{"id":16661073,"url":"https://github.com/acuciureanu/wp-plugins-analyzer","last_synced_at":"2025-10-29T22:33:41.766Z","repository":{"id":252816839,"uuid":"805536819","full_name":"acuciureanu/wp-plugins-analyzer","owner":"acuciureanu","description":"A WordPress plugins analyzer which is still work in progress anyway","archived":false,"fork":false,"pushed_at":"2025-01-04T10:18:19.000Z","size":62,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-25T03:34:10.601Z","etag":null,"topics":["bugbounty","bugbounty-tool","wordpress-security-scanner"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/acuciureanu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-24T19:50:56.000Z","updated_at":"2024-08-15T14:03:27.000Z","dependencies_parsed_at":"2024-08-12T19:00:21.691Z","dependency_job_id":null,"html_url":"https://github.com/acuciureanu/wp-plugins-analyzer","commit_stats":null,"previous_names":["acuciureanu/wp-plugins-analyzer"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fwp-plugins-analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fwp-plugins-analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fwp-plugins-analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuciureanu%2Fwp-plugins-analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/acuciureanu","download_url":"https://codeload.github.com/acuciureanu/wp-plugins-analyzer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248347334,"owners_count":21088625,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbounty-tool","wordpress-security-scanner"],"created_at":"2024-10-12T10:33:24.007Z","updated_at":"2025-10-29T22:33:36.723Z","avatar_url":"https://github.com/acuciureanu.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"⚠️ Work in Progress ⚠️\r\n # πŸ” WordPress Plugin Analyzer️\r\n\r\n## 🌟 Overview\r\n\r\nI want WordPress Plugin Analyzer to become a powerful tool designed to scan WordPress plugins for potential security vulnerabilities. It automatically downloads plugins, analyzes their PHP code, and reports possible security issues.\r\n\r\n## πŸš€ Features\r\n\r\n- πŸ“₯ Automatic plugin download and extraction\r\n- πŸ“Š Comparison of plugin versions for updates\r\n- πŸ”¬ In-depth code analysis using abstract syntax trees\r\n- πŸ›‘οΈ Multiple security checks for various vulnerability types\r\n\r\n## πŸ”’ Security Checks\r\n\r\nOur analyzer performs the following security checks:\r\n\r\n1. πŸ—‘οΈ Arbitrary File Deletion\r\n2. πŸ“– Arbitrary File Read\r\n3. πŸ“€ Arbitrary File Upload\r\n4. πŸ”“ Broken Access Control\r\n5. πŸ”€ Cross-Site Request Forgery (CSRF)\r\n6. πŸ“ CSRF to Cross-Site Scripting (XSS)\r\n7. πŸ“ Local File Inclusion (LFI)\r\n8. πŸ”‘ Missing Capability Checks\r\n9. 🎭 PHP Object Injection\r\n10. πŸ”‹ Privilege Escalation\r\n11. πŸ’» Remote Code Execution (RCE)\r\n12. πŸ’‰ SQL Injection\r\n13. 🌐 Server-Side Request Forgery (SSRF)\r\n\r\n## πŸ› οΈ Usage\r\n\r\n1. Ensure you have Rust and its dependencies installed.\r\n2. Clone this repository.\r\n3. Run `cargo build --release` to compile the project.\r\n4. Execute the binary with `cargo run --release`.\r\n\r\nThe analyzer will automatically:\r\n\r\n- Fetch the latest WordPress plugins\r\n- Compare with previous snapshots (if available)\r\n- Download and analyze each plugin\r\n- Report potential vulnerabilities\r\n\r\n## πŸ“Š Output\r\n\r\nThe analyzer provides detailed output for each potential vulnerability found, including:\r\n\r\n- The file name\r\n- The type of vulnerability\r\n- Specific details about the detected issue\r\n\r\n## ⚠️ Disclaimer\r\n\r\nThis tool is intended for educational and security research purposes only. Always verify results manually and respect the WordPress plugin directory's terms of service.\r\n\r\n## 🀝 Contributing\r\n\r\nContributions are welcome! Please feel free to submit a Pull Request.\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facuciureanu%2Fwp-plugins-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Facuciureanu%2Fwp-plugins-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facuciureanu%2Fwp-plugins-analyzer/lists"}