Analysis of Attack Vectors

Conditions

Attack Vector = Type x Path
Abbreviation of Type Description
AB Authentication Bypass
AFU Arbitrary File Upload
CSRF Cross-Site Request Forgery
DT Directory Traversal
LFI Local File Inclusion
PE Privilege Escalation
RCE Remote Code Execution
RFU Remote File Upload
SQLI SQL Injection
XSS Cross-Site Scripting
Abbreviation of Path Description
AA Admin area
AX Admin ajax / post
PD Plugin Direct
FE Front End
Symbol Description
OK Success when enables blocking on front-end.
OK Success when enables blocking on back-end.
NG Fail to block.

Results

Source: © The WPScan Team
Vulnerability Version Type Path Geo ZEP
WP Business Intelligence Lite <= 1.6.1 SQLI PD+ OK OK
Ptengine <= 1.0.1 XSS FE OK NG
EZ Portfolio <= 1.0.1 XSS AX OK OK
WonderPlugin Audio Player <= 2.0 SQLI, XSS AX OK OK
Aspose Cloud eBook Generator <= 1.0 LFI PD- OK OK
WPshop - eCommerce <= 1.3.9.5 AFU PD+ OK OK
WPBook <= 2.7 CSRF AA OK OK
WP-ViperGB <= 1.3.10 XSS, CSRF AA OK OK
WordPress Survey & Poll <= 1.1.7 SQLI AX OK OK
WP Media Cleaner <= 2.2.6 XSS AA OK OK
WP Easy Slideshow <= 1.0.3 CSRF AA OK OK
N-Media Website Contact Form <= 1.3.4 AFU AX+ OK NG
Tune Library <= 1.5.4 SQLI FE OK NG
Redirection Page <= 1.2 CSRF, XSS AA OK OK
PHP Event Calendar <= 1.5 AFU PD OK OK
My Wish List <= 1.4.1 XSS FE OK NG
Mobile Domain <= 1.5.2 CSRF, XSS AA OK OK
MailChimp Subscribe Form <= 1.1 RCE PD OK OK
IP Blacklist Cloud <= 3.4 SQLI AA OK OK
IP Blacklist Cloud <= 3.42 LFI FE OK NG
InBoundio Marketing <= 2.0.3 RFU PD OK OK
Image Metadata Cruncher <= 1.8 CSRF, XSS AA OK OK
CrossSlide jQuery <= 2.0.5 CSRF, XSS AA OK OK
Aspose PDF Exporter < 2.0 LFI PD- OK OK
Aspose Importer & Exporter <= 1.0 LFI PD- OK OK
Aspose DOC Exporter <= 1.0 LFI PD- OK OK
WP Ultimate CSV Importer <= 3.6.74 AB PD+ OK OK
WP Ultimate CSV Importer <= 3.7.1 DT PD+ OK OK
WP Mobile Edition <= 2.2.7 LFI PD- OK OK
WP All Import <= 3.2.3 RCE AX OK OK
WP All Import <= 3.2.4 CSRF, XSS AX OK OK
UpdraftPlus <= 1.9.50 PE AX OK NG
Ultimate Member <= 1.0.78 AFU PD+ OK OK
Ultimate Product Catalogue <= 3.1.1 AFU AX OK OK
Ultimate Product Catalogue <= 3.1.2 SQLI AX OK OK
Ultimate Product Catalogue <= 3.1.2 SQLI FE OK NG
TinyMCE Advanced <= 4.1 CSRF AX OK OK
Huge-IT Slider <= 2.6.8 SQLI AX OK OK
Simple Ads Manager <= 2.5.94 AFU, SQLI PD+ OK OK
Related Posts for WordPress <= 1.8.1 XSS FE OK NG
Ajax Search Lite <= 3.1 RCE AX OK OK
Blubrry PowerPress <= 6.0 XSS AA OK OK
PlusCaptcha <= 2.0.14 CSRF AA OK OK
Plugin Performance Profiler <= 1.5.3.8 XSS AA NG NG
NEX-Forms <= 3.0 SQLI AX OK OK
MiwoFTP <= 1.0.4 LFI FE OK NG
MiwoFTP <= 1.0.5 CSRF, XSS AA OK OK
MainWP Child <= 2.0.9.1 AB FE OK NG
Mashshare <= 2.3.0 AB AX OK OK
WordPress Leads <= 1.6.2 XSS AX+ OK NG
The total amount of OK 41 38

Total Protection Performance

Blocking Method True Positive False Negative
Block by country on both front/back-end 49/50 (98%) 1/50 ( 2%)
Block by country only on back-end 41/50 (82%) 9/50 (18%)
WP-ZEP 38/50 (76%) 12/50 (24%)