Acunetix Premium - v11.0.163541031
New Features
- Acunetix Enterprise users can now generate their API key to be used for the Acunetix API (contact sales@acunetix.com for more information on the API)
- Selenium IDE files are now supported as Import files in Acunetix v11
- The Acunetix Login Sequence Recorder can now edit login sequence files.
New Vulnerability Tests
- Privilege escalation vulnerability in Joomla! Core
- Multiple vulnerabilities in Joomla! Core, including arbitrary file upload and information disclosure vulnerabilities
- WordPress Plugin Nelio AB Testing Server-Side Request Forgery (SSRF)
- WordPress Plugin WooCommerce Email Test Information Disclosure
- WordPress Plugin All In One WP Security & Firewall Cross-Site Scripting
- WordPress Plugin Podlove Podcast Publisher Cross Site Scripting and SQL Injection Vulnerabilities
- WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection
- WordPress Plugin wpDataTables Lite Cross-Site Scripting
- WordPress Plugin Twitter Cards Meta Cross Site Scripting and Server Side Request Forgery Vulnerabilities
- WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery
- WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting
- WordPress Plugin Delete All Comments Arbitrary File Upload
- WordPress Plugin BP Profile Search PHP Object Injection
- WordPress Plugin Quiz And Survey Master (Formerly Quiz Master Next) Multiple Vulnerabilities
- WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection
- WordPress Plugin Backup & Restore Dropbox PHP Object Injection and Information Disclosure Vulnerabilities
- WordPress Plugin Ultimate Member Security Bypass
- WordPress Plugin Simple Personal Message SQL Injection
- WordPress Plugin WA Form Builder SQL Injection
- WordPress Plugin WP Vault Local File Inclusion
Improvements
- The Acunetix UI will show a message when the license is not activated.
- The Login Sequence Recorder will make use of the proxy settings configured for the Target.
- Better handling of cookies.
Bug Fixes
- Fixed reports generated for targets that have not been scanned
- Fixed allowance of empty Import Files to be uploaded for a Target
- Some information returned by AcuSensor was not reflected in the vulnerability details
- Fixed false positive in the ASP.NET debug mode check
- Various minor updates and fixes