Acunetix v11 (build 163541031) has been released. This new build includes a new API, which is available to all our Acunetix Enterprise customers, and re-introduces the importation of Selenium IDE scripts. In addition, the new build includes a set of Joomla! Core and WordPress plugin vulnerability checks.
- Acunetix Enterprise users can now generate their API key to be used for the Acunetix API (contact firstname.lastname@example.org for more information on the API)
- Selenium IDE files are now supported as Import files in Acunetix v11
- The Acunetix Login Sequence Recorder can now edit login sequence files.
- The Acunetix UI will show a message when the license is not activated.
- The Login Sequence Recorder will make use of the proxy settings configured for the Target.
- Better handling of cookies
New vulnerability checks
- Privilege escalation vulnerability in Joomla! Core
- Multiple vulnerabilities in Joomla! Core, including arbitrary file upload and information disclosure vulnerabilities
- WordPress Plugin Nelio AB Testing Server-Side Request Forgery (SSRF)
- WordPress Plugin WooCommerce Email Test Information Disclosure
- WordPress Plugin All In One WP Security & Firewall Cross-Site Scripting
- WordPress Plugin Podlove Podcast Publisher Cross Site Scripting and SQL Injection Vulnerabilities
- WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection
- WordPress Plugin wpDataTables Lite Cross-Site Scripting
- WordPress Plugin Twitter Cards Meta Cross Site Scripting and Server Side Request Forgery Vulnerabilities
- WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery
- WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting
- WordPress Plugin Delete All Comments Arbitrary File Upload
- WordPress Plugin BP Profile Search PHP Object Injection
- WordPress Plugin Quiz And Survey Master (Formerly Quiz Master Next) Multiple Vulnerabilities
- WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection
- WordPress Plugin Backup & Restore Dropbox PHP Object Injection and Information Disclosure Vulnerabilities
- WordPress Plugin Ultimate Member Security Bypass
- WordPress Plugin Simple Personal Message SQL Injection
- WordPress Plugin WA Form Builder SQL Injection
- WordPress Plugin WP Vault Local File Inclusion
- Reports can be generated for targets that have not been scanned
- The UI allowed empty Import Files to be uploaded for a Target
- Fixed false positive in the ASP.NET debug mode check
- Some information returned by AcuSensor was not reflected in the vulnerability details
- Various minor updates and fixes