listing API calls made in the last days.
• Added some tests to check email.
• Constant WPVULNERABILITY_LOG_RETENTION_DAYS to enforce log rotation from wp-config.php.
• WP-CLI command to configure log retention from the terminal.
• Automated pruning of stored logs based on the configured retention window.

Updated

• New logo and assets.
• PHP syntax to avoid errors.
• Access level control in all the options.
• Uninstall deletes everything.
• POT (translations) file.
• Software versions detection.
• Documentation improvements.
• Improved the content for Slack and Microsoft Teams notifications (in a more old-fashion way).
• Fine-tuned settings labels to reflect enforced log retention values when the constant is present.

Fixed

• Mail unsubscription.
• Mail sending failed.
• Enforced the cache (a lot).
• Core versions (beta and RC) with invalid format.
• Normalize stored notification preferences to avoid stale values after upgrades.

Compatibility

• WordPress: 4.7 – 6.9
• PHP: 5.6 – 8.4
• WP-CLI: 2.3.0 – 2.11.0

Tests

• PHP Coding Standards: 3.13.4
• WordPress Coding Standards: 3.2.0
• Plugin Check (PCP): 1.6.0
• SonarCloud Code Review
• Amplify Code Check

Fixed

• Fix an error with the version_compare() (thx to @konnektiv)

Compatibility

• WordPress: 4.7 – 6.9
• PHP: 5.6 – 8.4
• WP-CLI: 2.3.0 – 2.11.0

Tests

• PHP Coding Standards: 3.13.4
• WordPress Coding Standards: 3.2.0
• Plugin Check (PCP): 1.6.0
• SonarCloud Code Review
• Amplify Code Check

Added

• “Never” send notifications.
• Choose notification day and time.
• Configurable cache expiration (1, 6, 12 or 24 hours).
• WP-CLI command to configure cache expiration.
• Constants to set hiding components.
• WP-CLI command to manage hidden components.
• WP-CLI command to configure notification email and period.
• Add notifications for Slack and Teams.
• Disable mail notifications from mails.
• WordPress Playground blueprint (in test).

Changed

• Cache is always the same eveywhere.
• Options for notifications.
• Schedule fields only appear for selected periods.
• Placeholder and conditional display for Slack and Teams notification fields.
• Added links to documentation.

Fixed

• When a plugin is updated, hide the vulnerabilities.
• Display of schedule fields based on period.
• Conditional display for email, Slack, and Teams notification fields.
• When save, there where two saving messages.
• wp_get_update_php_url() for WordPress 5.1.0+ (fallback)
• wp_timezone() for WordPress 5.1.0+ (fallback)
• wp_doing_cron() for WordPress 4.8.0+ (fallback)
• Application Passwords / REST API after WordPress 5.6.0

Compatibility

• WordPress: 4.7 – 6.9
• PHP: 5.6 – 8.4
• WP-CLI: 2.3.0 – 2.11.0

Tests

• PHP Coding Standards: 3.13.4
• WordPress Coding Standards: 3.2.0
• Plugin Check (PCP): 1.6.0
• SonarCloud Code Review
• Amplify Code Check

Added

• Extra sanitizations.

Changed

• Translation improvements.

Fixed

• Plugin and translation load.

Compatibility

• WordPress: 4.1 – 6.8
• PHP: 5.6 – 8.4
• WP-CLI: 2.3.0 – 2.11.0

Tests

• PHP Coding Standards: 3.12.1
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.4.0
• SonarCloud Code Review

Fixed

• ImageMagick: it crashes in some cases where the hosting does not have ImageMagick.

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.4
• WP-CLI: 2.3.0 – 2.11.0

Tests

• PHP Coding Standards: 3.10.3
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.1.0
• SonarCloud Code Review

Added

• ImageMagic vulnerabilities (Site Health + WP-CLI + API + mail).
• curl vulnerabilities (Site Health + WP-CLI + API + mail).
• memcached vulnerabilities (Site Health + WP-CLI + API + mail).
• Redis vulnerabilities (Site Health + WP-CLI + API + mail).
• SQLite vulnerabilities (Site Health + WP-CLI + API + mail).

Fixed

• Test email without email.
• Improved MariaDB 11.x detection.
• Improved versions detection (major-minor.patch-build).
• WordPress < 5.3: use of wp_date().
• WordPress < 5.0: locale detection.
• Dashboard widget only for users with capabilities.
• WordPress < 5.2: link to Site Health

Changed

• Big refactory.
• Less files, less size, improved code quality.

