diff --git a/assets/admin.css b/assets/admin.css
index dba46bf..a7f8448 100644
--- a/assets/admin.css
+++ b/assets/admin.css
@@ -11,6 +11,9 @@
opacity: 0;
}
}
+
+/* Admin plugins table styles */
+
.plugins-php .vulnerability {
background-color: var(--red-mediun);
padding: 4px;
@@ -18,7 +21,6 @@
.plugins-php .vulnerability .alert {
color: white;
}
-/* Admin plugins table styles */
.plugins tr.wpvulnerability td, .plugins tr.wpvulnerability.active td {
background-color: var(--red-light);
}
@@ -33,6 +35,26 @@
.plugins tr.wpvulnerability p.text-red, .plugins tr.wpvulnerability.active p.text-red {
color: var(--red-mediun)
}
+
+/* Admin core table styles */
+
+.update-core-php table.wpvulnerability td {
+ background-color: var(--red-light);
+}
+.update-core-php table.wpvulnerability tr:before {
+ background-color: var(--red-light);
+ content: "";
+ display: table-cell;
+}
+.update-core-php table.wpvulnerability tr.active::before {
+ border-left: 4px solid var( --red-mediun );
+}
+.update-core-php p.text-red {
+ color: var(--red-mediun)
+}
+
+/* Configuration header */
+
.wpvulnerability-header {
background-color: #1d73be;
margin-left: -20px;
@@ -51,18 +73,21 @@
margin: 0;
}
-/* Admin core table styles */
-.update-core-php table.wpvulnerability td {
- background-color: var(--red-light);
+/* Configuration flex */
+
+.wpvulnerability-container {
+ display: flex;
+ flex-direction: row;
+ gap: 20px;
}
-.update-core-php table.wpvulnerability tr:before {
- background-color: var(--red-light);
- content: "";
- display: table-cell;
+
+.wpvulnerability-column {
+ flex: 1;
}
-.update-core-php table.wpvulnerability tr.active::before {
- border-left: 4px solid var( --red-mediun );
+
+/* Diseño móvil */
+@media (max-width: 1280px) {
+ .wpvulnerability-container {
+ flex-direction: column;
+ }
}
-.update-core-php p.text-red {
- color: var(--red-mediun)
-}
\ No newline at end of file
diff --git a/assets/icon-mariadb.svg b/assets/icon-mariadb.svg
new file mode 100644
index 0000000..7ada63a
--- /dev/null
+++ b/assets/icon-mariadb.svg
@@ -0,0 +1,2 @@
+
+file_type_mariadb ' . esc_html( (string) $wpvulnerability_message_manual_success ) . '
';
+ delete_transient( 'wpvulnerability_message_manual_success' );
+ unset( $wpvulnerability_message_manual_success );
+ }
+ $wpvulnerability_message_manual_error = get_transient( 'wpvulnerability_message_manual_error' );
+ if ( $wpvulnerability_message_manual_error ) {
+ echo '' . esc_html( (string) $wpvulnerability_message_manual_error ) . '
-
' . esc_html( (string) $wpvulnerability_message_manual_success ) . '
' . esc_html( (string) $wpvulnerability_message_manual_error ) . '
- >
- >
-
+
+
+
+
+
+
-
- >
- >
- >
- >
- >
- >
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
0,
'apache' => 0,
'nginx' => 0,
+ 'mariadb' => 0,
+ 'mysql' => 0,
);
foreach ( $input as $data ) {
@@ -436,6 +708,12 @@ function wpvulnerability_analyze_sanitize( $input ) {
case 'nginx':
$sanitized_values['nginx'] = 1;
break;
+ case 'mariadb':
+ $sanitized_values['mariadb'] = 1;
+ break;
+ case 'mysql':
+ $sanitized_values['mysql'] = 1;
+ break;
}
}
@@ -518,6 +796,40 @@ function wpvulnerability_admin_dashboard_content() {
$msg_nginx = sprintf( __( 'nginx %s: ', 'wpvulnerability' ), $wpvulnerability_test_nginx_version ) . sprintf( _n( '%d vulnerability', '%d vulnerabilities', $wpvulnerability_test_nginx_counter, 'wpvulnerability' ), $wpvulnerability_test_nginx_counter );
}
+ // Get the number of mariadb vulnerabilites from cache.
+ $show_mariadb = false;
+ $msg_mariadb = null;
+ $sqlserver = wpvulnerability_detect_sqlserver();
+ if ( isset( $sqlserver['id'] ) && 'mariadb' === $sqlserver['id'] && isset( $sqlserver['version'] ) && $sqlserver['version'] ) {
+ // Get the mariadb version.
+ $mariadb_version = wp_kses( (string) $sqlserver['version'], 'strip' );
+ $wpvulnerability_test_mariadb_counter = json_decode( get_option( 'wpvulnerability-mariadb-vulnerable' ) );
+ if ( ! is_numeric( $wpvulnerability_test_mariadb_counter ) ) {
+ $wpvulnerability_test_mariadb_counter = 0;
+ }
+ $wpvulnerability_test_mariadb_version = wpvulnerability_sanitize_version_mariadb( $mariadb_version );
+ $show_mariadb = true;
+ /* translators: Show the number of vulnerabilities in a WP-Admin dashboard */
+ $msg_mariadb = sprintf( __( 'MariaDB %s: ', 'wpvulnerability' ), $wpvulnerability_test_mariadb_version ) . sprintf( _n( '%d vulnerability', '%d vulnerabilities', $wpvulnerability_test_mariadb_counter, 'wpvulnerability' ), $wpvulnerability_test_mariadb_counter );
+ }
+
+ // Get the number of mysql vulnerabilites from cache.
+ $show_mysql = false;
+ $msg_mysql = null;
+ $sqlserver = wpvulnerability_detect_sqlserver();
+ if ( isset( $sqlserver['id'] ) && 'mysql' === $sqlserver['id'] && isset( $sqlserver['version'] ) && $sqlserver['version'] ) {
+ // Get the mysql version.
+ $mysql_version = wp_kses( (string) $sqlserver['version'], 'strip' );
+ $wpvulnerability_test_mysql_counter = json_decode( get_option( 'wpvulnerability-mysql-vulnerable' ) );
+ if ( ! is_numeric( $wpvulnerability_test_mysql_counter ) ) {
+ $wpvulnerability_test_mysql_counter = 0;
+ }
+ $wpvulnerability_test_mysql_version = wpvulnerability_sanitize_version_mysql( $mysql_version );
+ $show_mysql = true;
+ /* translators: Show the number of vulnerabilities in a WP-Admin dashboard */
+ $msg_mysql = sprintf( __( 'MySQL %s: ', 'wpvulnerability' ), $wpvulnerability_test_mysql_version ) . sprintf( _n( '%d vulnerability', '%d vulnerabilities', $wpvulnerability_test_mysql_counter, 'wpvulnerability' ), $wpvulnerability_test_mysql_counter );
+ }
+
// Show the widget.
echo esc_html( __( 'Vulnerability analysis of your WordPress installation:', 'wpvulnerability' ) );
echo '';
@@ -566,6 +878,22 @@ function wpvulnerability_admin_dashboard_content() {
}
}
+ if ( $show_mariadb ) {
+ if ( wpvulnerability_analyze_filter( 'mariadb' ) && ! $wpvulnerability_test_mariadb_counter ) {
+ echo '✔️ ';
+ } elseif ( wpvulnerability_analyze_filter( 'mariadb' ) ) {
+ echo '❌ ';
+ }
+ }
+
+ if ( $show_mysql ) {
+ if ( wpvulnerability_analyze_filter( 'mysql' ) && ! $wpvulnerability_test_mysql_counter ) {
+ echo '✔️ ';
+ } elseif ( wpvulnerability_analyze_filter( 'mysql' ) ) {
+ echo '❌ ';
+ }
+ }
+
echo ' ';
echo esc_html( __( 'More information? Visit', 'wpvulnerability' ) ) . ' ' . esc_html( __( 'Site Health' ) ) . ' ';
@@ -639,7 +967,7 @@ function wpvulnerability_admin_init() {
// Add a section to the settings page.
add_settings_section(
'admin_wpvulnerability_analyze',
- __( 'Vulnerabilities to exclude', 'wpvulnerability' ),
+ __( 'Vulnerabilities to hide', 'wpvulnerability' ),
'wpvulnerability_admin_section_analyze',
'wpvulnerability-analyze'
);
@@ -647,7 +975,7 @@ function wpvulnerability_admin_init() {
// Add a field to the settings page for analyzing things.
add_settings_field(
'wpvulnerability_analyze',
- __( 'What do you want to exlude?', 'wpvulnerability' ),
+ __( 'What do you want to hide?', 'wpvulnerability' ),
'wpvulnerability_admin_analyze_callback',
'wpvulnerability-analyze',
'admin_wpvulnerability_analyze'
diff --git a/wpvulnerability-adminms.php b/wpvulnerability-adminms.php
index 7a42a0b..27c1251 100644
--- a/wpvulnerability-adminms.php
+++ b/wpvulnerability-adminms.php
@@ -136,9 +136,11 @@ function wpvulnerability_create_admin_page() {
'php' => 0,
'apache' => 0,
'nginx' => 0,
+ 'mariadb' => 0,
+ 'mysql' => 0,
);
- $wpvulnerability_values = array_map( 'absint', $_POST['wpvulnerability-analyze'] );
+ $wpvulnerability_values = array_map( 'sanitize_text_field', wp_unslash( $_POST['wpvulnerability-analyze'] ) );
foreach ( $wpvulnerability_values as $data ) {
switch ( $data ) {
@@ -160,6 +162,12 @@ function wpvulnerability_create_admin_page() {
case 'nginx':
$wpvulnerability_sanitized_values['nginx'] = 1;
break;
+ case 'mariadb':
+ $wpvulnerability_sanitized_values['mariadb'] = 1;
+ break;
+ case 'mysql':
+ $wpvulnerability_sanitized_values['mysql'] = 1;
+ break;
}
}
@@ -172,6 +180,8 @@ function wpvulnerability_create_admin_page() {
'php' => $wpvulnerability_sanitized_values['php'],
'apache' => $wpvulnerability_sanitized_values['apache'],
'nginx' => $wpvulnerability_sanitized_values['nginx'],
+ 'mariadb' => $wpvulnerability_sanitized_values['mariadb'],
+ 'mysql' => $wpvulnerability_sanitized_values['mysql'],
)
);
@@ -244,22 +254,24 @@ function wpvulnerability_create_admin_page() {
+ ' . esc_html( (string) $wpvulnerability_message_manual_success ) . '
';
+ delete_transient( 'wpvulnerability_message_manual_success' );
+ unset( $wpvulnerability_message_manual_success );
+ }
+ $wpvulnerability_message_manual_error = get_transient( 'wpvulnerability_message_manual_error' );
+ if ( $wpvulnerability_message_manual_error ) {
+ echo '' . esc_html( (string) $wpvulnerability_message_manual_error ) . '
-
' . esc_html( (string) $wpvulnerability_message_manual_success ) . '
' . esc_html( (string) $wpvulnerability_message_manual_error ) . '
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
- >
- >
-
+
+
+
+
+
+
-
- >
- >
- >
- >
- >
- >
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
';
@@ -608,6 +924,22 @@ function wpvulnerability_admin_dashboard_content() {
}
}
+ if ( $show_mariadb ) {
+ if ( wpvulnerability_analyze_filter( 'mariadb' ) && ! $wpvulnerability_test_mariadb_counter ) {
+ echo '✔️ ';
+ } elseif ( wpvulnerability_analyze_filter( 'mariadb' ) ) {
+ echo '❌ ';
+ }
+ }
+
+ if ( $show_mysql ) {
+ if ( wpvulnerability_analyze_filter( 'mysql' ) && ! $wpvulnerability_test_mysql_counter ) {
+ echo '✔️ ';
+ } elseif ( wpvulnerability_analyze_filter( 'mysql' ) ) {
+ echo '❌ ';
+ }
+ }
+
echo '';
echo esc_html( __( 'More information? Visit', 'wpvulnerability' ) ) . ' ' . esc_html( __( 'Site Health' ) ) . ' ';
@@ -685,7 +1017,7 @@ function wpvulnerability_admin_init() {
// Add a section to the settings page.
