Title: Plugin Security Scanner
Author: Glen Scott
Published: <strong>2015 年 4 月 13 日</strong>
Last modified: 2019 年 8 月 19 日

---

搜索插件

**该插件尚未通过WordPress的最新3个主要版本进行测试**。 当与较新版本的WordPress一起
使用时，可能不再受到维护或支持，并且可能会存在兼容性问题。

![](https://ps.w.org/plugin-security-scanner/assets/icon-256x256.png?rev=1133757)

# Plugin Security Scanner

 作者：[Glen Scott](https://profiles.wordpress.org/glen_scott/)

[下载](https://downloads.wordpress.org/plugin/plugin-security-scanner.2.0.2.zip)

 * [详情](https://cn.wordpress.org/plugins/plugin-security-scanner/#description)
 * [评价](https://cn.wordpress.org/plugins/plugin-security-scanner/#reviews)
 * [开发进展](https://cn.wordpress.org/plugins/plugin-security-scanner/#developers)

 [支持](https://wordpress.org/support/plugin/plugin-security-scanner/)

## 描述

This plugin determines whether any of your plugins or themes have security vulnerabilities.
It does this by looking up details in the WPScan Vulnerability Database.

It will run a scan once a day, and e-mail the administrator if any vulnerable plugins
or themes are found.

_Please note:_ As from version 2.0.0, you will need to [register on the WPScan Vulnerability Database](https://wpvulndb.com/users/sign_up)
site in order to get an API token. This token is required before any security scans
can be performed. Once you have your token, it can be added to the Plugin Security
Scanner settings page.

You can also register a webhook for notifications. The webhook will trigger daily,
even if no vulnerabilities found. The webhook is a post request, with JSON payload
containing the vulnerabilities.

You can enable the webhook under Settings\General tab – see the Plugin Security 
Scanner settings.

It also adds a new menu option to the admin tools menu called “Plugin Security Scanner”.
Clicking this runs a scan. If the scan finds any problems, it shows you a list of
plugins or themes that have vulnerabilities, along with a description of the issue.

The WPScan Vulnerability Database API, which this plugin uses, is free for non-commercial
use. However, any commercial usage will require that you purchase a commercial license
from WPScan. If you are using the API for your own site then you will not need a
commercial license. However, if you are a hosting company and install the plugin
systematically across all of your clients sites, then you will need to purchase 
a commercial license. If you are making heavy use of the API, it is likely that 
you will need to purchase a commercial license. To enquire about a commercial license,
please contact team@wpvulndb.com

Icons made by [Alessio Atzeni](http://www.flaticon.com/authors/alessio-atzeni) from
[www.flaticon.com](http://www.flaticon.com) is licensed by [CC BY 3.0](http://creativecommons.org/licenses/by/3.0/)

## 屏幕截图

 * [[
 * Example run of the security scanner that has found two vulnerable plugins.
 * [[
 * E-mail alert to administrator when vulnerable plugins have been found.

## 评价

![](https://secure.gravatar.com/avatar/7c50ba4af2e2c4a5374c41982b29ac76bac406970a53cf4892db4d1d57f9b1f6?
s=60&d=retro&r=g)

### 󠀁[Great plugin!](https://wordpress.org/support/topic/great-plugin-9160/)󠁿

 [Julie](https://profiles.wordpress.org/habannah/) 2016 年 9 月 3 日

Peace of mind! Excellent support from the plugin author Proactive maintenance of
the WPScan Vulnerability Database

![](https://secure.gravatar.com/avatar/02ce3fbd1d03b09d4cbe862e253c16dbf9dc0214d84118304aae30083e22bb68?
s=60&d=retro&r=g)

### 󠀁[Fonctionne bien, mais ses messages manque de détails](https://wordpress.org/support/topic/fonctionne-bien-mais-ses-messages-manque-de-details/)󠁿

 [Sabine](https://profiles.wordpress.org/lisettemag/) 2016 年 9 月 3 日 1 回复

Fonctionne très bien, mais j’abuse en espérant une petite amélioration essentielle…
Quand j’ai installé le plugin Zopim Live Chat la semaine dernière, il m’a adressé
dans les 24h un message : —— Vulnerability found: zopim-live-chat <= 1.2.5 – XSS
in ZeroClipboard Scan completed: 1 vulnerability found. —– Un peu court pour savoir
ce qu’il en retourne vraiment, mais le boulot de base est fait. Je suis alertée 
et le support de Zopim aussi. Maintenant, reste à trouver la faille… Plus de détails
seraient le bienvenu surtout quand on doit transmettre à un support.

