Changeset 3443352

Timestamp:

01/20/2026 03:01:45 PM (2 months ago)

Author:

JavierCasares

Message:

[4.3.1] - 2026-01-20

Fixed

• Dashboard widget now correctly counts only vulnerabilities from enabled components, excluding disabled ones from settings.
• Status badge calculation (Critical/Warning) now properly considers only enabled components when determining severity level.
• Fixed PHPCS warnings for global variables without plugin prefix in wpvulnerability-admin.php and wpvulnerability-adminms.php.

Compatibility

• WordPress: 4.7 - 6.9
• PHP: 5.6 - 8.5
• WP-CLI: 2.3.0 - 2.11.0

Tests

• PHP Coding Standards: 3.13.5
• WordPress Coding Standards: 3.3.0
• Plugin Check (PCP): 1.8.0

Location:

wpvulnerability

Files:

• tags/4.3.1 (added)
• tags/4.3.1/LICENSE (added)
• tags/4.3.1/assets (added)
• tags/4.3.1/assets/admin.css (added)
• tags/4.3.1/assets/admin.css.backup (added)
• tags/4.3.1/assets/admin.js (added)
• tags/4.3.1/assets/banner-1544x500.png (added)
• tags/4.3.1/assets/banner-772x250.png (added)
• tags/4.3.1/assets/icon-128x128.png (added)
• tags/4.3.1/assets/icon-256x256.png (added)
• tags/4.3.1/assets/icon-apache.svg (added)
• tags/4.3.1/assets/icon-curl.svg (added)
• tags/4.3.1/assets/icon-imagemagick.svg (added)
• tags/4.3.1/assets/icon-mariadb.svg (added)
• tags/4.3.1/assets/icon-memcached.svg (added)
• tags/4.3.1/assets/icon-mysql.svg (added)
• tags/4.3.1/assets/icon-nginx.svg (added)
• tags/4.3.1/assets/icon-php.svg (added)
• tags/4.3.1/assets/icon-plugin.svg (added)
• tags/4.3.1/assets/icon-redis.svg (added)
• tags/4.3.1/assets/icon-sqlite.svg (added)
• tags/4.3.1/assets/icon-theme.svg (added)
• tags/4.3.1/assets/icon-wordpress.svg (added)
• tags/4.3.1/assets/icon.svg (added)
• tags/4.3.1/assets/logobug-128.png (added)
• tags/4.3.1/assets/logobug-16.png (added)
• tags/4.3.1/assets/logobug-256.png (added)
• tags/4.3.1/assets/logobug-32.png (added)
• tags/4.3.1/assets/logobug-512.png (added)
• tags/4.3.1/assets/logobug.png (added)
• tags/4.3.1/assets/logobug.svg (added)
• tags/4.3.1/assets/screenshot-1.png (added)
• tags/4.3.1/assets/screenshot-2.png (added)
• tags/4.3.1/assets/screenshot-3.png (added)
• tags/4.3.1/changelog.txt (added)
• tags/4.3.1/class-wpvulnerability-cli.php (added)
• tags/4.3.1/class-wpvulnerability-config-cli.php (added)
• tags/4.3.1/languages (added)
• tags/4.3.1/languages/wpvulnerability.pot (added)
• tags/4.3.1/readme.txt (added)
• tags/4.3.1/security.txt (added)
• tags/4.3.1/wpvulnerability-admin.php (added)
• tags/4.3.1/wpvulnerability-adminms.php (added)
• tags/4.3.1/wpvulnerability-api.php (added)
• tags/4.3.1/wpvulnerability-core.php (added)
• tags/4.3.1/wpvulnerability-debug.php (added)
• tags/4.3.1/wpvulnerability-general.php (added)
• tags/4.3.1/wpvulnerability-notifications.php (added)
• tags/4.3.1/wpvulnerability-plugins.php (added)
• tags/4.3.1/wpvulnerability-process.php (added)
• tags/4.3.1/wpvulnerability-run.php (added)
• tags/4.3.1/wpvulnerability-schedule.php (added)
• tags/4.3.1/wpvulnerability-sitehealth.php (added)
• tags/4.3.1/wpvulnerability-software.php (added)
• tags/4.3.1/wpvulnerability-themes.php (added)
• tags/4.3.1/wpvulnerability.php (added)
• trunk/LICENSE (added)
• trunk/assets/admin.css (modified) (7 diffs)
• trunk/changelog.txt (modified) (1 diff)
• trunk/readme.txt (modified) (3 diffs)
• trunk/wpvulnerability-admin.php (modified) (5 diffs)
• trunk/wpvulnerability-adminms.php (modified) (19 diffs)
• trunk/wpvulnerability.php (modified) (2 diffs)

wpvulnerability/trunk/assets/admin.css

@@ -121 +121 @@
 
 /* ==================================================
-   WPVulnerability Admin Panel Styles
-   Extracted from inline <style> blocks
-   ================================================== */
+    WPVulnerability Admin Panel Styles
+    Extracted from inline <style> blocks
+    ================================================== */
 