add_settings_section(
'admin_wpvulnerability_analyze',
- __( 'Vulnerabilities to exclude', 'wpvulnerability' ),
+ __( 'Vulnerabilities to hide', 'wpvulnerability' ),
'wpvulnerability_admin_section_analyze',
'wpvulnerability-analyze'
);
@@ -693,7 +1025,7 @@ function wpvulnerability_admin_init() {
// Add a field to the settings page for analyzing things.
add_settings_field(
'wpvulnerability_analyze',
- __( 'What do you want to exlude?', 'wpvulnerability' ),
+ __( 'What do you want to hide?', 'wpvulnerability' ),
'wpvulnerability_admin_analyze_callback',
'wpvulnerability-analyze',
'admin_wpvulnerability_analyze'
diff --git a/wpvulnerability-api.php b/wpvulnerability-api.php
index 51d417a..b808f12 100644
--- a/wpvulnerability-api.php
+++ b/wpvulnerability-api.php
@@ -459,6 +459,132 @@ function wpvulnerability_rest_nginx_vulnerabilities() {
return new WP_REST_Response( $nginx_complete, 200 );
}
+/**
+ * Handles the MariaDB vulnerabilities REST API request.
+ *
+ * This function processes the request to retrieve MariaDB vulnerabilities.
+ * It loads the necessary files and fetches the vulnerability data for MariaDB,
+ * then returns the data in a structured format.
+ *
+ * @since 3.4.0
+ *
+ * @return WP_REST_Response MariaDB vulnerabilities data or an empty array if none found.
+ */
+function wpvulnerability_rest_mariadb_vulnerabilities() {
+
+ // Include the files necessary for retrieving MariaDB vulnerabilities.
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-general.php';
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mariadb.php';
+
+ // Retrieve the MariaDB vulnerabilities.
+ $mariadb_vulnerabilities = wpvulnerability_mariadb_get_vulnerabilities();
+
+ $mariadb_complete = array();
+
+ if ( isset( $mariadb_vulnerabilities['vulnerabilities'] ) ) {
+
+ $webserver = wpvulnerability_detect_webserver();
+
+ // Check if the web server is MariaDB and has a version.
+ if ( isset( $webserver['id'] ) && 'mariadb' === $webserver['id'] && isset( $webserver['version'] ) && $webserver['version'] ) {
+
+ // Loop through each MariaDB vulnerability.
+ foreach ( $mariadb_vulnerabilities['vulnerabilities'] as $mariadb ) {
+
+ $mariadb_complete_temp = array();
+
+ // Process MariaDB version and affected versions.
+ $mariadb_complete_temp['version'] = trim( html_entity_decode( wp_kses( (string) $mariadb['version'], 'strip' ) ) );
+ $mariadb_complete_temp['affected'] = trim( html_entity_decode( wp_kses( (string) $mariadb['versions'], 'strip' ) ) );
+ $mariadb_complete_temp['unfixed'] = (int) $mariadb['unfixed'];
+
+ // Process vulnerability sources.
+ $mariadb_complete_temp['source'] = array();
+ if ( isset( $mariadb['source'] ) && count( $mariadb['source'] ) ) {
+ foreach ( $mariadb['source'] as $vulnerability_source ) {
+ $mariadb_complete_temp['source'][] = array(
+ 'name' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['id'], 'strip' ) ) ),
+ 'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['description'], 'strip' ) ) ),
+ 'link' => esc_url_raw( (string) $vulnerability_source['link'], 'strip' ),
+ );
+ }
+ }
+
+ // Add processed vulnerability to the complete array.
+ $mariadb_complete[] = $mariadb_complete_temp;
+ unset( $mariadb_complete_temp, $mariadb );
+
+ }
+ }
+ }
+
+ // Return the vulnerabilities in the response.
+ return new WP_REST_Response( $mariadb_complete, 200 );
+}
+
+/**
+ * Handles the MySQL vulnerabilities REST API request.
+ *
+ * This function processes the request to retrieve MySQL vulnerabilities.
+ * It loads the necessary files and fetches the vulnerability data for MySQL,
+ * then returns the data in a structured format.
+ *
+ * @since 3.4.0
+ *
+ * @return WP_REST_Response MySQL vulnerabilities data or an empty array if none found.
+ */
+function wpvulnerability_rest_mysql_vulnerabilities() {
+
+ // Include the files necessary for retrieving MySQL vulnerabilities.
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-general.php';
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mysql.php';
+
+ // Retrieve the MySQL vulnerabilities.
+ $mysql_vulnerabilities = wpvulnerability_mysql_get_vulnerabilities();
+
+ $mysql_complete = array();
+
+ if ( isset( $mysql_vulnerabilities['vulnerabilities'] ) ) {
+
+ $webserver = wpvulnerability_detect_webserver();
+
+ // Check if the web server is MySQL and has a version.
+ if ( isset( $webserver['id'] ) && 'mysql' === $webserver['id'] && isset( $webserver['version'] ) && $webserver['version'] ) {
+
+ // Loop through each MySQL vulnerability.
+ foreach ( $mysql_vulnerabilities['vulnerabilities'] as $mysql ) {
+
+ $mysql_complete_temp = array();
+
+ // Process MySQL version and affected versions.
+ $mysql_complete_temp['version'] = trim( html_entity_decode( wp_kses( (string) $mysql['version'], 'strip' ) ) );
+ $mysql_complete_temp['affected'] = trim( html_entity_decode( wp_kses( (string) $mysql['versions'], 'strip' ) ) );
+ $mysql_complete_temp['unfixed'] = (int) $mysql['unfixed'];
+
+ // Process vulnerability sources.
+ $mysql_complete_temp['source'] = array();
+ if ( isset( $mysql['source'] ) && count( $mysql['source'] ) ) {
+ foreach ( $mysql['source'] as $vulnerability_source ) {
+ $mysql_complete_temp['source'][] = array(
+ 'name' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['id'], 'strip' ) ) ),
+ 'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['description'], 'strip' ) ) ),
+ 'link' => esc_url_raw( (string) $vulnerability_source['link'], 'strip' ),
+ );
+ }
+ }
+
+ // Add processed vulnerability to the complete array.
+ $mysql_complete[] = $mysql_complete_temp;
+ unset( $mysql_complete_temp, $mysql );
+
+ }
+ }
+ }
+
+ // Return the vulnerabilities in the response.
+ return new WP_REST_Response( $mysql_complete, 200 );
+}
+
/**
* Custom permission check for the WPVulnerability REST API.
*
@@ -492,9 +618,10 @@ function wpvulnerability_permission_check( WP_REST_Request $request ) {
}
/**
- * Register REST API routes.
+ * Registers REST API routes for WPVulnerability.
*
- * This function sets up the REST API routes for WPVulnerability.
+ * This function sets up the REST API routes for WPVulnerability to handle requests
+ * related to vulnerabilities in various components like core, plugins, themes, PHP, and more.
*
* @since 3.3.0
*
@@ -510,6 +637,8 @@ function wpvulnerability_register_rest_routes() {
'php',
'apache',
'nginx',
+ 'mariadb',
+ 'mysql',
);
// Loop through each endpoint and register it.
diff --git a/wpvulnerability-cli.php b/wpvulnerability-cli.php
index 9d9232c..151d120 100644
--- a/wpvulnerability-cli.php
+++ b/wpvulnerability-cli.php
@@ -868,16 +868,231 @@ function wpvulnerability_cli_nginx( $args, $format ) {
}
/**
- * Switches the command to show the list of vulnerabilities detected in the site.
+ * Handles the MariaDB section in the WP-CLI command.
*
- * This function acts as a dispatcher that selects and executes the appropriate
- * function based on the provided subcommand. It supports different output formats
- * such as table and JSON.
+ * This function manages the output of MariaDB vulnerabilities in the WP-CLI command.
+ * It validates the output format (either 'table' or 'json'), retrieves MariaDB vulnerabilities,
+ * and displays the information in the specified format.
+ *
+ * @since 3.4.0
+ *
+ * @param array $args Arguments passed to the command.
+ * @param string $format The format for the output, either 'table' or 'json'.
+ *
+ * @return void
+ */
+ function wpvulnerability_cli_mariadb( $args, $format ) {
+
+ // Validate the format.
+ switch ( $format ) {
+ case 'table':
+ case 'json':
+ break;
+ default:
+ WP_CLI::error( "'$format' is not a valid format.\nAvailable formats: table, json" );
+ break;
+ }
+
+ $mariadb_vulnerabilities = array();
+ if ( wpvulnerability_analyze_filter( 'mariadb' ) ) {
+ // Get MariaDB vulnerabilities.
+ $mariadb_vulnerabilities = wpvulnerability_mariadb_get_vulnerabilities();
+ }
+
+ $mariadb_complete = array();
+ $vulnerabilities = array();
+
+ if ( isset( $mariadb_vulnerabilities['vulnerabilities'] ) ) {
+
+ $webserver = wpvulnerability_detect_webserver();
+
+ if ( isset( $webserver['id'] ) && 'mariadb' === $webserver['id'] && isset( $webserver['version'] ) && $webserver['version'] ) {
+
+ // Loop through each MariaDB vulnerability.
+ foreach ( $mariadb_vulnerabilities['vulnerabilities'] as $mariadb ) {
+
+ $mariadb_complete_temp = array();
+
+ $mariadb_complete_temp['version'] = trim( html_entity_decode( wp_kses( (string) $mariadb['version'], 'strip' ) ) );
+ $mariadb_complete_temp['affected'] = trim( html_entity_decode( wp_kses( (string) $mariadb['versions'], 'strip' ) ) );
+ $mariadb_complete_temp['unfixed'] = (int) $mariadb['unfixed'];
+
+ // Process vulnerability sources.
+ $mariadb_complete_temp['source'] = array();
+ if ( isset( $mariadb['source'] ) && count( $mariadb['source'] ) ) {
+ foreach ( $mariadb['source'] as $vulnerability_source ) {
+ $mariadb_complete_temp['source'][] = array(
+ 'name' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['id'], 'strip' ) ) ),
+ 'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['description'], 'strip' ) ) ),
+ 'link' => esc_url_raw( (string) $vulnerability_source['link'], 'strip' ),
+ );
+ }
+ }
+
+ $mariadb_complete[] = $mariadb_complete_temp;
+ unset( $mariadb_complete_temp, $mariadb );
+
+ }
+ }
+ }
+
+ // Format output based on the selected format.
+ if ( 'table' === $format ) {
+
+ foreach ( $mariadb_complete as $n_vuln ) {
+ $v_version = $n_vuln['version'];
+ $v_affected = $n_vuln['affected'];
+
+ // Determine if the vulnerability is fixed.
+ $v_fixed = $n_vuln['unfixed'] ? 'no' : 'yes';
+
+ // Compile source descriptions.
