New Acunetix build introduces a new web API, and new set of Joomla! Core and WordPress plugin vulnerability checks

Acunetix v11 (build 163541031) has been released. This new build includes a new API, which is available to all our Acunetix Enterprise customers, and re-introduces the importation of Selenium IDE scripts. In addition, the new build includes a set of Joomla! Core and WordPress plugin vulnerability checks.

New features

• Acunetix Enterprise users can now generate their API key to be used for the Acunetix API (contact sales@acunetix.com for more information on the API)
• Selenium IDE files are now supported as Import files in Acunetix v11
• The Acunetix Login Sequence Recorder can now edit login sequence files.

Updates

• The Acunetix UI will show a message when the license is not activated.
• The Login Sequence Recorder will make use of the proxy settings configured for the Target.
• Better handling of cookies

New vulnerability checks

• Privilege escalation vulnerability in Joomla! Core
• Multiple vulnerabilities in Joomla! Core, including arbitrary file upload and information disclosure vulnerabilities
• WordPress Plugin Nelio AB Testing Server-Side Request Forgery (SSRF)
• WordPress Plugin WooCommerce Email Test Information Disclosure
• WordPress Plugin All In One WP Security & Firewall Cross-Site Scripting
• WordPress Plugin Podlove Podcast Publisher Cross Site Scripting and SQL Injection Vulnerabilities
• WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection
• WordPress Plugin wpDataTables Lite Cross-Site Scripting
• WordPress Plugin Twitter Cards Meta Cross Site Scripting and Server Side Request Forgery Vulnerabilities
• WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery
• WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting 
• WordPress Plugin Delete All Comments Arbitrary File Upload
• WordPress Plugin BP Profile Search PHP Object Injection
• WordPress Plugin Quiz And Survey Master (Formerly Quiz Master Next) Multiple Vulnerabilities
• WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection
• WordPress Plugin Backup & Restore Dropbox PHP Object Injection and Information Disclosure Vulnerabilities
• WordPress Plugin Ultimate Member Security Bypass
• WordPress Plugin Simple Personal Message SQL Injection
• WordPress Plugin WA Form Builder SQL Injection
• WordPress Plugin WP Vault Local File Inclusion

Fixes

• Reports can be generated for targets that have not been scanned
• The UI allowed empty Import Files to be uploaded for a Target
• Fixed false positive in the ASP.NET debug mode check
• Some information returned by AcuSensor was not reflected in the vulnerability details
• Various minor updates and fixes

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.