 /* ==================================================
-   Notifications Panel
-   ================================================== */
+    Notifications Panel
+    ================================================== */
 .wpvulnerability-notifications-panel .wpvulnerability-security-section {
     background: #fff;
@@ -282 +282 @@
 
 /* ==================================================
-   Analysis Panel
-   ================================================== */
+    Analysis Panel
+    ================================================== */
 .wpvulnerability-analysis-panel .wpvulnerability-security-section {
     background: #fff;
@@ -438 +438 @@
 
 /* ==================================================
-   Logs Panel
-   ================================================== */
+    Logs Panel
+    ================================================== */
 .wpvulnerability-logs-panel .wpvulnerability-security-section {
     background: #fff;
@@ -699 +699 @@
 
 /* ==================================================
-   Tools Panel
-   ================================================== */
+    Tools Panel
+    ================================================== */
 .wpvulnerability-tools-panel .wpvulnerability-tool-card {
     background: #fff;
@@ -838 +838 @@
 
 /* ==================================================
-   About Panel
-   ================================================== */
+    About Panel
+    ================================================== */
 .wpvulnerability-about-panel .wpvulnerability-security-section {
     background: #fff;
@@ -962 +962 @@
 
 /* ==================================================
-   Dashboard Widget
-   ================================================== */
+    Dashboard Widget
+    ================================================== */
         .wpvuln-status-badge {
 display: inline-block;
@@ -1065 +1065 @@
 
 /* ==================================================
-   Security Panel
-   ================================================== */
+    Security Panel
+    ================================================== */
 .wpvulnerability-security-panel h2 {
     margin-top: 0;

wpvulnerability/trunk/changelog.txt

@@ -1 +1 @@
 == Changelog ==
+
+= [4.3.1] - 2026-01-20 =
+
+**Fixed**
+
+* Dashboard widget now correctly counts only vulnerabilities from enabled components, excluding disabled ones from settings.
+* Status badge calculation (Critical/Warning) now properly considers only enabled components when determining severity level.
+* Fixed PHPCS warnings for global variables without plugin prefix in wpvulnerability-admin.php and wpvulnerability-adminms.php.
+
+**Compatibility**
+
+* WordPress: 4.7 - 6.9
+* PHP: 5.6 - 8.5
+* WP-CLI: 2.3.0 - 2.11.0
+
+**Tests**
+
+* PHP Coding Standards: 3.13.5
+* WordPress Coding Standards: 3.3.0
+* Plugin Check (PCP): 1.8.0
 
 = [4.3.0] - 2026-01-19 =

wpvulnerability/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 4.7
 Tested up to: 6.9
-Stable tag: 4.3.0
+Stable tag: 4.3.1
 Requires PHP: 5.6
-Version: 4.3.0
+Version: 4.3.1
 License: GPL-3.0-or-later
 License URI: https://spdx.org/licenses/GPL-3.0-or-later.html
@@ -147 +147 @@
 
 Maximum security (no shell commands):
+
 `define( 'WPVULNERABILITY_SECURITY_MODE', 'strict' );`
 
 Only allow ImageMagick shell detection:
+
 `define( 'WPVULNERABILITY_SHELL_EXEC_WHITELIST', 'imagemagick' );`
 
 Complete disable:
+
 `define( 'WPVULNERABILITY_DISABLE_SHELL_EXEC', true );`
 
@@ -198 +201 @@
 
 == Changelog ==
+
+= [4.3.1] - 2026-01-20 =
+
+**Fixed**
+
+* Dashboard widget now correctly counts only vulnerabilities from enabled components, excluding disabled ones from settings.
+* Status badge calculation (Critical/Warning) now properly considers only enabled components when determining severity level.
+* Fixed PHPCS warnings for global variables without plugin prefix in wpvulnerability-admin.php and wpvulnerability-adminms.php.
+
+**Compatibility**
+
+* WordPress: 4.7 - 6.9
+* PHP: 5.6 - 8.5
+* WP-CLI: 2.3.0 - 2.11.0
+
+**Tests**
+
+* PHP Coding Standards: 3.13.5
+* WordPress Coding Standards: 3.3.0
+* Plugin Check (PCP): 1.8.0
 