![](https://secure.gravatar.com/avatar/f94cb8e7107d3093e864f4c0fdc33500e2a418c157d28788d47736f2cb2e37b5?
s=60&d=retro&r=g)

### 󠀁[Could also check WP version](https://wordpress.org/support/topic/could-also-check-wp-version/)󠁿

 [Edir Pedro](https://profiles.wordpress.org/edir/) 2016 年 9 月 3 日

Slow to check because the API service works only one plugin at a time, but good 
enough. Could show the vulnerabilities found direct on Plugins page.

 [ 阅读所有7条评价 ](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/)

## 贡献者及开发者

「Plugin Security Scanner」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ Glen Scott ](https://profiles.wordpress.org/glen_scott/)

[帮助将「Plugin Security Scanner」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/plugin-security-scanner)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/plugin-security-scanner/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/plugin-security-scanner/)，或通过
[RSS](https://plugins.trac.wordpress.org/log/plugin-security-scanner/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/plugin-security-scanner/)。

## 更新日志

#### 2.0.2

 * Clarified 403 error

#### 2.0.1

 * Clarified error message in daily email

#### 2.0.0

 * Use WPScan Vulnerability Database API V3
 * Important notice: to use this plugin, you now need to register a user and get
   an API token from https://wpvulndb.com/users/sign_up
 * Improved error handling

#### 1.6.0

 * Moved settings to dedicated page
 * Added option to ignore unpatched issues

#### 1.5.2

 * Fix: Allow scanning if you are running WordPress nightly or release candidates

#### 1.5.1

 * Added option to ignore ‘WordPress 2.3-4.8.3 – Host Header Injection in Password
   Reset’ vulnerability

#### 1.5.0

 * Checks vulnerabilities in WordPress core files
 * Added ability to send an HTTP request when vulnerabilities are found (webhook)

#### 1.4.1

 * Fix issue with theme version checking

#### 1.4

 * Themes as well as plugins are now scanned for vulnerabilities

#### 1.3.1

 * Added check to make sure the WPVulnDb API has returned a valid response

#### 1.3

 * Added option under “Settings / General / Plugin Security Scanner” to disable 
   the email notification

#### 1.2.1

 * Moved to WPScan Vulnerability Database API v2

#### 1.2.0

 * Added i18n support

#### 1.1.9

 * Fix: Removed unecessary ob_flush calls
 * Fix: If vulnerability does not have a “fixed in” version number, report it as
   a vulnerability

#### 1.1.8

 * Fix: corrected links to WPScan Vulnerability Database

#### 1.1.7

 * Add link to WPScan Vulnerability Database details page

#### 1.1.6

 * Conditionally include plugin.php include in case it is not already included

#### 1.1.5

 * Escape output in HTML report to prevent XSS

#### 1.1.4

 * Added blog title to email subject

#### 1.1.3

 * Fixed bug that prevented admin email being sent

#### 1.1

 * Email admin daily if any vulnerabilities are found

#### 1.0

 * Initial release

## 额外信息

 *  版本 **2.0.2**
 *  最后更新：**7 年前**
 *  活跃安装数量 **800+**
 *  已测试的最高版本为 **5.2.24**
 *  语言
 * [English (US)](https://wordpress.org/plugins/plugin-security-scanner/)
 * 标签
 * [plugins](https://cn.wordpress.org/plugins/tags/plugins/)[scanner](https://cn.wordpress.org/plugins/tags/scanner/)
   [secure](https://cn.wordpress.org/plugins/tags/secure/)[security](https://cn.wordpress.org/plugins/tags/security/)
   [vulnerabilities](https://cn.wordpress.org/plugins/tags/vulnerabilities/)
 *  [高级视图](https://cn.wordpress.org/plugins/plugin-security-scanner/advanced/)

## 评级

 4.9 星（最高 5 星）。

 *  [  6 条 5 星评价     ](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/?filter=5)
 *  [  1 条 4 星评价     ](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/?filter=4)
 *  [  0 条 3 星评价     ](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/?filter=3)
 *  [  0 条 2 星评价     ](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/?filter=2)
 *  [  0 条 1 星评价     ](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/plugin-security-scanner/reviews/)

## 贡献者

 *   [ Glen Scott ](https://profiles.wordpress.org/glen_scott/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/plugin-security-scanner/)