+ $v_description_array = array();
+ foreach ( $n_vuln['source'] as $n_source ) {
+ $v_description_array[] = $n_source['name'] . ': ' . $n_source['description'];
+ }
+ $v_description = trim( implode( ' + ', $v_description_array ) );
+
+ // Add to vulnerabilities array for table output.
+ $vulnerabilities[] = array(
+ 'version' => $v_version,
+ 'affected' => $v_affected,
+ 'fixed' => $v_fixed,
+ 'description' => $v_description,
+ );
+ }
+
+ // Format and output the vulnerabilities in a table.
+ WP_CLI\Utils\format_items(
+ 'table',
+ $vulnerabilities,
+ array( 'version', 'affected', 'fixed', 'description' )
+ );
+
+ } elseif ( 'json' === $format ) {
+ // Format and output the vulnerabilities in JSON.
+ echo wp_json_encode( $mariadb_complete );
+ }
+ }
+
+ /**
+ * Handles the MySQL section in the WP-CLI command.
+ *
+ * This function manages the output of MySQL vulnerabilities in the WP-CLI command.
+ * It validates the output format (either 'table' or 'json'), retrieves MySQL vulnerabilities,
+ * and displays the information in the specified format.
+ *
+ * @since 3.4.0
+ *
+ * @param array $args Arguments passed to the command.
+ * @param string $format The format for the output, either 'table' or 'json'.
+ *
+ * @return void
+ */
+ function wpvulnerability_cli_mysql( $args, $format ) {
+
+ // Validate the format.
+ switch ( $format ) {
+ case 'table':
+ case 'json':
+ break;
+ default:
+ WP_CLI::error( "'$format' is not a valid format.\nAvailable formats: table, json" );
+ break;
+ }
+
+ $mysql_vulnerabilities = array();
+ if ( wpvulnerability_analyze_filter( 'mysql' ) ) {
+ // Get MySQL vulnerabilities.
+ $mysql_vulnerabilities = wpvulnerability_mysql_get_vulnerabilities();
+ }
+
+ $mysql_complete = array();
+ $vulnerabilities = array();
+
+ if ( isset( $mysql_vulnerabilities['vulnerabilities'] ) ) {
+
+ $webserver = wpvulnerability_detect_webserver();
+
+ if ( isset( $webserver['id'] ) && 'mysql' === $webserver['id'] && isset( $webserver['version'] ) && $webserver['version'] ) {
+
+ // Loop through each MySQL vulnerability.
+ foreach ( $mysql_vulnerabilities['vulnerabilities'] as $mysql ) {
+
+ $mysql_complete_temp = array();
+
+ $mysql_complete_temp['version'] = trim( html_entity_decode( wp_kses( (string) $mysql['version'], 'strip' ) ) );
+ $mysql_complete_temp['affected'] = trim( html_entity_decode( wp_kses( (string) $mysql['versions'], 'strip' ) ) );
+ $mysql_complete_temp['unfixed'] = (int) $mysql['unfixed'];
+
+ // Process vulnerability sources.
+ $mysql_complete_temp['source'] = array();
+ if ( isset( $mysql['source'] ) && count( $mysql['source'] ) ) {
+ foreach ( $mysql['source'] as $vulnerability_source ) {
+ $mysql_complete_temp['source'][] = array(
+ 'name' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['id'], 'strip' ) ) ),
+ 'description' => trim( html_entity_decode( wp_kses( (string) $vulnerability_source['description'], 'strip' ) ) ),
+ 'link' => esc_url_raw( (string) $vulnerability_source['link'], 'strip' ),
+ );
+ }
+ }
+
+ $mysql_complete[] = $mysql_complete_temp;
+ unset( $mysql_complete_temp, $mysql );
+
+ }
+ }
+ }
+
+ // Format output based on the selected format.
+ if ( 'table' === $format ) {
+
+ foreach ( $mysql_complete as $n_vuln ) {
+ $v_version = $n_vuln['version'];
+ $v_affected = $n_vuln['affected'];
+
+ // Determine if the vulnerability is fixed.
+ $v_fixed = $n_vuln['unfixed'] ? 'no' : 'yes';
+
+ // Compile source descriptions.
+ $v_description_array = array();
+ foreach ( $n_vuln['source'] as $n_source ) {
+ $v_description_array[] = $n_source['name'] . ': ' . $n_source['description'];
+ }
+ $v_description = trim( implode( ' + ', $v_description_array ) );
+
+ // Add to vulnerabilities array for table output.
+ $vulnerabilities[] = array(
+ 'version' => $v_version,
+ 'affected' => $v_affected,
+ 'fixed' => $v_fixed,
+ 'description' => $v_description,
+ );
+ }
+
+ // Format and output the vulnerabilities in a table.
+ WP_CLI\Utils\format_items(
+ 'table',
+ $vulnerabilities,
+ array( 'version', 'affected', 'fixed', 'description' )
+ );
+
+ } elseif ( 'json' === $format ) {
+ // Format and output the vulnerabilities in JSON.
+ echo wp_json_encode( $mysql_complete );
+ }
+ }
+
+ /**
+ * Dispatches the WPVulnerability CLI command to show the list of detected vulnerabilities on the site.
+ *
+ * This function selects and executes the appropriate function based on the provided subcommand.
+ * It supports different output formats, such as 'table' and 'json', to display the vulnerabilities.
*
* @since 2.0.0
*
- * @param array $args The subcommand to execute.
- * Accepted values: 'core', 'plugins', 'themes', 'php', 'apache', 'nginx'.
+ * @param array $args The subcommand to execute.
+ * Accepted values: 'core', 'plugins', 'themes', 'php', 'apache', 'nginx', 'mariadb', 'mysql'.
* @param array $assoc_args Associative arguments passed from the command line.
* 'format' (optional) - The format for the output. Defaults to 'table'.
* Accepted values: 'table', 'json'.
@@ -889,7 +1104,7 @@ function wpvulnerability_cli_command( $args, $assoc_args ) {
$subcommand = $args[0];
$format = isset( $assoc_args['format'] ) ? $assoc_args['format'] : 'table';
- // Selects the correct function to execute based on the subcommand.
+ // Select the correct function to execute based on the subcommand.
switch ( $subcommand ) {
case 'core':
wpvulnerability_cli_core( $args, $format );
@@ -909,21 +1124,32 @@ function wpvulnerability_cli_command( $args, $assoc_args ) {
case 'nginx':
wpvulnerability_cli_nginx( $args, $format );
break;
+ case 'mariadb':
+ wpvulnerability_cli_mariadb( $args, $format );
+ break;
+ case 'mysql':
+ wpvulnerability_cli_mysql( $args, $format );
+ break;
default:
- // Displays an error message for an invalid subcommand.
- WP_CLI::error( "'$subcommand' is not a registered subcommand of 'wpvulnerability'.\nAvailable subcommands: core, plugins, themes, php, apache, nginx" );
+ // Display an error message for an invalid subcommand.
+ WP_CLI::error( "'$subcommand' is not a valid subcommand of 'wpvulnerability'.\nAvailable subcommands: core, plugins, themes, php, apache, nginx, mariadb, mysql" );
break;
}
}
/**
- * Adds a WP-CLI command to show the list of vulnerabilities detected in your site.
+ * Registers a WP-CLI command to show the list of vulnerabilities detected on your site.
*
- * EXAMPLES
+ * EXAMPLES:
*
* - wp wpvulnerability core
* - wp wpvulnerability plugins
* - wp wpvulnerability themes
+ * - wp wpvulnerability php
+ * - wp wpvulnerability apache
+ * - wp wpvulnerability nginx
+ * - wp wpvulnerability mariadb
+ * - wp wpvulnerability mysql
*
* @param object $args Arguments passed from the command line.
*
@@ -933,24 +1159,24 @@ function wpvulnerability_cli_command( $args, $assoc_args ) {
'wpvulnerability',
'wpvulnerability_cli_command',
array(
- 'shortdesc' => 'Show the list of vulnerabilities detected in your site.',
+ 'shortdesc' => 'Show the list of vulnerabilities detected on your site.',
'synopsis' => array(
array(
'type' => 'positional',
'name' => 'subcommand',
- 'description' => 'subcommand [core|plugins|themes|php|apache|nginx].',
+ 'description' => 'Type of vulnerability [ core | plugins | themes | php | apache | nginx | mariadb | mysql ].',
'optional' => false,
),
array(
'type' => 'assoc',
'name' => 'format',
- 'description' => 'Format for the output [table|json].',
+ 'description' => 'Format for the output [ table | json ].',
'optional' => true,
'default' => 'table',
),
),
'when' => 'after_wp_load',
- 'longdesc' => "EXAMPLES:\n\n - wp wpvulnerability core\n - wp wpvulnerability plugins\n - wp wpvulnerability themes\n - wp wpvulnerability php\n - wp wpvulnerability apache\n - wp wpvulnerability nginx",
+ 'longdesc' => "EXAMPLES:\n\n - wp wpvulnerability core\n - wp wpvulnerability plugins\n - wp wpvulnerability themes\n - wp wpvulnerability php\n - wp wpvulnerability apache\n - wp wpvulnerability nginx\n - wp wpvulnerability mariadb\n - wp wpvulnerability mysql",
)
);
diff --git a/wpvulnerability-general.php b/wpvulnerability-general.php
index 0397f38..3e35c3e 100644
--- a/wpvulnerability-general.php
+++ b/wpvulnerability-general.php
@@ -34,6 +34,34 @@ function wpvulnerability_capabilities() {
return false;
}
+/**
+ * Checks if the `shell_exec` function can be used.
+ *
+ * This function verifies if the `shell_exec` function is not disabled in the server's
+ * configuration and is able to execute a basic shell command. It also checks for
+ * safe mode, which is relevant for older PHP versions before 5.4.
+ *
+ * @since 3.4.0
+ *
+ * @return bool True if `shell_exec` is available and working, false otherwise.
+ */
+function wpvulnerability_can_shell_exec() {
+ // Check if `shell_exec` is disabled.
+ if ( in_array( 'shell_exec', array_map( 'trim', explode( ',', ini_get( 'disable_functions' ) ) ), true ) ) {
+ return false;
+ }
+
+ // Try to execute a simple command to confirm functionality.
+ $test = @shell_exec( 'echo test' ); // phpcs:ignore
+
+ // If the command execution failed or returned null, shell_exec is not working.
+ if ( null === $test ) {
+ return false;
+ }
+
+ return true;
+}
+
/**
* Sanitize a version string.
*
@@ -199,6 +227,31 @@ function wpvulnerability_detect_webserver() {
}
}
+ // If the version is not detected, try to get it from the OS.
+ if ( empty( $webserver['version'] ) && wpvulnerability_can_shell_exec() ) {
+ if ( 'apache' === $webserver['id'] ) {
+ $apache_version = shell_exec( 'apache2 -v 2>&1' ); // phpcs:ignore
+ if ( empty( $apache_version ) ) {
+ $apache_version = shell_exec( 'httpd -v 2>&1' ); // phpcs:ignore
+ }
+ if ( preg_match( '/Apache\/([\d.]+)/', $apache_version, $version_matches ) ) {
+ $webserver['version'] = $version_matches[1];
+ }
+ } elseif ( 'nginx' === $webserver['id'] ) {
+ // Try to get Nginx version from the OS.
