Acunetix v12 (build 12.0.180628131) has been released. This new build detects an unfixed WordPress file deletion vulnerability, vulnerabilities in multiple WordPress Plugins and two Joomla! Core vulnerabilities. Below is a full list of updates.
New Features and Vulnerability tests
- New test for WordPress Arbitrary File Deletion Vulnerability described here and here (CVE-2018-12895)
- Added detection of vulnerabilities in the following wordpress plugins:
- Advanced Order Export For WooCommerce (CVE-2018-11525)
- WordPress Comments Import & Export (CVE-2018-11526)
- iThemes Security (formerly Better WP Security) (CVE-2018-12636)
- ChimpMate-WordPress MailChimp Assistant
- FireDrum Email Marketing
- New test for Joomla! Core Local File Inclusion (CVE-2018-12712)
- New test for Joomla! Core Cross-Site Scripting (CVE-2018-12711)
Fixes
- Fixed issue with NTLM HTTP Authentication
- Fixed issue causing some pages not to load correctly in the LSR
- Fixed 2 false positives for “User controllable charset” and “User controllable script source”
- Fixed issue in handling HAR import files.
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you have not yet installed or upgraded to Acunetix v12, you may download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Nicholas Sciberras
Principal Program Manager
Principal Program Manager