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.4
• WP-CLI: 2.3.0 – 2.11.0

Tests

• Manual Testing:
  • WordPress 6.7 / PHP 8.4
  • WordPress 6.6 / PHP 8.3
  • WordPress 6.4 / PHP 8.2
  • WordPress 6.1 / PHP 8.1
  • WordPress 5.8 / PHP 8.0
  • WordPress 5.5 / PHP 7.4
  • WordPress 5.3 / PHP 7.3
  • WordPress 4.9 / PHP 7.2
  • WordPress 4.8 / PHP 7.1
  • WordPress 4.6 / PHP 7.0
  • WordPress 4.1 / PHP 5.6
• PHP Coding Standards: 3.10.3
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.1.0
• SonarCloud Code Review

Added

• New checks for MariaDB vulnerabilities.
• New checks for MySQL vulnerabilities.
• WPVulnerability statistics in the configuration page.
• WPVulnerability contributors in the configuration page.

Changed

• Code improvement.
• Better UI for the configuration page.
• Web server version detection improved.

Fixed

• Get the statistics information the right way.

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.3
• WP-CLI: 2.3.0 – 2.11.0

Tests

• PHP Coding Standards: 3.10.2
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.0.2
• SonarCloud Code Review

Added

• Add counters for Core, Plugins, and Themes.
• Add a Vulnerabilities filter in the Plugin list (WordPress and WordPress Multisite).
• Add a Vulnerabilities filter in the Themes list (WordPress Multisite).

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.3
• WP-CLI: 2.3.0 – 2.11.0

Tests

• PHP Coding Standards: 3.10.2
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.0.2
• SonarCloud Code Review

Fixed

• The “Last updated on” column in the plugin list is available again.

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.3
• WP-CLI: 2.3.0 – 2.10.0

Tests

• PHP Coding Standards: 3.10.2
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.0.2
• SonarCloud Code Review

Fixed

• The Dashboard panel is availbale, again.

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.3
• WP-CLI: 2.3.0 – 2.10.0

Tests

• PHP Coding Standards: 3.10.2
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.0.2
• SonarCloud Code Review

Fixed

• Delete the wp_is_rest_endpoint check. Does not need it.

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.3
• WP-CLI: 2.3.0 – 2.10.0

Tests

• PHP Coding Standards: 3.10.2
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.0.2
• SonarCloud Code Review

Added

• Ability to exclude of vulnerability types at a global level.
• WP-CLI commands formats (–format=[table,json]).
• REST API endpoints (requires Application Password).

Changed

• README file.

Compatibility

• WordPress: 4.1 – 6.7
• PHP: 5.6 – 8.3
• WP-CLI: 2.3.0 – 2.10.0

Tests

• PHP Coding Standards: 3.10.2
• WordPress Coding Standards: 3.1.0
• Plugin Check (PCP): 1.0.2
• SonarCloud Code Review

Added

• Apache HTTPD vulnerabilities (Site Health).
• nginx vulnerabilities (Site Health).

Changed

• License updated to GPL 2.0 or later.

Compatibility

• WordPress 4.1 – WordPress 6.6.
• PHP 5.6 – PHP 8.3.
• WordPress Coding Standards 3.1.0.
• WP-CLI 2.3.0 – WP-CLI 2.10.0.
• Plugin Check (PCP)

Fixed

• In some cases (when calling it directly, or wget), the cron was not working and gave an error.
• The license had a non-compliance ID. Now, same license but working.
• General improvements.

Changed

• The URL from the API is using its own domain name.

Compatibility

• WordPress 4.1 – WordPress 6.6.
• PHP 5.6 – PHP 8.3.
• WordPress Coding Standards 3.1.0.
• WP-CLI 2.3.0 – WP-CLI 2.10.0.
• Plugin Check (PCP)

Fixed

• Fixes some possible PHP warnings when retrieving data from the API.
• Delete old schedules when unistalling the plugin.
• Fix how is printed the High severity.

Deleted

• The plugin will not show the Exploitability information.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.5.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.1.
• Compatibility: WP-CLI 2.3.0 – WP-CLI 2.10.0.