+ $nginx_version = shell_exec( 'nginx -v 2>&1' ); // phpcs:ignore
+ if ( preg_match( '/nginx\/([\d.]+)/', $nginx_version, $version_matches ) ) {
+ $webserver['version'] = $version_matches[1];
+ }
+ if ( empty( $nginx_version ) ) {
+ $angie_version = shell_exec( 'angie -v 2>&1' ); // phpcs:ignore
+ if ( preg_match( '/angie\/([\d.]+)/', $angie_version, $version_matches ) ) {
+ $webserver['version'] = $version_matches[1];
+ }
+ }
+ }
+ }
+
// Sanitize and validate the web server version format.
if ( isset( $webserver['version'] ) && $webserver['version'] ) {
// Sanitize the version number to ensure it's in a 'major.minor.patch' format.
@@ -216,6 +269,153 @@ function wpvulnerability_detect_webserver() {
return $webserver;
}
+/**
+ * Sanitize a MariaDB version string to ensure it follows the standard format.
+ *
+ * This function checks the input version string against a regular expression
+ * to match the standard MariaDB versioning format (major.minor[.patch]).
+ * It returns the matched version if it conforms to the expected format;
+ * otherwise, it returns the original input version.
+ *
+ * @since 3.4.0
+ *
+ * @param string $version The MariaDB version string to sanitize.
+ * @return string The sanitized version string if it matches the standard format; otherwise, the original version string.
+ */
+function wpvulnerability_sanitize_version_mariadb( $version ) {
+
+ // Sanitize the version string using the base sanitizer.
+ $version = wpvulnerability_sanitize_version( $version );
+
+ // Validate and extract the version format (major.minor[.patch]).
+ if ( preg_match( '/^\d+\.\d+(\.\d+)?/', $version, $match ) ) {
+ if ( isset( $match[0] ) ) {
+ return trim( $match[0] );
+ }
+ }
+
+ return $version;
+}
+
+/**
+ * Sanitize a MySQL version string to ensure it follows the standard format.
+ *
+ * This function checks the input version string against a regular expression
+ * to match the standard MySQL versioning format (major.minor[.patch]).
+ * It returns the matched version if it conforms to the expected format;
+ * otherwise, it returns the original input version.
+ *
+ * @since 3.4.0
+ *
+ * @param string $version The MySQL version string to sanitize.
+ * @return string The sanitized version string if it matches the standard format; otherwise, the original version string.
+ */
+function wpvulnerability_sanitize_version_mysql( $version ) {
+
+ // Sanitize the version string using the base sanitizer.
+ $version = wpvulnerability_sanitize_version( $version );
+
+ // Validate and extract the version format (major.minor[.patch]).
+ if ( preg_match( '/^\d+\.\d+(\.\d+)?/', $version, $match ) ) {
+ if ( isset( $match[0] ) ) {
+ return trim( $match[0] );
+ }
+ }
+
+ return $version;
+}
+
+/**
+ * Detect the SQL server software and version from the database server.
+ *
+ * This function identifies the SQL server software (e.g., MariaDB, MySQL) and its version
+ * by querying the database using the 'SHOW VARIABLES' command. It parses the server name
+ * and version using the results and sanitizes the detected version number to a standard format (major.minor.patch).
+ *
+ * @since 3.4.0
+ *
+ * @return array Returns an associative array with three keys:
+ * 'id' => A short, lowercase identifier for the SQL server (e.g., 'mariadb', 'mysql'),
+ * 'name' => A more readable name for the SQL server (e.g., 'MariaDB', 'MySQL'),
+ * 'version' => The detected version of the SQL server, sanitized to a standard format.
+ */
+function wpvulnerability_detect_sqlserver() {
+ // Initialize an array to hold the SQL server information.
+ $sqlserver = array(
+ 'id' => null,
+ 'name' => null,
+ 'version' => null,
+ );
+
+ $possible_version = null;
+ $possible_database = null;
+
+ global $wpdb;
+
+ // Query to get the database server type (version_comment).
+ // IGNORE REASON: this is not a usual query to WordPress but to the system.
+ $results = $wpdb->get_results( $wpdb->prepare( 'SHOW VARIABLES LIKE %s', 'version_comment' ) ); // phpcs:ignore
+
+ if ( $wpdb->last_error ) {
+ if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
+ do_action( 'wpdb_last_error', $wpdb->last_error );
+ }
+ }
+
+ // Process the results to determine the database type.
+ if ( ! empty( $results ) && isset( $results[0]->Value ) ) {
+ $possible_database = trim( $results[0]->Value );
+ }
+
+ // Query to get the database server version.
+ // IGNORE REASON: this is not a usual query to WordPress but to the system.
+ $results = $wpdb->get_results( $wpdb->prepare( 'SHOW VARIABLES LIKE %s', 'version' ) ); // phpcs:ignore
+
+ if ( $wpdb->last_error ) {
+ if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
+ do_action( 'wpdb_last_error', $wpdb->last_error );
+ }
+ }
+
+ // Process the results to determine the database version.
+ if ( ! empty( $results ) && isset( $results[0]->Value ) ) {
+ $possible_version = trim( $results[0]->Value );
+ }
+
+ // Determine the database type and set the appropriate values in the array.
+ if ( isset( $possible_database ) && $possible_database ) {
+
+ if ( false !== stripos( $possible_database, 'mariadb' ) ) {
+
+ $sqlserver['id'] = 'mariadb';
+ $sqlserver['name'] = 'MariaDB';
+
+ } elseif ( false !== stripos( $possible_database, 'mysql' ) ) {
+
+ $sqlserver['id'] = 'mysql';
+ $sqlserver['name'] = 'MySQL';
+
+ }
+ }
+
+ // Sanitize and set the version if it was detected.
+ if ( isset( $possible_version ) && $possible_version && $sqlserver['id'] ) {
+
+ if ( 'mariadb' === $sqlserver['id'] ) {
+
+ $sqlserver['version'] = wpvulnerability_sanitize_version_mariadb( $possible_version );
+
+ } elseif ( 'mysql' === $sqlserver['id'] ) {
+
+ $sqlserver['version'] = wpvulnerability_sanitize_version_mysql( $possible_version );
+
+ }
+ }
+
+ // Return the detected SQL server information.
+ return $sqlserver;
+}
+
/**
* Returns a human-readable HTML entity for the given comparison operator.
*
@@ -700,20 +900,59 @@ function wpvulnerability_get_statistics( $cache = 1 ) {
return false;
}
+ $sponsors = array();
+ if ( isset( $response['behindtheproject']['sponsors'] ) && count( $response['behindtheproject']['sponsors'] ) ) {
+
+ foreach ( $response['behindtheproject']['sponsors'] as $s ) {
+
+ $sponsors[] = $s;
+
+ unset( $s );
+ }
+ }
+
+ $contributors = array();
+ if ( isset( $response['behindtheproject']['contributors'] ) && count( $response['behindtheproject']['contributors'] ) ) {
+
+ foreach ( $response['behindtheproject']['contributors'] as $s ) {
+
+ $contributors[] = $s;
+
+ unset( $s );
+ }
+ }
+
// Return an array with statistical information.
return array(
- 'core' => array(
+ 'core' => array(
'versions' => (int) $response['stats']['products']['core'],
),
- 'plugins' => array(
+ 'plugins' => array(
'products' => (int) $response['stats']['products']['plugins'],
'vulnerabilities' => (int) $response['stats']['plugins'],
),
- 'themes' => array(
+ 'themes' => array(
'products' => (int) $response['stats']['products']['themes'],
'vulnerabilities' => (int) $response['stats']['themes'],
),
- 'updated' => array(
+ 'php' => array(
+ 'vulnerabilities' => (int) $response['stats']['php'],
+ ),
+ 'apache' => array(
+ 'vulnerabilities' => (int) $response['stats']['apache'],
+ ),
+ 'nginx' => array(
+ 'vulnerabilities' => (int) $response['stats']['nginx'],
+ ),
+ 'mariadb' => array(
+ 'vulnerabilities' => (int) $response['stats']['mariadb'],
+ ),
+ 'mysql' => array(
+ 'vulnerabilities' => (int) $response['stats']['mysql'],
+ ),
+ 'sponsors' => $sponsors,
+ 'contributors' => $contributors,
+ 'updated' => array(
'unixepoch' => (int) $response['updated'],
'datetime' => gmdate( 'Y-m-d H:i:s', (int) $response['updated'] ),
'iso8601' => gmdate( 'c', (int) $response['updated'] ),
@@ -722,6 +961,51 @@ function wpvulnerability_get_statistics( $cache = 1 ) {
);
}
+/**
+ * Retrieves the latest vulnerability statistics.
+ *
+ * This function calls the wpvulnerability API to get fresh statistics related to vulnerabilities
+ * and returns the updated information.
+ *
+ * @since 3.4.0
+ *
+ * @return array The updated vulnerability statistics.
+ */
+function wpvulnerability_get_fresh_statistics() {
+
+ $statistics_api_response = wpvulnerability_get_statistics();
+
+ return $statistics_api_response;
+}
+
+/**
+ * Retrieves and caches the latest vulnerability statistics.
+ *
+ * This function retrieves the most recent vulnerability statistics, caches the data,
+ * and returns the information as a JSON-encoded array. The cache expiration timestamp is also updated.
+ *
+ * @since 3.4.0
+ *
+ * @return string JSON-encoded array containing the vulnerability statistics.
+ */
+function wpvulnerability_statistics_get() {
+
+ // Retrieve fresh statistics.
+ $statistics = wpvulnerability_get_fresh_statistics();
+
+ // Cache the statistics data and the timestamp for cache expiration.
+ if ( is_multisite() ) {
+ update_site_option( 'wpvulnerability-statistics', wp_json_encode( $statistics ) );
+ update_site_option( 'wpvulnerability-statistics-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
+ } else {
+ update_option( 'wpvulnerability-statistics', wp_json_encode( $statistics ) );
+ update_option( 'wpvulnerability-statistics-cache', wp_json_encode( number_format( time() + ( 3600 * WPVULNERABILITY_CACHE_HOURS ), 0, '.', '' ) ) );
+ }
+
+ // Return the JSON-encoded array of statistics data.
+ return wp_json_encode( $statistics );
+}
+
/**
* Get vulnerabilities for a specific PHP version.
*
@@ -1051,3 +1335,223 @@ function wpvulnerability_get_nginx( $version, $cache = 1 ) {
return $vulnerability;
}
+
+/**
+ * Retrieve vulnerabilities for a specific MariaDB version.
+ *
+ * This function fetches vulnerability data for a specified MariaDB version.
+ * It supports caching to minimize API requests and improve performance.
+ *
+ * @since 3.4.0
+ *
+ * @param string $version The MariaDB version to check for vulnerabilities.
+ * @param int $cache Optional. Whether to use cache. Default is 1 (true).
+ *
+ * @return array|false Returns an array of vulnerabilities, or false if none are found.
+ */
+function wpvulnerability_get_mariadb( $version, $cache = 1 ) {
+
+ $key = 'wpvulnerability_mariadb';
+ $vulnerability_data = null;
+ $vulnerability = array();
+
+ // Retrieve cached vulnerability data if available.
+ if ( $cache ) {
+ if ( is_multisite() ) {
+ $vulnerability_data = get_site_transient( $key );
+ } else {
+ $vulnerability_data = get_transient( $key );
+ }
+ }
+
+ // If cached data is not available, fetch it from the API and cache it.
+ if ( empty( $vulnerability_data ) ) {
+
+ $url = WPVULNERABILITY_API_HOST . 'mariadb/' . $version . '/';
+ $response = wp_remote_get( $url, array( 'timeout' => 2500 ) );
+
+ if ( ! is_wp_error( $response ) ) {
+
+ $body = wp_remote_retrieve_body( $response );
+ if ( is_multisite() ) {
+ set_site_transient( $key, $body, HOUR_IN_SECONDS * WPVULNERABILITY_CACHE_HOURS );
+ $vulnerability_data = get_site_transient( $key );
+ } else {
+ set_transient( $key, $body, HOUR_IN_SECONDS * WPVULNERABILITY_CACHE_HOURS );
+ $vulnerability_data = get_transient( $key );
+ }
+ }
+ }
+
+ // If the API response does not contain vulnerabilities, return false.