 = [4.3.0] - 2026-01-19 =

wpvulnerability/trunk/wpvulnerability-admin.php

@@ -189 +189 @@
             require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-debug.php';
         }
-        $debug_info = wpvulnerability_debug_export_info();
-        $filename   = 'wpvulnerability-debug-' . gmdate( 'Y-m-d-His' ) . '.json';
+        $wpvulnerability_debug_info = wpvulnerability_debug_export_info();
+        $wpvulnerability_filename   = 'wpvulnerability-debug-' . gmdate( 'Y-m-d-His' ) . '.json';
 
         header( 'Content-Type: application/json' );
-        header( 'Content-Disposition: attachment; filename="' . $filename . '"' );
-        header( 'Content-Length: ' . strlen( $debug_info ) );
-        echo $debug_info; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+        header( 'Content-Disposition: attachment; filename="' . $wpvulnerability_filename . '"' );
+        header( 'Content-Length: ' . strlen( $wpvulnerability_debug_info ) );
+        echo $wpvulnerability_debug_info; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
         exit;
     } else {
@@ -231 +231 @@
             require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-notifications.php';
         }
-        $result = wpvulnerability_execute_notification( true );
-        if ( $result ) {
+        $wpvulnerability_result = wpvulnerability_execute_notification( true );
+        if ( $wpvulnerability_result ) {
             set_transient( 'wpvulnerability_message_manual_success', __( 'Notification has been sent.', 'wpvulnerability' ), 10 );
         } else {
@@ -2284 +2284 @@
     $sqlite_count      = (int) json_decode( get_option( 'wpvulnerability-sqlite-vulnerable' ), true );
 
-    // Calculate total vulnerabilities.
-    $total_vulnerabilities = $core_count + $plugins_count + $themes_count + $php_count +
-                            $apache_count + $nginx_count + $mariadb_count + $mysql_count +
-                            $imagemagick_count + $curl_count + $memcached_count + $redis_count + $sqlite_count;
+    // Calculate total vulnerabilities (only for enabled components).
+    $total_vulnerabilities = 0;
+    if ( wpvulnerability_analyze_filter( 'core' ) ) {
+        $total_vulnerabilities += $core_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'plugins' ) ) {
+        $total_vulnerabilities += $plugins_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'themes' ) ) {
+        $total_vulnerabilities += $themes_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'php' ) ) {
+        $total_vulnerabilities += $php_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'apache' ) ) {
+        $total_vulnerabilities += $apache_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'nginx' ) ) {
+        $total_vulnerabilities += $nginx_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'mariadb' ) ) {
+        $total_vulnerabilities += $mariadb_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'mysql' ) ) {
+        $total_vulnerabilities += $mysql_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'imagemagick' ) ) {
+        $total_vulnerabilities += $imagemagick_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'curl' ) ) {
+        $total_vulnerabilities += $curl_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'memcached' ) ) {
+        $total_vulnerabilities += $memcached_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'redis' ) ) {
+        $total_vulnerabilities += $redis_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'sqlite' ) ) {
+        $total_vulnerabilities += $sqlite_count;
+    }
 
     // Determine status badge.
@@ -2295 +2332 @@
 
     if ( $total_vulnerabilities > 0 ) {
-        if ( $core_count > 0 || $php_count > 0 || $total_vulnerabilities > 5 ) {
+        if ( ( wpvulnerability_analyze_filter( 'core' ) && $core_count > 0 ) ||
+            ( wpvulnerability_analyze_filter( 'php' ) && $php_count > 0 ) ||
+            $total_vulnerabilities > 5 ) {
             $status_class = 'wpvuln-status-critical';
             $status_icon  = '✕';
@@ -3028 +3067 @@
 
     // Test API.
-    $result = wpvulnerability_debug_test_api_component( $component );
-
-    wp_send_json_success( $result );
+    $wpvulnerability_result = wpvulnerability_debug_test_api_component( $component );
+
+    wp_send_json_success( $wpvulnerability_result );
 }
 add_action( 'wp_ajax_wpvulnerability_test_api', 'wpvulnerability_ajax_test_api' );

wpvulnerability/trunk/wpvulnerability-adminms.php

@@ -79 +79 @@
         if ( check_admin_referer( 'wpvulnerability_nonce', 'wpauto_nonce' ) ) {
 