Added

• A new column in the plugin list, with the last updated day (and diff).
• A notice if the plugin is closed in the WordPress.org repo.

Fixed

• Fixes the schedule in some cases.
• Fixes the PHP format (using always the n.n / n.n.n format).

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.5.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.1.
• Compatibility: WP-CLI 2.3.0 – WP-CLI 2.9.0.

Fixed

• Fixes the WordPress Multisite saving options.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.5.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.1.
• Compatibility: WP-CLI 2.3.0 – WP-CLI 2.9.0.

Fixed

• Test email with the actual vulnerabilities (or a test message), now forced when the button is clicked.
• Fixed some strings (thanks @alexclassroom).
• WordPress Coding Standards 3.0.1 up-to-date.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.4.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.1.
• Compatibility: WP-CLI 2.3.0 – WP-CLI 2.9.0.

Added

• WordPress Multisite support.
• PHP vulnerabilities (Site Health).
• Reload the data from source.
• Test email with the actual vulnerabilities.

Changed

• Loading the data in better way.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.4.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.1.
• Compatibility: WP-CLI 2.3 – WP-CLI 2.9.0.

Added

• New security information (at WordPress.org plugin page).
• New privacy information (at WordPress.org plugin page).
• New compatibility information (at WordPress.org plugin page).
• New vulnerabilities information (at WordPress.org plugin page).
• New profiling information (at WordPress.org plugin page).

Changed

• Promoted dashboard.
• Performance improvement: only load the plugin in the admin area.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.4.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.1.
• Compatibility: WP-CLI 2.3 – WP-CLI 2.8.1.

Added

• New Dashboard, with a Vulnerability summary and products affected.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.3.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.0.
• Compatibility: WP-CLI 2.3 – WP-CLI 2.8.

Changed

• Improved detection of plugins folders. This shpould reduce the false positives in some plugins, and Pro/Premium plugins.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.3.
• Compatibility: PHP 5.6 – PHP 8.3.
• Compatibility: WordPress Coding Standards 3.0.0.
• Compatibility: WP-CLI 2.3 – WP-CLI 2.7.

Compatibility

• WordPress Coding Standards 3.0.0 compatible.

Added

• Validate secure requests to the API.

Changed

• Reduce API timeout request time from 10.0 seconds to 2.5 seconds.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.3.
• Compatibility: PHP 5.6 – PHP 8.3.

Fixed

• Fix the Notification system.

Added

• Added new options to cache the vulnerability counter.

Changed

• Update the readme.txt.

Fixed

• Fix the Site Health messages.

Added

• If the WordPress version supports it, vulnerabilities are displayed in the Core update screen.
• Calls can be made from WP-CLI wp help wpvulnerability to list vulnerabilities in Core wp wpvulnerability core, Plugins wp wpvulnerability plugins and Themes wp wpvulnerability themes. Before only Plugins.
• Site Health shows core vulnerabilities, which were not previously shown.

Changed

• The plugin has been completely refactored.

Compatibility

• Compatibility: WordPress 4.1 – WordPress 6.2
• Compatibility: PHP 5.6 – PHP 8.2
• Compatibility: WP-CLI 2.3 – 2.7

Changed

• Code security improvements

Fixed

• Fix some PHP errors

Changed

• Code security improvements
• Fix the Severity value
• A better Site Health information

Compatibility

• Compatibility: WordPress 5.2 – WordPress 6.2
• Compatibility: PHP 7.2 – PHP 8.1

Added

• Information, when available, about the vulnerability, in a simplified way. Only in the plugin list.
• Information, when available, about the potential severity and exploitability. Only in the plugin list.
• Links to sources to get additional information. Only in the plugin list.

Changed

• Improved security in code.

Compatibility

• Compatibility: WordPress 5.2 – WordPress 6.2
• Compatibility: PHP 7.2 – PHP 8.1

Fixed

• Fix WP_Error object.

Fixed

• Fix WP_Error object.

Fixed

• Some fixed to improve the operators.

Added

• Sends email periodically. You can choose who is going to receive the emails.
• First approach to WPCLI Commands (thanks to @lbonomo).

Fixed

• Fix: Prevents text domain not given correctly.
• Fix: strings not translated.

Fixed

• Fix: strings not translated.

Added

• Added tabs in Health check.

Added

• Improved the information in plugins list.

Added

• Notification in the plugins list.
• First release.