+ $response = json_decode( $vulnerability_data, true );
+
+ if ( ( isset( $response['error'] ) && $response['error'] ) || empty( $response['data']['vulnerability'] ) ) {
+ return false;
+ }
+
+ // Process and compile the list of vulnerabilities.
+ foreach ( $response['data']['vulnerability'] as $v ) {
+
+ // Check if the version falls within the specified min and max operator range.
+ if ( isset( $v['operator']['min_operator'] ) && $v['operator']['min_operator'] && isset( $v['operator']['max_operator'] ) && $v['operator']['max_operator'] ) {
+
+ if ( version_compare( $version, $v['operator']['min_version'], $v['operator']['min_operator'] ) && version_compare( $version, $v['operator']['max_version'], $v['operator']['max_operator'] ) ) {
+
+ // Add the vulnerability to the list.
+ $vulnerability[] = array(
+ 'name' => wp_kses( (string) $v['name'], 'strip' ),
+ 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_operator'] ) . $v['operator']['min_version'] . ' - ' . wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ),
+ 'version' => wp_kses( (string) $v['operator']['min_version'], 'strip' ),
+ 'unfixed' => (int) $v['operator']['unfixed'],
+ 'source' => $v['source'],
+ );
+
+ }
+
+ // Check if the version is below the max operator.
+ } elseif ( isset( $v['operator']['max_operator'] ) && $v['operator']['max_operator'] ) {
+
+ if ( version_compare( $version, $v['operator']['max_version'], $v['operator']['max_operator'] ) ) {
+
+ // Add the vulnerability to the list.
+ $vulnerability[] = array(
+ 'name' => wp_kses( (string) $v['name'], 'strip' ),
+ 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ),
+ 'version' => wp_kses( (string) $v['operator']['max_version'], 'strip' ),
+ 'unfixed' => (int) $v['operator']['unfixed'],
+ 'source' => $v['source'],
+ );
+
+ }
+
+ // Check if the version is above the min operator.
+ } elseif ( isset( $v['operator']['min_operator'] ) && $v['operator']['min_operator'] ) {
+
+ if ( version_compare( $version, $v['operator']['min_version'], $v['operator']['min_operator'] ) ) {
+
+ // Add the vulnerability to the list.
+ $vulnerability[] = array(
+ 'name' => wp_kses( (string) $v['name'], 'strip' ),
+ 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_operator'] ) . $v['operator']['min_version'], 'strip' ),
+ 'version' => wp_kses( (string) $v['operator']['min_version'], 'strip' ),
+ 'unfixed' => (int) $v['operator']['unfixed'],
+ 'source' => $v['source'],
+ );
+
+ }
+ }
+ }
+
+ return $vulnerability;
+}
+
+/**
+ * Retrieve vulnerabilities for a specific MySQL version.
+ *
+ * This function fetches vulnerability data for a specified MySQL version.
+ * It supports caching to minimize API requests and improve performance.
+ *
+ * @since 3.4.0
+ *
+ * @param string $version The MySQL version to check for vulnerabilities.
+ * @param int $cache Optional. Whether to use cache. Default is 1 (true).
+ *
+ * @return array|false Returns an array of vulnerabilities, or false if none are found.
+ */
+function wpvulnerability_get_mysql( $version, $cache = 1 ) {
+
+ $key = 'wpvulnerability_mysql';
+ $vulnerability_data = null;
+ $vulnerability = array();
+
+ // Retrieve cached vulnerability data if available.
+ if ( $cache ) {
+ if ( is_multisite() ) {
+ $vulnerability_data = get_site_transient( $key );
+ } else {
+ $vulnerability_data = get_transient( $key );
+ }
+ }
+
+ // If cached data is not available, fetch it from the API and cache it.
+ if ( empty( $vulnerability_data ) ) {
+
+ $url = WPVULNERABILITY_API_HOST . 'mysql/' . $version . '/';
+ $response = wp_remote_get( $url, array( 'timeout' => 2500 ) );
+
+ if ( ! is_wp_error( $response ) ) {
+
+ $body = wp_remote_retrieve_body( $response );
+ if ( is_multisite() ) {
+ set_site_transient( $key, $body, HOUR_IN_SECONDS * WPVULNERABILITY_CACHE_HOURS );
+ $vulnerability_data = get_site_transient( $key );
+ } else {
+ set_transient( $key, $body, HOUR_IN_SECONDS * WPVULNERABILITY_CACHE_HOURS );
+ $vulnerability_data = get_transient( $key );
+ }
+ }
+ }
+
+ // If the API response does not contain vulnerabilities, return false.
+ $response = json_decode( $vulnerability_data, true );
+
+ if ( ( isset( $response['error'] ) && $response['error'] ) || empty( $response['data']['vulnerability'] ) ) {
+ return false;
+ }
+
+ // Process and compile the list of vulnerabilities.
+ foreach ( $response['data']['vulnerability'] as $v ) {
+
+ // Check if the version falls within the specified min and max operator range.
+ if ( isset( $v['operator']['min_operator'] ) && $v['operator']['min_operator'] && isset( $v['operator']['max_operator'] ) && $v['operator']['max_operator'] ) {
+
+ if ( version_compare( $version, $v['operator']['min_version'], $v['operator']['min_operator'] ) && version_compare( $version, $v['operator']['max_version'], $v['operator']['max_operator'] ) ) {
+
+ // Add the vulnerability to the list.
+ $vulnerability[] = array(
+ 'name' => wp_kses( (string) $v['name'], 'strip' ),
+ 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_operator'] ) . $v['operator']['min_version'] . ' - ' . wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ),
+ 'version' => wp_kses( (string) $v['operator']['min_version'], 'strip' ),
+ 'unfixed' => (int) $v['operator']['unfixed'],
+ 'source' => $v['source'],
+ );
+
+ }
+
+ // Check if the version is below the max operator.
+ } elseif ( isset( $v['operator']['max_operator'] ) && $v['operator']['max_operator'] ) {
+
+ if ( version_compare( $version, $v['operator']['max_version'], $v['operator']['max_operator'] ) ) {
+
+ // Add the vulnerability to the list.
+ $vulnerability[] = array(
+ 'name' => wp_kses( (string) $v['name'], 'strip' ),
+ 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ),
+ 'version' => wp_kses( (string) $v['operator']['max_version'], 'strip' ),
+ 'unfixed' => (int) $v['operator']['unfixed'],
+ 'source' => $v['source'],
+ );
+
+ }
+
+ // Check if the version is above the min operator.
+ } elseif ( isset( $v['operator']['min_operator'] ) && $v['operator']['min_operator'] ) {
+
+ if ( version_compare( $version, $v['operator']['min_version'], $v['operator']['min_operator'] ) ) {
+
+ // Add the vulnerability to the list.
+ $vulnerability[] = array(
+ 'name' => wp_kses( (string) $v['name'], 'strip' ),
+ 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_operator'] ) . $v['operator']['min_version'], 'strip' ),
+ 'version' => wp_kses( (string) $v['operator']['min_version'], 'strip' ),
+ 'unfixed' => (int) $v['operator']['unfixed'],
+ 'source' => $v['source'],
+ );
+
+ }
+ }
+ }
+
+ return $vulnerability;
+}
diff --git a/wpvulnerability-mariadb.php b/wpvulnerability-mariadb.php
new file mode 100644
index 0000000..bc7d539
--- /dev/null
+++ b/wpvulnerability-mariadb.php
@@ -0,0 +1,148 @@
+' . esc_html__( 'There are no vulnerabilities', 'wpvulnerability' ) . '';
- $email_content .= '' . esc_html__( 'This is probably a test. The site probably does not have vulnerabilities.', 'wpvulnerability' ) . '
';
- }
+ // If forced email sending is not enabled and no vulnerabilities were found, exit the function.
+ if ( ! $forced && empty( $html_core ) && empty( $html_plugins ) && empty( $html_themes ) && empty( $html_php ) && empty( $html_apache ) && empty( $html_nginx ) && empty( $html_mariadb ) && empty( $html_mysql ) ) {
+ return false;
+ } elseif ( $forced && empty( $html_core ) && empty( $html_plugins ) && empty( $html_themes ) && empty( $html_php ) && empty( $html_apache ) && empty( $html_nginx ) && empty( $html_mariadb ) && empty( $html_mysql ) ) {
+ $email_content .= '' . esc_html__( 'No vulnerabilities found', 'wpvulnerability' ) . ' ';
+ $email_content .= '' . esc_html__( 'This is likely a test. The site does not have vulnerabilities.', 'wpvulnerability' ) . '
';
}
- // Add core vulnerabilities HTML to email content.
+ // Append core vulnerabilities HTML to the email content.
if ( ! empty( $html_core ) ) {
$email_content .= '' . esc_html__( 'Core vulnerabilities', 'wpvulnerability' ) . ' ';
$email_content .= $html_core;
}
- // Add plugins vulnerabilities HTML to email content.
- if ( $html_plugins ) {
+ // Append plugins vulnerabilities HTML to the email content.
+ if ( ! empty( $html_plugins ) ) {
$email_content .= '' . esc_html__( 'Plugins vulnerabilities', 'wpvulnerability' ) . ' ';
$email_content .= $html_plugins;
}
- // Add themes vulnerabilities HTML to email content.
- if ( $html_themes ) {
+ // Append themes vulnerabilities HTML to the email content.
+ if ( ! empty( $html_themes ) ) {
$email_content .= '' . esc_html__( 'Themes vulnerabilities', 'wpvulnerability' ) . ' ';
$email_content .= $html_themes;
}
- // Add PHP vulnerabilities HTML to email content.
- if ( $html_php ) {
+ // Append PHP vulnerabilities HTML to the email content.
+ if ( ! empty( $html_php ) ) {
$email_content .= '' . esc_html__( 'PHP vulnerabilities', 'wpvulnerability' ) . ' ';
$email_content .= $html_php;
}
- // Add Apache vulnerabilities HTML to email content.
- if ( $html_apache ) {
+ // Append Apache vulnerabilities HTML to the email content.
+ if ( ! empty( $html_apache ) ) {
$email_content .= '' . esc_html__( 'Apache HTTPD vulnerabilities', 'wpvulnerability' ) . ' ';
$email_content .= $html_apache;
}
- // Add nginx vulnerabilities HTML to email content.
- if ( $html_nginx ) {
+ // Append nginx vulnerabilities HTML to the email content.
+ if ( ! empty( $html_nginx ) ) {
$email_content .= '' . esc_html__( 'nginx vulnerabilities', 'wpvulnerability' ) . ' ';
$email_content .= $html_nginx;
}
- // Get the site name.
- if ( is_multisite() ) {
- $admin_site = get_site_option( 'network_name_option' );
- } else {
- $admin_site = get_bloginfo( 'name' );
+ // Append MariaDB vulnerabilities HTML to the email content.
+ if ( ! empty( $html_mariadb ) ) {
+ $email_content .= '' . esc_html__( 'MariaDB vulnerabilities', 'wpvulnerability' ) . ' ';
+ $email_content .= $html_mariadb;
}
- // Get the admin email.
- if ( is_multisite() ) {
- $admin_email = get_site_option( 'admin_email' );
- } else {
- $admin_email = get_bloginfo( 'admin_email' );
+ // Append MySQL vulnerabilities HTML to the email content.
