CMS pluginWordPress
WordPress plugins, checked for backdoors on every version.
A compromised plugin update can add a rogue administrator, drop a webshell, or inject SEO spam. Extuno diffs each release, reads the PHP for backdoors and webshells, and runs the plugin in a segmented sandbox - with static, dynamic, and AI analysis on every scan.
WordPress - live inspectionInspecting
Social Warfare 4.4.7.3
WordPress plugin
4.4.6.4->4.4.6.4WordPress plugin
Static
Dynamic
AI
Analyzing update
What Extuno catches in WordPress
Evidence, not guesswork.
Each finding names the change, why it is dangerous, and the recommended action.
Diff finding
Rogue administrator
The sandbox watches the plugin create a hidden admin account at runtime and mail the credentials out.
Critical
Diff finding
Injected webshell
A file gains an eval() over request data, a remote-controlled shell.
Critical
Diff finding
SEO-spam injection
The plugin starts appending hidden links to the site footer.
Review
See it on a poisoned update
A benign plugin poisoned in a later version
Extuno diffs the update, reads the new PHP, and flags the code that creates a hidden admin.
- + Vulnerability and secret-leak testing on every version
- + Static analysis reads the code without running it
- + Dynamic sandbox runs it live and records behavior
- + AI code analysis reads the full source and correlates the change against prior versions
your-site
Contact Form 7 5.9
WooCommerce 8.6
Yoast SEO 22.0
Social Warfare 4.4.6.4upgrader_process_complete
Socialwp-cdn-stats.net
Scan your first WordPress extension free.
Your first 5 credits are free - that is 5 full scans, no card required.