-                if ( isset( $_POST['wpvulnerability-config'] ) ) {
+            if ( isset( $_POST['wpvulnerability-config'] ) ) {
 
                 $post_config = filter_input( INPUT_POST, 'wpvulnerability-config', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY );
@@ -211 +211 @@
      * @since 3.0.0
      */
-        if ( isset( $_POST['wpvulnerability_reset'] ) && check_admin_referer( 'wpvulnerability_reset_action', 'wpvulnerability_reset_nonce' ) ) {
-    
+    if ( isset( $_POST['wpvulnerability_reset'] ) && check_admin_referer( 'wpvulnerability_reset_action', 'wpvulnerability_reset_nonce' ) ) {
+
         if ( current_user_can( 'manage_network_options' ) ) {
             // Calls the reset function.
             wpvulnerability_update_database_data();
-    
+
             set_transient( 'wpvulnerability_message_manual_success', __( 'Data from source has been reloaded.', 'wpvulnerability' ), 10 );
         } else {
@@ -222 +222 @@
         }
     }
-    
+
     /**
      * Send an test email
@@ -229 +229 @@
      */
     if ( isset( $_POST['wpvulnerability_email'] ) && check_admin_referer( 'wpvulnerability_email_action', 'wpvulnerability_email_nonce' ) ) {
-    
+
         if ( ! function_exists( 'wpvulnerability_execute_notification' ) ) {
             require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-core.php';
@@ -238 +238 @@
             require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-notifications.php';
         }
-    
+
         // Calls the notifications function, forced.
         if ( current_user_can( 'manage_network_options' ) ) {
             $wpmail = wpvulnerability_execute_notification( true );
-    
+
             if ( $wpmail ) {
-    
+
                 set_transient( 'wpvulnerability_message_manual_success', __( 'Test email has been sent.', 'wpvulnerability' ), 10 );
-    
+
             } else {
-    
+
                 set_transient( 'wpvulnerability_message_manual_error', __( 'Test email has failed. Please, check your email settings.', 'wpvulnerability' ), 10 );
-    
+
             }
         } else {
@@ -256 +256 @@
         }
     }
-    
+
     /**
      * Repairs scheduled cron events across the network.
@@ -265 +265 @@
         if ( current_user_can( 'manage_network_options' ) ) {
             $wpvulnerability_settings = get_site_option( 'wpvulnerability-config', array() );
-            $cron_config = is_array( $wpvulnerability_settings ) ? $wpvulnerability_settings : array();
+            $cron_config              = is_array( $wpvulnerability_settings ) ? $wpvulnerability_settings : array();
             wpvulnerability_repair_network_cron_events( $cron_config );
             set_transient( 'wpvulnerability_message_manual_success', __( 'WPVulnerability cron events have been repaired across the network.', 'wpvulnerability' ), 10 );
@@ -272 +272 @@
         }
     }
-    
+
     /**
      * Delete all stored API logs across the network.
@@ -286 +286 @@
         }
     }
-    
+
     /**
      * Fully resets plugin data, settings, and cached API content across the network.
@@ -300 +300 @@
         }
     }
-    
+
     /**
      * Handles debug action: Clear all caches.
@@ -317 +317 @@
         }
     }
-    
+
     /**
      * Handles debug action: Reset signatures.
@@ -334 +334 @@
         }
     }
-    
+
     /**
      * Handles debug action: Export debug info.
@@ -345 +345 @@
                 require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-debug.php';
             }
-            $debug_info = wpvulnerability_debug_export_info();
-            $filename   = 'wpvulnerability-debug-' . gmdate( 'Y-m-d-His' ) . '.json';
-    
+            $wpvulnerability_debug_info = wpvulnerability_debug_export_info();
+            $wpvulnerability_filename   = 'wpvulnerability-debug-' . gmdate( 'Y-m-d-His' ) . '.json';
+
             header( 'Content-Type: application/json' );
-            header( 'Content-Disposition: attachment; filename="' . $filename . '"' );
-            header( 'Content-Length: ' . strlen( $debug_info ) );
-            echo $debug_info; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+            header( 'Content-Disposition: attachment; filename="' . $wpvulnerability_filename . '"' );
+            header( 'Content-Length: ' . strlen( $wpvulnerability_debug_info ) );
+            echo $wpvulnerability_debug_info; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
             exit;
         } else {
@@ -357 +357 @@
         }
     }
-    
+
     /**
      * Handles debug action: Run update database now.
@@ -371 +371 @@
         }
     }
-    
+
     /**
      * Handles debug action: Run notification now.
@@ -387 +387 @@
                 require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-notifications.php';
             }
-            $result = wpvulnerability_execute_notification( true );
-            if ( $result ) {
+            $wpvulnerability_result = wpvulnerability_execute_notification( true );
+            if ( $wpvulnerability_result ) {
                 set_transient( 'wpvulnerability_message_manual_success', __( 'Notification has been sent.', 'wpvulnerability' ), 10 );
             } else {
@@ -2189 +2189 @@
     $sqlite_count      = (int) json_decode( get_site_option( 'wpvulnerability-sqlite-vulnerable' ), true );
 