+ if ( ! empty( $html_mysql ) ) {
+ $email_content .= '' . esc_html__( 'MySQL vulnerabilities', 'wpvulnerability' ) . ' ';
+ $email_content .= $html_mysql;
}
- $from_email = $admin_email;
- // Check if WPVULNERABILITY_MAIL is defined and valid.
+ // Get the site name.
+ $admin_site = is_multisite() ? get_site_option( 'network_name_option' ) : get_bloginfo( 'name' );
+
+ // Get the admin email.
+ $admin_email = is_multisite() ? get_site_option( 'admin_email' ) : get_bloginfo( 'admin_email' );
+ $from_email = $admin_email;
+
+ // Check if WPVULNERABILITY_MAIL is defined and valid, and use it if available.
if ( defined( 'WPVULNERABILITY_MAIL' ) ) {
$wpvulnerability_sender_email = sanitize_email( trim( WPVULNERABILITY_MAIL ) );
if ( is_email( $wpvulnerability_sender_email ) ) {
@@ -338,7 +345,7 @@ function wpvulnerability_execute_notification( $forced = false ) {
$email_headers[] = 'From: WPVulnerability <' . $from_email . '>';
$email_headers[] = 'Content-Type: text/html; charset=UTF-8';
- // Send email.
+ // Send the email.
$wpmail = wp_mail( $wpvulnerability_settings['emails'], $email_subject, $email_prepared, $email_headers );
return $wpmail;
diff --git a/wpvulnerability-process.php b/wpvulnerability-process.php
index 778239e..ffbfc8a 100644
--- a/wpvulnerability-process.php
+++ b/wpvulnerability-process.php
@@ -14,7 +14,7 @@
*
* @version 2.0.0
*
- * @param string $type Type: core, plugin, theme, php, apache, nginx.
+ * @param string $type Type: core, plugin, theme, php, apache, nginx, mariadb, mysql.
* @param array $vulnerabilities Vulnerability data.
*
* @return string The HTML representation of vulnerabilities.
@@ -23,7 +23,7 @@ function wpvulnerability_html( $type, $vulnerabilities ) {
$html = '';
- if ( 'plugin' === $type || 'theme' === $type ) {
+ if ( in_array( $type, array( 'plugin', 'theme' ), true ) ) {
foreach ( $vulnerabilities as $vulnerability ) {
@@ -128,37 +128,7 @@ function wpvulnerability_html( $type, $vulnerabilities ) {
$html .= wp_kses( (string) $source, 'post' );
}
- } elseif ( 'php' === $type ) {
-
- foreach ( $vulnerabilities as $vulnerability ) {
-
- $sources = array();
- foreach ( $vulnerability['source'] as $vulnerability_source ) {
- $sources[] = '[+] ' . wp_kses( (string) $vulnerability_source['id'], 'strip' ) . '' . implode( '
';
-
- $html .= ' ' . wp_kses( (string) $vulnerability['name'], 'strip' ) . ' ';
- $html .= '
';
- $html .= wp_kses( (string) $source, 'post' );
-
- }
- } elseif ( 'apache' === $type ) {
-
- foreach ( $vulnerabilities as $vulnerability ) {
-
- $sources = array();
- foreach ( $vulnerability['source'] as $vulnerability_source ) {
- $sources[] = '[+] ' . wp_kses( (string) $vulnerability_source['id'], 'strip' ) . '' . implode( '
';
-
- $html .= ' ' . wp_kses( (string) $vulnerability['name'], 'strip' ) . ' ';
- $html .= '
';
- $html .= wp_kses( (string) $source, 'post' );
-
- }
- } elseif ( 'nginx' === $type ) {
+ } elseif ( in_array( $type, array( 'php', 'apache', 'nginx', 'mariadb', 'mysql' ), true ) ) {
foreach ( $vulnerabilities as $vulnerability ) {
@@ -344,6 +314,104 @@ function wpvulnerability_html_nginx() {
return false;
}
+/**
+ * Convert MariaDB vulnerabilities into HTML format.
+ *
+ * This function generates an HTML representation of the vulnerabilities found for the installed MariaDB version.
+ *
+ * @since 3.4.0
+ *
+ * @return string|false The HTML output if MariaDB vulnerabilities were found, false otherwise.
+ */
+function wpvulnerability_html_mariadb() {
+
+ $html = '';
+ $found = false;
+
+ // Ensure the function to get MariaDB vulnerabilities is available, load the necessary file if not.
+ if ( ! function_exists( 'wpvulnerability_mariadb_get_vulnerabilities_clean' ) ) {
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mariadb.php';
+ }
+
+ // Get the MariaDB vulnerabilities data.
+ $mariadb = wpvulnerability_mariadb_get_vulnerabilities();
+
+ // Check if MariaDB is marked as vulnerable.
+ if ( isset( $mariadb['vulnerable'] ) && 1 === $mariadb['vulnerable'] ) {
+
+ $found = true;
+
+ // Generate HTML markup for the MariaDB vulnerabilities.
+ $sqlserver = wpvulnerability_detect_sqlserver();
+ if ( isset( $sqlserver['id'] ) && 'mariadb' === $sqlserver['id'] && isset( $sqlserver['version'] ) && $sqlserver['version'] ) {
+ // Get the MariaDB version.
+ $mariadb_version = wp_kses( (string) $sqlserver['version'], 'strip' );
+
+ if ( $mariadb_version ) {
+ $html .= '' . esc_html__( 'MariaDB running', 'wpvulnerability' ) . ': ' . wp_kses( wpvulnerability_sanitize_version_mariadb( (string) $mariadb_version ), 'strip' ) . ' ';
+ $html .= wpvulnerability_html( 'mariadb', $mariadb['vulnerabilities'] );
+ }
+ }
+ }
+
+ // Return the HTML if vulnerabilities were found.
+ if ( $found ) {
+ return $html;
+ }
+
+ // Return false if no vulnerabilities were found.
+ return false;
+}
+
+/**
+ * Convert MySQL vulnerabilities into HTML format.
+ *
+ * This function generates an HTML representation of the vulnerabilities found for the installed MySQL version.
+ *
+ * @since 3.4.0
+ *
+ * @return string|false The HTML output if MySQL vulnerabilities were found, false otherwise.
+ */
+function wpvulnerability_html_mysql() {
+
+ $html = '';
+ $found = false;
+
+ // Ensure the function to get MySQL vulnerabilities is available, load the necessary file if not.
+ if ( ! function_exists( 'wpvulnerability_mysql_get_vulnerabilities_clean' ) ) {
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mysql.php';
+ }
+
+ // Get the MySQL vulnerabilities data.
+ $mysql = wpvulnerability_mysql_get_vulnerabilities();
+
+ // Check if MySQL is marked as vulnerable.
+ if ( isset( $mysql['vulnerable'] ) && 1 === $mysql['vulnerable'] ) {
+
+ $found = true;
+
+ // Generate HTML markup for the MySQL vulnerabilities.
+ $sqlserver = wpvulnerability_detect_sqlserver();
+ if ( isset( $sqlserver['id'] ) && 'mysql' === $sqlserver['id'] && isset( $sqlserver['version'] ) && $sqlserver['version'] ) {
+ // Get the MySQL version.
+ $mysql_version = wp_kses( (string) $sqlserver['version'], 'strip' );
+
+ if ( $mysql_version ) {
+ $html .= '' . esc_html__( 'MySQL running', 'wpvulnerability' ) . ': ' . wp_kses( wpvulnerability_sanitize_version_mysql( (string) $mysql_version ), 'strip' ) . ' ';
+ $html .= wpvulnerability_html( 'mysql', $mysql['vulnerabilities'] );
+ }
+ }
+ }
+
+ // Return the HTML if vulnerabilities were found.
+ if ( $found ) {
+ return $html;
+ }
+
+ // Return false if no vulnerabilities were found.
+ return false;
+}
+
/**
* Convert plugin vulnerabilities into list format.
*
diff --git a/wpvulnerability-run.php b/wpvulnerability-run.php
index 5dca28b..738197b 100644
--- a/wpvulnerability-run.php
+++ b/wpvulnerability-run.php
@@ -65,9 +65,9 @@ function wpvulnerability_add_settings_link( $links ) {
}
/**
- * Updates the plugin's data.
+ * Updates the plugin's vulnerability data.
*
- * This function updates the vulnerability data for core, plugins, themes, PHP, Apache, and nginx.
+ * This function updates the vulnerability data for WordPress core, plugins, themes, PHP, Apache, nginx, MariaDB, and MySQL.
* It ensures that the required functions are available by including the necessary files.
* After updating the vulnerabilities, it flushes the WordPress cache.
*
@@ -119,14 +119,30 @@ function wpvulnerability_update_database_data() {
// Update nginx vulnerabilities.
wpvulnerability_nginx_get_vulnerabilities_clean();
+ // Ensure the MariaDB vulnerabilities function is available.
+ if ( ! function_exists( 'wpvulnerability_mariadb_get_vulnerabilities_clean' ) ) {
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mariadb.php';
+ }
+ // Update MariaDB vulnerabilities.
+ wpvulnerability_mariadb_get_vulnerabilities_clean();
+
+ // Ensure the MySQL vulnerabilities function is available.
+ if ( ! function_exists( 'wpvulnerability_mysql_get_vulnerabilities_clean' ) ) {
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mysql.php';
+ }
+ // Update MySQL vulnerabilities.
+ wpvulnerability_mysql_get_vulnerabilities_clean();
+
+ wpvulnerability_statistics_get();
+
// Clean the WordPress cache.
wp_cache_flush();
}
/**
- * Updates the plugin's data when expired.
+ * Updates the plugin's vulnerability data if the cache has expired.
*
- * This function checks if the cached vulnerability data has expired and updates it accordingly.
+ * This function checks if the cached vulnerability data for various components (core, plugins, themes, PHP, Apache, nginx, MariaDB, MySQL) has expired and updates it accordingly.
* It ensures that the required functions are available by including the necessary files.
* The function handles both multisite and single site installations.
*
@@ -160,6 +176,14 @@ function wpvulnerability_expired_database_data() {
if ( ! function_exists( 'wpvulnerability_nginx_get_vulnerabilities_clean' ) ) {
require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-nginx.php';
}
+ // Ensure the MariaDB vulnerabilities function is available.
+ if ( ! function_exists( 'wpvulnerability_mariadb_get_vulnerabilities_clean' ) ) {
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mariadb.php';
+ }
+ // Ensure the MySQL vulnerabilities function is available.
+ if ( ! function_exists( 'wpvulnerability_mysql_get_vulnerabilities_clean' ) ) {
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mysql.php';
+ }
// Current time for cache expiration comparison.
$cache_time = time();
@@ -189,7 +213,15 @@ function wpvulnerability_expired_database_data() {
if ( json_decode( get_site_option( 'wpvulnerability-nginx-cache' ) ) < $cache_time ) {
wpvulnerability_nginx_get_vulnerabilities_clean();
}
- } elseif ( ! is_multisite() ) {
+ // Check and update MariaDB vulnerabilities if cache has expired.
+ if ( json_decode( get_site_option( 'wpvulnerability-mariadb-cache' ) ) < $cache_time ) {
+ wpvulnerability_mariadb_get_vulnerabilities_clean();
+ }
+ // Check and update MySQL vulnerabilities if cache has expired.
