Title: Vulnerable Plugin Checker Author: Storm Rockwell Published: 2016 年 4 月 7 日 Last modified: 2017 年 11 月 16 日 --- 搜尋外掛 ![](https://ps.w.org/vulnerable-plugin-checker/assets/banner-772x250.jpg?rev=1390253) 這個外掛**並未在最新的 3 個 WordPress 主要版本上進行測試**。開發者可能不再對這個 外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。 ![](https://ps.w.org/vulnerable-plugin-checker/assets/icon-256x256.jpg?rev=1388845) # Vulnerable Plugin Checker 由 [Storm Rockwell](https://profiles.wordpress.org/stormrockwell/) 開發 [下載](https://downloads.wordpress.org/plugin/vulnerable-plugin-checker.0.3.12.zip) * [詳細資料](https://tw.wordpress.org/plugins/vulnerable-plugin-checker/#description) * [使用者評論](https://tw.wordpress.org/plugins/vulnerable-plugin-checker/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/vulnerable-plugin-checker/#installation) * [開發資訊](https://tw.wordpress.org/plugins/vulnerable-plugin-checker/#developers) [技術支援](https://wordpress.org/support/plugin/vulnerable-plugin-checker/) ## 外掛說明 This plugin automatically checks installed plugins for known vulnerabilities utilizing WPScan’s API and provides optional email alerts. **Features:** * Automatic vulnerability detection in plugins utilizing WPScan’s API * Optional email alerts * Utilizes WP Cron to check for new security updates twice a day * Cached API results to decrease backend load time significantly ## 螢幕擷圖 * [[ * Backend display of the Plugins page (plugins.php) * [[ * Backend display of the VPC Settings page (Settings > VPC Settings) ## 安裝方式 **Installation & Activation** 1. Upload the folder “vulnerable-plugin-checker” to your WordPress Plugins Directory( typically “/wp-content/plugins/”) 2. Activate the plugin on your Plugins Page. 3. Suggestion: Install an SMTP plugin such as WP Mail SMTP to prevent potentially dropped emails 4. 完成! **Enable Email Updates** 1. After activating “Vulnerable Plugin Checker”, go to Settings > VPC Settings 2. Check off “Allow Email Alerts” and enter your email in “Email Address” 3. Click Save Changes ## 常見問題集 Installation Instructions **Installation & Activation** 1. Upload the folder “vulnerable-plugin-checker” to your WordPress Plugins Directory( typically “/wp-content/plugins/”) 2. Activate the plugin on your Plugins Page. 3. Suggestion: Install an SMTP plugin such as WP Mail SMTP to prevent potentially dropped emails 4. 完成! **Enable Email Updates** 1. After activating “Vulnerable Plugin Checker”, go to Settings > VPC Settings 2. Check off “Allow Email Alerts” and enter your email in “Email Address” 3. Click Save Changes ## 使用者評論 ![](https://secure.gravatar.com/avatar/6dc7e69d6f9d24196c7d6c337d697a67992bf2f96361c72c564864969fd298ba? s=60&d=retro&r=g) ### 󠀁[AVOID – NO LONGER KEPT UP-TO-DATE](https://wordpress.org/support/topic/avoid-no-longer-kept-up-to-date/)󠁿 [Dan](https://profiles.wordpress.org/dtrim/) 2021 年 2 月 24 日 AVOID – NO LONGER KEPT UP-TO-DATE ![](https://secure.gravatar.com/avatar/0cecb225b7bb7b9ec688c1a13deafc8a974643f9b0d2bb7bf42e3b932c3540d8? s=60&d=retro&r=g) ### 󠀁[No way to get the information!](https://wordpress.org/support/topic/no-way-to-get-the-information/)󠁿 [toremo](https://profiles.wordpress.org/toremo/) 2018 年 5 月 21 日 It seems that this plugin is producing a whole lot false positive as it does not evaluate base64 entries which often get used i.e. by nearly all 100 WPMUDEV plugins.“ VPC: One or more plugins currently installed have known vulnerabilities with their current version. I suggest updating each vulnerable plugin if an update is available” Many other security scanners incl Sucuri have no problem with that! And 5-star ratings by its own developers does not mean that this plugin does anything. I would suggest leaving the rating of your plugins to other people! Kind regards Toremo ![](https://secure.gravatar.com/avatar/3203c856810a4a7d411fd41d8cc5b3f8344637259ab1909fadcf50168d357954? s=60&d=retro&r=g) ### 󠀁[Not ideal on WordPress multisite](https://wordpress.org/support/topic/not-ideal-on-wordpress-multisite/)󠁿 [thomaswm](https://profiles.wordpress.org/thomaswm/) 2018 年 1 月 28 日 1 則留言 The plugin is very useful to see which plugins have known vulnerabilities. On WordPress multisite, however, it displays this information in the site admin backends instead of the network admin backend. That makes it a bit less useful, because the network admins cannot see the information when they are in the network admin backend. ![](https://secure.gravatar.com/avatar/6eb44597dd9bee8014cbf4a1351d9cddf7bbb486a838726906df22ff86bad3ad? s=60&d=retro&r=g) ### 󠀁[Awesome Plugin](https://wordpress.org/support/topic/horrible-60/)󠁿 [session9studios](https://profiles.wordpress.org/session9studios/) 2017 年 7 月 3 日 I use it on all of my sites, definitely recommend this plugin to all developers! ![](https://secure.gravatar.com/avatar/822ddae42cb44e101d3ab0aa65059639451ca83a8069b09ad134fc45b8fcb2b8? s=60&d=retro&r=g) ### 󠀁[I love my plugin](https://wordpress.org/support/topic/i-love-my-plugin-3/)󠁿 [Storm Rockwell](https://profiles.wordpress.org/stormrockwell/) 2016 年 12 月 9 日 I can say it has made me feel safer when hosting sites. I get alerted before a hack takes place as I have dealt with hacked sites for far too long. I haven’t dealt with a hacked site running my plugin. Plugin vulnerabilities are the easiest way for a hacker to get into your site/server. ![](https://secure.gravatar.com/avatar/7e1903066becf3d08b8f8375bf1e9ec643d5eae861e1aa98e552ccebbb18db73? s=60&d=retro&r=g) ### 󠀁[Great Plugin!](https://wordpress.org/support/topic/great-plugin-9547/)󠁿 [rrbarry11](https://profiles.wordpress.org/rrbarry11/) 2016 年 9 月 3 日 Great plugin. Works just as expected with no additional setup needed [ 閱讀全部 8 則使用者評論 ](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/) ## 參與者及開發者 以下人員參與了開源軟體〈Vulnerable Plugin Checker〉的開發相關工作。 參與者 * [ Storm Rockwell ](https://profiles.wordpress.org/stormrockwell/) [將〈Vulnerable Plugin Checker〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/vulnerable-plugin-checker) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/vulnerable-plugin-checker/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/vulnerable-plugin-checker/), 或透過 [RSS](https://plugins.trac.wordpress.org/log/vulnerable-plugin-checker/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/vulnerable-plugin-checker/)。 ## 變更記錄 #### 0.3.12 * Fixed false positive by adding normalizing to the version number in case WPScan’s API adds .0 to the version number #### 0.3.11 * Now the plugins page only shows only vulnerabilities that affect the current plugin version (suggested by @gbotica) * Fixed the Settings URL in multiple places (reported by @gbotica) #### 0.3.10 * Fixed bug where unpatched vulnerabilities were ignored (reported by @pluginvulnerabilities) #### 0.3.9 * Fixed notice appearing on PHP7+ #### 0.3.8 * fixed bug where it wouldn’t display the saved email #### 0.3.7 * removed sslverify on wp_remote_get #### 0.3.6 * changed cURL to wp_remote_get * added vulnerabilities on plugin page * fixed issue with plugin not pulling from cache #### 0.3.5 * fixed readme error #### 0.3.4 * fixed minor email bug #### 0.3.2 * changed language #### 0.3 * Rewrote the plugin for better performance, readability, and more * Dismissable error message in all back-end pages if there is a vulnerability * Added SMTP suggestion to prevent dropped emails * Removed success notice from plugin page if there are no vulnerabilities * Fixed a few non-breaking bugs * Added translatable text and translator comments. Translation help is welcome! * Added todo.txt to see my plans for future updates. #### 0.2.4 * Fixed conflicts with Gravity Forms #### 0.2.3 * Added support for adding multiple email addresses #### 0.2.2 * Fixed issue where text display appeared on multiple backend pages #### 0.2 * Text display on the plugins page if there are no known vulnerabilities * Runs a scan when a new plugin is activated * Fixed issue when a plugin was deleted it would throw an error #### 0.1.4 * WP 4.5 Support #### 0.1.3 * Fixed issue when more than one plugin was found vulnerable on plugins.php ## 中繼資料 * 版本 **0.3.12** * 最後更新 **9 年前** * 啟用安裝數 **200+** * WordPress 版本需求 ** 4.0 或更新版本 ** * 已測試相容的 WordPress 版本 **4.9.29** * 語言 * [English (US)](https://wordpress.org/plugins/vulnerable-plugin-checker/) * 標籤: * [checker](https://tw.wordpress.org/plugins/tags/checker/)[plugins](https://tw.wordpress.org/plugins/tags/plugins/) [scanner](https://tw.wordpress.org/plugins/tags/scanner/)[vulnerability](https://tw.wordpress.org/plugins/tags/vulnerability/) * [進階檢視](https://tw.wordpress.org/plugins/vulnerable-plugin-checker/advanced/) ## 評分 3.8 星,滿分為 5 星 * [ 5 個 5 星使用者評論 ](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/?filter=5) * [ 0 個 4 星使用者評論 ](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/?filter=4) * [ 1 個 3 星使用者評論 ](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/?filter=3) * [ 0 個 2 星使用者評論 ](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/?filter=2) * [ 2 個 1 星使用者評論 ](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/vulnerable-plugin-checker/reviews/) ## 參與者 * [ Storm Rockwell ](https://profiles.wordpress.org/stormrockwell/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/vulnerable-plugin-checker/)