-    // Calculate total vulnerabilities.
-    $total_vulnerabilities = $core_count + $plugins_count + $themes_count + $php_count +
-                            $apache_count + $nginx_count + $mariadb_count + $mysql_count +
-                            $imagemagick_count + $curl_count + $memcached_count + $redis_count + $sqlite_count;
+    // Calculate total vulnerabilities (only for enabled components).
+    $total_vulnerabilities = 0;
+    if ( wpvulnerability_analyze_filter( 'core' ) ) {
+        $total_vulnerabilities += $core_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'plugins' ) ) {
+        $total_vulnerabilities += $plugins_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'themes' ) ) {
+        $total_vulnerabilities += $themes_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'php' ) ) {
+        $total_vulnerabilities += $php_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'apache' ) ) {
+        $total_vulnerabilities += $apache_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'nginx' ) ) {
+        $total_vulnerabilities += $nginx_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'mariadb' ) ) {
+        $total_vulnerabilities += $mariadb_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'mysql' ) ) {
+        $total_vulnerabilities += $mysql_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'imagemagick' ) ) {
+        $total_vulnerabilities += $imagemagick_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'curl' ) ) {
+        $total_vulnerabilities += $curl_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'memcached' ) ) {
+        $total_vulnerabilities += $memcached_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'redis' ) ) {
+        $total_vulnerabilities += $redis_count;
+    }
+    if ( wpvulnerability_analyze_filter( 'sqlite' ) ) {
+        $total_vulnerabilities += $sqlite_count;
+    }
 
     // Determine status badge.
@@ -2200 +2237 @@
 
     if ( $total_vulnerabilities > 0 ) {
-        if ( $core_count > 0 || $php_count > 0 || $total_vulnerabilities > 5 ) {
+        if ( ( wpvulnerability_analyze_filter( 'core' ) && $core_count > 0 ) ||
+            ( wpvulnerability_analyze_filter( 'php' ) && $php_count > 0 ) ||
+            $total_vulnerabilities > 5 ) {
             $status_class = 'wpvuln-status-critical';
             $status_icon  = '✕';
@@ -3275 +3314 @@
 
     // Test API.
-    $result = wpvulnerability_debug_test_api_component( $component );
-
-    wp_send_json_success( $result );
+    $wpvulnerability_result = wpvulnerability_debug_test_api_component( $component );
+
+    wp_send_json_success( $wpvulnerability_result );
 }
 add_action( 'wp_ajax_wpvulnerability_test_api', 'wpvulnerability_ajax_network_test_api' );

wpvulnerability/trunk/wpvulnerability.php

@@ -2 +2 @@
 /**
  * Plugin Name: WPVulnerability
- * Plugin URI: https://www.wpvulnerability.com/
+ * Plugin URI: https://www.wpvulnerability.com/plugin/
  * Description: Receive information about possible vulnerabilities in your WordPress from WordPress Vulnerability Database API.
  * Requires at least: 4.7
  * Requires PHP: 5.6
- * Version: 4.3.0
- * Author: Javier Casares
- * Author URI: https://www.javiercasares.com/
- * License: GPL-2.0-or-later
- * License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
+ * Version: 4.3.1
+ * Author: ROBOTSTXT
+ * Author URI: https://www.robotstxt.es/
+ * License: GPL-3.0-or-later
+ * License URI: https://www.gnu.org/licenses/gpl-3.0.txt
  * Text Domain: wpvulnerability
  * Domain Path: /languages
@@ -24 +24 @@
  * Set some constants that I can change in future versions.
  */
-define( 'WPVULNERABILITY_PLUGIN_VERSION', '4.3.0' );
+define( 'WPVULNERABILITY_PLUGIN_VERSION', '4.3.1' );
 define( 'WPVULNERABILITY_API_HOST', 'https://www.wpvulnerability.net/' );