+ if ( json_decode( get_site_option( 'wpvulnerability-mysql-cache' ) ) < $cache_time ) {
+ wpvulnerability_mysql_get_vulnerabilities_clean();
+ }
+ } else {
// Check and update core vulnerabilities if cache has expired.
if ( json_decode( get_option( 'wpvulnerability-core-cache' ) ) < $cache_time ) {
wpvulnerability_core_get_vulnerabilities_clean();
@@ -214,8 +246,18 @@ function wpvulnerability_expired_database_data() {
if ( json_decode( get_option( 'wpvulnerability-nginx-cache' ) ) < $cache_time ) {
wpvulnerability_nginx_get_vulnerabilities_clean();
}
+ // Check and update MariaDB vulnerabilities if cache has expired.
+ if ( json_decode( get_option( 'wpvulnerability-mariadb-cache' ) ) < $cache_time ) {
+ wpvulnerability_mariadb_get_vulnerabilities_clean();
+ }
+ // Check and update MySQL vulnerabilities if cache has expired.
+ if ( json_decode( get_option( 'wpvulnerability-mysql-cache' ) ) < $cache_time ) {
+ wpvulnerability_mysql_get_vulnerabilities_clean();
+ }
}
+ wpvulnerability_statistics_get();
+
unset( $cache_time );
}
@@ -278,6 +320,14 @@ function wpvulnerability_activation() {
'wpvulnerability-nginx' => '',
'wpvulnerability-nginx-cache' => 0,
'wpvulnerability-nginx-vulnerable' => 0,
+ 'wpvulnerability-mariadb' => '',
+ 'wpvulnerability-mariadb-cache' => 0,
+ 'wpvulnerability-mariadb-vulnerable' => 0,
+ 'wpvulnerability-mysql' => '',
+ 'wpvulnerability-mysql-cache' => 0,
+ 'wpvulnerability-mysql-vulnerable' => 0,
+ 'wpvulnerability-statistics' => '',
+ 'wpvulnerability-statistics-cache' => 0,
);
foreach ( $options as $key => $value ) {
@@ -290,7 +340,7 @@ function wpvulnerability_activation() {
if ( ! get_site_option( 'wpvulnerability-analyze' ) ) {
$analyze = get_option( 'wpvulnerability-analyze' );
- if ( isset( $analyze['core'] ) && isset( $analyze['plugins'] ) && isset( $analyze['themes'] ) && isset( $analyze['php'] ) && isset( $analyze['apache'] ) && isset( $analyze['nginx'] ) ) {
+ if ( isset( $analyze['core'] ) && isset( $analyze['plugins'] ) && isset( $analyze['themes'] ) && isset( $analyze['php'] ) && isset( $analyze['apache'] ) && isset( $analyze['nginx'] ) && isset( $analyze['mariadb'] ) && isset( $analyze['mysql'] ) ) {
add_site_option(
'wpvulnerability-analyze',
array(
@@ -300,24 +350,39 @@ function wpvulnerability_activation() {
'php' => $analyze['php'],
'apache' => $analyze['apache'],
'nginx' => $analyze['nginx'],
+ 'mariadb' => $analyze['mariadb'],
+ 'mysql' => $analyze['mysql'],
)
);
unset( $analyze );
} else {
- add_site_option(
- 'wpvulnerability-analyze',
- array(
- 'core' => 0,
- 'plugins' => 0,
- 'themes' => 0,
- 'php' => 0,
- 'apache' => 0,
- 'nginx' => 0,
- )
+ $default_wpvulnerability_analyze = array(
+ 'core' => 0,
+ 'plugins' => 0,
+ 'themes' => 0,
+ 'php' => 0,
+ 'apache' => 0,
+ 'nginx' => 0,
+ 'mariadb' => 0,
+ 'mysql' => 0,
);
+ $current_option = get_site_option( 'wpvulnerability-analyze' );
+ if ( false === $current_option ) {
+ add_site_option( 'wpvulnerability-analyze', $default_wpvulnerability_analyze );
+ } else {
+ $updated_option = $current_option;
+ foreach ( $default_wpvulnerability_analyze as $key => $value ) {
+ if ( ! array_key_exists( $key, $current_option ) ) {
+ $updated_option[ $key ] = $value;
+ }
+ }
+ if ( $updated_option !== $current_option ) {
+ update_site_option( $option_name, $updated_option );
+ }
+ }
}
}
- } elseif ( ! is_multisite() ) {
+ } else {
// Add wpvulnerability-config option if it does not exist.
if ( ! get_option( 'wpvulnerability-config' ) ) {
@@ -352,6 +417,14 @@ function wpvulnerability_activation() {
'wpvulnerability-nginx' => '',
'wpvulnerability-nginx-cache' => 0,
'wpvulnerability-nginx-vulnerable' => 0,
+ 'wpvulnerability-mariadb' => '',
+ 'wpvulnerability-mariadb-cache' => 0,
+ 'wpvulnerability-mariadb-vulnerable' => 0,
+ 'wpvulnerability-mysql' => '',
+ 'wpvulnerability-mysql-cache' => 0,
+ 'wpvulnerability-mysql-vulnerable' => 0,
+ 'wpvulnerability-statistics' => '',
+ 'wpvulnerability-statistics-cache' => 0,
);
foreach ( $options as $key => $value ) {
@@ -360,25 +433,37 @@ function wpvulnerability_activation() {
}
}
- // Add wpvulnerability-config option if it does not exist.
+ // Add wpvulnerability-analyze option if it does not exist.
if ( ! get_option( 'wpvulnerability-analyze' ) ) {
- add_option(
- 'wpvulnerability-analyze',
- array(
- 'core' => 0,
- 'plugins' => 0,
- 'themes' => 0,
- 'php' => 0,
- 'apache' => 0,
- 'nginx' => 0,
- )
+ $default_wpvulnerability_analyze = array(
+ 'core' => 0,
+ 'plugins' => 0,
+ 'themes' => 0,
+ 'php' => 0,
+ 'apache' => 0,
+ 'nginx' => 0,
+ 'mariadb' => 0,
+ 'mysql' => 0,
);
+ $current_option = get_option( 'wpvulnerability-analyze' );
+ if ( false === $current_option ) {
+ add_option( 'wpvulnerability-analyze', $default_wpvulnerability_analyze );
+ } else {
+ $updated_option = $current_option;
+ foreach ( $default_wpvulnerability_analyze as $key => $value ) {
+ if ( ! array_key_exists( $key, $current_option ) ) {
+ $updated_option[ $key ] = $value;
+ }
+ }
+ if ( $updated_option !== $current_option ) {
+ update_option( $option_name, $updated_option );
+ }
+ }
}
}
}
/**
- * On Deactivation
* Callback function to run when the plugin is deactivated.
* Deletes options and removes scheduled wp-cron jobs.
*
@@ -413,6 +498,14 @@ function wpvulnerability_deactivation() {
'wpvulnerability-nginx',
'wpvulnerability-nginx-cache',
'wpvulnerability-nginx-vulnerable',
+ 'wpvulnerability-mariadb',
+ 'wpvulnerability-mariadb-cache',
+ 'wpvulnerability-mariadb-vulnerable',
+ 'wpvulnerability-mysql',
+ 'wpvulnerability-mysql-cache',
+ 'wpvulnerability-mysql-vulnerable',
+ 'wpvulnerability-statistics',
+ 'wpvulnerability-statistics-cache',
);
foreach ( $multisite_options as $option ) {
@@ -443,6 +536,14 @@ function wpvulnerability_deactivation() {
'wpvulnerability-nginx',
'wpvulnerability-nginx-cache',
'wpvulnerability-nginx-vulnerable',
+ 'wpvulnerability-mariadb',
+ 'wpvulnerability-mariadb-cache',
+ 'wpvulnerability-mariadb-vulnerable',
+ 'wpvulnerability-mysql',
+ 'wpvulnerability-mysql-cache',
+ 'wpvulnerability-mysql-vulnerable',
+ 'wpvulnerability-statistics',
+ 'wpvulnerability-statistics-cache',
);
foreach ( $single_site_options as $option ) {
@@ -462,7 +563,6 @@ function wpvulnerability_deactivation() {
}
/**
- * On Uninstall
* Callback function to run when the plugin is uninstalled.
* Deletes options and removes scheduled wp-cron jobs.
*
@@ -496,6 +596,14 @@ function wpvulnerability_uninstall() {
'wpvulnerability-nginx',
'wpvulnerability-nginx-cache',
'wpvulnerability-nginx-vulnerable',
+ 'wpvulnerability-mariadb',
+ 'wpvulnerability-mariadb-cache',
+ 'wpvulnerability-mariadb-vulnerable',
+ 'wpvulnerability-mysql',
+ 'wpvulnerability-mysql-cache',
+ 'wpvulnerability-mysql-vulnerable',
+ 'wpvulnerability-statistics',
+ 'wpvulnerability-statistics-cache',
'wpvulnerability-analyze',
);
@@ -526,6 +634,14 @@ function wpvulnerability_uninstall() {
'wpvulnerability-nginx',
'wpvulnerability-nginx-cache',
'wpvulnerability-nginx-vulnerable',
+ 'wpvulnerability-mariadb',
+ 'wpvulnerability-mariadb-cache',
+ 'wpvulnerability-mariadb-vulnerable',
+ 'wpvulnerability-mysql',
+ 'wpvulnerability-mysql-cache',
+ 'wpvulnerability-mysql-vulnerable',
+ 'wpvulnerability-statistics',
+ 'wpvulnerability-statistics-cache',
'wpvulnerability-analyze',
);
@@ -549,62 +665,38 @@ function wpvulnerability_uninstall() {
*
* This function retrieves the WPVulnerability analysis settings, either from
* the single site or the multisite network, depending on the WordPress setup.
- * It then returns false if the specified type ('core', 'plugins', 'themes',
- * 'php', 'apache', 'nginx') is set. If the type is not set or is invalid, it returns true.
+ * It returns false if the specified type ('core', 'plugins', 'themes',
+ * 'php', 'apache', 'nginx', 'mariadb', 'mysql') is set. If the type is not set or is invalid, it returns true.
*
* @since 3.3.0
*
- * @param string $type The type of analysis setting to retrieve ('core', 'plugins', 'themes', 'php', 'apache', 'nginx').
+ * @param string $type The type of analysis setting to retrieve ('core', 'plugins', 'themes', 'php', 'apache', 'nginx', 'mariadb', 'mysql').
*
* @return bool False if the specified type is set, true if not set or invalid.
*/
function wpvulnerability_analyze_filter( $type ) {
// Retrieve the analysis settings based on the WordPress setup.
