InfoWatch and Vulners cooperation: search for vulnerabilities in popular CMS

You can now search for potential vulnerabilities in the popular CMS and plugins with Application source codes are checked by InfoWatch APPERCUT static source code analyzer.

It is generally known that the most exploited vulnerabilities are not in CMS engines, but in thousands of third-party plugins. Developers rarely fix this vulnerabilities quickly or even don’t fix them at all. You can find examples of such vulnerabilities and exploits with “wordpress plugin bulletinFamily:exploit” request.

Appercut is well suited for CMS analysis. AppercutĀ® Custom Code Scanner supports a wide range of programming languages: 1C 8x, Delphi, Java, JavaScript, LotusScript, PHP, C#, PLSQL, SAP Abap4, T-SQL. One of the main Appercut features is concentration on developer’s undocumented features (backdoors) detection. It is very important in the case of open source software.

APPERCUT bulletin

Appercut bulletin contains all information about found vulnerabilities, including vulnerability decription, criticality and a piece of code where the vulnerability was detected. Vulnerable version of the application is aslo indicated, e.g. “WordPress CMS <= 4.5.2”.

At current moment, 9 bulletins were added for WordPress, Drupal, Joomla, Regular Labs, Apache Apex and Apache Camel.

Appercut bulletins list

In future we are planning to scan all the popular plugins for all popular CMS. Thus, end-users will be able to get information about the potential vulnerabilities in CMS and plugins, before this vulnerability will get any id. We believe that together with Appercut we can make popular CMS much safer!