- if ( ! is_multisite() ) {
- $wpvulnerability_analyze = get_option( 'wpvulnerability-analyze', array() );
- } elseif ( is_multisite() ) {
- $wpvulnerability_analyze = get_site_option( 'wpvulnerability-analyze', array() );
- }
+ $wpvulnerability_analyze = is_multisite() ? get_site_option( 'wpvulnerability-analyze', array() ) : get_option( 'wpvulnerability-analyze', array() );
// Check the specified type and return the appropriate value.
switch ( $type ) {
case 'core':
- if ( isset( $wpvulnerability_analyze['core'] ) && (int) $wpvulnerability_analyze['core'] ) {
- return false;
- } else {
- return true;
- }
+ return ! ( isset( $wpvulnerability_analyze['core'] ) && (int) $wpvulnerability_analyze['core'] );
case 'plugins':
- if ( isset( $wpvulnerability_analyze['plugins'] ) && (int) $wpvulnerability_analyze['plugins'] ) {
- return false;
- } else {
- return true;
- }
+ return ! ( isset( $wpvulnerability_analyze['plugins'] ) && (int) $wpvulnerability_analyze['plugins'] );
case 'themes':
- if ( isset( $wpvulnerability_analyze['themes'] ) && (int) $wpvulnerability_analyze['themes'] ) {
- return false;
- } else {
- return true;
- }
+ return ! ( isset( $wpvulnerability_analyze['themes'] ) && (int) $wpvulnerability_analyze['themes'] );
case 'php':
- if ( isset( $wpvulnerability_analyze['php'] ) && (int) $wpvulnerability_analyze['php'] ) {
- return false;
- } else {
- return true;
- }
+ return ! ( isset( $wpvulnerability_analyze['php'] ) && (int) $wpvulnerability_analyze['php'] );
case 'apache':
- if ( isset( $wpvulnerability_analyze['apache'] ) && (int) $wpvulnerability_analyze['apache'] ) {
- return false;
- } else {
- return true;
- }
+ return ! ( isset( $wpvulnerability_analyze['apache'] ) && (int) $wpvulnerability_analyze['apache'] );
case 'nginx':
- if ( isset( $wpvulnerability_analyze['nginx'] ) && (int) $wpvulnerability_analyze['nginx'] ) {
- return false;
- } else {
- return true;
- }
+ return ! ( isset( $wpvulnerability_analyze['nginx'] ) && (int) $wpvulnerability_analyze['nginx'] );
+ case 'mariadb':
+ return ! ( isset( $wpvulnerability_analyze['mariadb'] ) && (int) $wpvulnerability_analyze['mariadb'] );
+ case 'mysql':
+ return ! ( isset( $wpvulnerability_analyze['mysql'] ) && (int) $wpvulnerability_analyze['mysql'] );
default:
return true;
}
diff --git a/wpvulnerability-sitehealth.php b/wpvulnerability-sitehealth.php
index 66ef1a2..51adf8e 100644
--- a/wpvulnerability-sitehealth.php
+++ b/wpvulnerability-sitehealth.php
@@ -342,7 +342,112 @@ function wpvulnerability_test_nginx() {
}
/**
- * Adds vulnerability tests to Health Check & Troubleshooting page.
+ * Tests for vulnerabilities in MariaDB.
+ *
+ * This function checks for any known vulnerabilities in the MariaDB installation.
+ * It returns an array with the results, including status, description, and actions.
+ *
+ * @since 3.4.0
+ *
+ * @return array Returns an array with the results of the vulnerability test.
+ */
+function wpvulnerability_test_mariadb() {
+
+ // Define the initial test result values.
+ $result = array(
+ 'label' => __( 'There aren\'t MariaDB vulnerabilities', 'wpvulnerability' ),
+ 'status' => 'good',
+ 'badge' => array(
+ 'label' => __( 'Security', 'wpvulnerability' ),
+ 'color' => 'green',
+ ),
+ 'description' => sprintf(
+ '%s
',
+ __( 'This test checks for known vulnerabilities in your MariaDB installation.', 'wpvulnerability' )
+ ),
+ 'actions' => '',
+ 'test' => 'wpvulnerability_mariadb',
+ );
+
+ // Check if any MariaDB vulnerabilities were found.
+ $wpvulnerability_test_mariadb_counter = is_multisite()
+ ? json_decode( get_site_option( 'wpvulnerability-mariadb-vulnerable' ) )
+ : json_decode( get_option( 'wpvulnerability-mariadb-vulnerable' ) );
+
+ if ( $wpvulnerability_test_mariadb_counter ) {
+ $result['status'] = 'critical';
+ $result['label'] = sprintf(
+ /* translators: %d is the number of vulnerabilities detected. */
+ _n( 'There is %d MariaDB vulnerability', 'There are %d MariaDB vulnerabilities', $wpvulnerability_test_mariadb_counter, 'wpvulnerability' ),
+ $wpvulnerability_test_mariadb_counter
+ );
+ $result['badge']['color'] = 'red';
+ $result['description'] = sprintf(
+ '%1$s
%2$s',
+ __( 'Potential vulnerabilities have been detected in your MariaDB installation. Please review them and ensure your database is up to date.', 'wpvulnerability' ),
+ wpvulnerability_html_mariadb()
+ );
+ }
+
+ return $result;
+}
+
+/**
+ * Tests for vulnerabilities in MySQL.
+ *
+ * This function checks for any known vulnerabilities in the MySQL installation.
+ * It returns an array with the results, including status, description, and actions.
+ *
+ * @since 3.4.0
+ *
+ * @return array Returns an array with the results of the vulnerability test.
+ */
+function wpvulnerability_test_mysql() {
+
+ // Define the initial test result values.
+ $result = array(
+ 'label' => __( 'There aren\'t MySQL vulnerabilities', 'wpvulnerability' ),
+ 'status' => 'good',
+ 'badge' => array(
+ 'label' => __( 'Security', 'wpvulnerability' ),
+ 'color' => 'green',
+ ),
+ 'description' => sprintf(
+ '%s
',
+ __( 'This test checks for known vulnerabilities in your MySQL installation.', 'wpvulnerability' )
+ ),
+ 'actions' => '',
+ 'test' => 'wpvulnerability_mysql',
+ );
+
+ // Check if any MySQL vulnerabilities were found.
+ $wpvulnerability_test_mysql_counter = is_multisite()
+ ? json_decode( get_site_option( 'wpvulnerability-mysql-vulnerable' ) )
+ : json_decode( get_option( 'wpvulnerability-mysql-vulnerable' ) );
+
+ if ( $wpvulnerability_test_mysql_counter ) {
+ $result['status'] = 'critical';
+ $result['label'] = sprintf(
+ /* translators: %d is the number of vulnerabilities detected. */
+ _n( 'There is %d MySQL vulnerability', 'There are %d MySQL vulnerabilities', $wpvulnerability_test_mysql_counter, 'wpvulnerability' ),
+ $wpvulnerability_test_mysql_counter
+ );
+ $result['badge']['color'] = 'red';
+ $result['description'] = sprintf(
+ '%1$s
%2$s',
+ __( 'Potential vulnerabilities have been detected in your MySQL installation. Please review them and ensure your database is up to date.', 'wpvulnerability' ),
+ wpvulnerability_html_mysql()
+ );
+ }
+
+ return $result;
+}
+
+/**
+ * Adds vulnerability tests to the Health Check & Troubleshooting page.
+ *
+ * This function registers various vulnerability tests for different components of the site, such as
+ * WordPress core, themes, plugins, PHP, Apache, nginx, MariaDB, and MySQL, to the Site Health status page.
*
* @since 2.0.0
*
@@ -353,7 +458,7 @@ function wpvulnerability_test_nginx() {
function wpvulnerability_tests( $tests ) {
if ( wpvulnerability_analyze_filter( 'core' ) ) {
- // Adds test for Core WordPress vulnerabilities.
+ // Add test for Core WordPress vulnerabilities.
$tests['direct']['wpvulnerability_core'] = array(
'label' => __( 'WPVulnerability Core', 'wpvulnerability' ),
'test' => 'wpvulnerability_test_core',
@@ -361,7 +466,7 @@ function wpvulnerability_tests( $tests ) {
}
if ( wpvulnerability_analyze_filter( 'themes' ) ) {
- // Adds test for Theme vulnerabilities.
+ // Add test for Theme vulnerabilities.
$tests['direct']['wpvulnerability_themes'] = array(
'label' => __( 'WPVulnerability Themes', 'wpvulnerability' ),
'test' => 'wpvulnerability_test_themes',
@@ -369,7 +474,7 @@ function wpvulnerability_tests( $tests ) {
}
if ( wpvulnerability_analyze_filter( 'plugins' ) ) {
- // Adds test for Plugin vulnerabilities.
+ // Add test for Plugin vulnerabilities.
$tests['direct']['wpvulnerability_plugins'] = array(
'label' => __( 'WPVulnerability Plugins', 'wpvulnerability' ),
'test' => 'wpvulnerability_test_plugins',
@@ -377,7 +482,7 @@ function wpvulnerability_tests( $tests ) {
}
if ( wpvulnerability_analyze_filter( 'php' ) ) {
- // Adds test for PHP vulnerabilities.
+ // Add test for PHP vulnerabilities.
$tests['direct']['wpvulnerability_php'] = array(
'label' => __( 'WPVulnerability PHP', 'wpvulnerability' ),
'test' => 'wpvulnerability_test_php',
@@ -385,7 +490,7 @@ function wpvulnerability_tests( $tests ) {
}
if ( wpvulnerability_analyze_filter( 'apache' ) ) {
- // Adds test for Apache vulnerabilities.
+ // Add test for Apache vulnerabilities.
$tests['direct']['wpvulnerability_apache'] = array(
'label' => __( 'WPVulnerability Apache HTTPD', 'wpvulnerability' ),
'test' => 'wpvulnerability_test_apache',
@@ -393,14 +498,31 @@ function wpvulnerability_tests( $tests ) {
}
if ( wpvulnerability_analyze_filter( 'nginx' ) ) {
- // Adds test for nginx vulnerabilities.
+ // Add test for nginx vulnerabilities.
$tests['direct']['wpvulnerability_nginx'] = array(
'label' => __( 'WPVulnerability nginx', 'wpvulnerability' ),
'test' => 'wpvulnerability_test_nginx',
);
}
+ if ( wpvulnerability_analyze_filter( 'mariadb' ) ) {
+ // Add test for MariaDB vulnerabilities.
+ $tests['direct']['wpvulnerability_mariadb'] = array(
+ 'label' => __( 'WPVulnerability MariaDB', 'wpvulnerability' ),
+ 'test' => 'wpvulnerability_test_mariadb',
+ );
+ }
+
+ if ( wpvulnerability_analyze_filter( 'mysql' ) ) {
+ // Add test for MySQL vulnerabilities.
+ $tests['direct']['wpvulnerability_mysql'] = array(
+ 'label' => __( 'WPVulnerability MySQL', 'wpvulnerability' ),
+ 'test' => 'wpvulnerability_test_mysql',
+ );
+ }
+
return $tests;
}
+
// Adds the vulnerability tests to the site status tests.
add_filter( 'site_status_tests', 'wpvulnerability_tests' );
diff --git a/wpvulnerability.php b/wpvulnerability.php
index 0e670ca..2e1ad66 100644
--- a/wpvulnerability.php
+++ b/wpvulnerability.php
@@ -5,7 +5,7 @@
* Description: Receive information about possible vulnerabilities in your WordPress from WordPress Vulnerability Database API.
* Requires at least: 4.1
* Requires PHP: 5.6
- * Version: 3.3.5
+ * Version: 3.4.0
* Author: Javier Casares
* Author URI: https://www.javiercasares.com/
* License: GPL-2.0-or-later
@@ -23,7 +23,7 @@
/**
* Set some constants that I can change in future verions
*/
-define( 'WPVULNERABILITY_PLUGIN_VERSION', '3.3.5' );
+define( 'WPVULNERABILITY_PLUGIN_VERSION', '3.4.0' );
define( 'WPVULNERABILITY_API_HOST', 'https://www.wpvulnerability.net/' );
define( 'WPVULNERABILITY_CACHE_HOURS', 12 );
@@ -80,6 +80,8 @@ function wpvulnerability_plugin_init() {
require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-php.php';
require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-apache.php';
require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-nginx.php';
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mariadb.php';
+ require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-mysql.php';
/*
* All the plugin really does.
 . 'assets/icon-mariadb.svg){kind=icon}
' . esc_html( (string) $msg_mariadb ) . ' . 'assets/icon-mysql.svg){kind=icon}
' . esc_html( (string) $msg_mysql ) . '