CMS Vulnerability Scans
- Select a website from the drop-down at top-left
- Click 'Scan' > 'Vulnerability Scan’
The content management system (CMS) scanner inspects your core site,
plugins and themes to identify vulnerabilities in your current version.
The scanner supports the following types of CMS:
- WordPress
- Joomla
- Drupal
- ModX
- Typo3
See the following for more help:
- Open the SOCaaP Web Protection dashboard
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan’
The last scan area on the right shows the results of the most recent scan.
- Scan Date - When the most recent discovery was run.
- Version - The version number of the CMS that was scanned. This is the CMS version that your site runs on.
- Status - Whether the website has vulnerabilities or not.
- Not Vulnerable - No weaknesses detected.
- Vulnerable - Security threats found. Click on the row to view more details and fix advice.
- Failed - Scan did not run for some reason.
- CMS format not identified - Shown if the site doesn't use a supported CMS, or because SOCaaP Web Protection couldn't detect the CMS type for other reasons.
- Click the 'Refresh' icon at top-right to reload the results of the latest scan.
Start an on-demand CMS scan
You can manually start a CMS scan at anytime:
- Open the SOCaaP Web Protection dashboard
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan’
- SOCaaP Web Protection will begin scanning the domain for CMS vulnerabilities
- Scan results are shown in the 'Last Scan' box on the right
- Click the 'Refresh' icon at top-right to reload the results of the scan
- Alerts will be generated if any vulnerabilities are found.
- Click 'View Full Report' for a comprehensive overview of discovered vulnerabilities
- See View detailed results of the last scan for more details
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability'
- Click 'View Full Report' under 'Last Scan' in the CMS scan pane as shown below:
Vulnerability information is available for the following CMS components:
- Core
- Plugins
- Theme
- Select a tab to view a list of vulnerabilities in the component
- Click the '+' icon at the left of an item to view its details:
CMS Vulnerabilities - Column Descriptions |
|
---|---|
Column Header |
Description |
Vulnerability |
A short description of the weakness. |
Patch Fix |
The version of the CMS in which the vulnerability was fixed. Update your CMS to this version to remove the vulnerability from your site. |
Reference |
Links to detailed information about the vulnerability and guidance to fix the issue.
|
Found in |
The version of the CMS in which the vulnerability was discovered.
|
Latest Version |
The most recent version of the CMS available. We advise customers to upgrade to the latest version if possible. |
View results of previous scans
You can view the results of the 10 most recent CMS scans on your site.
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability'
- Click 'View Scan History' in the 'CMS Scan' pane
The dates of the previous scans are shown at the top of the history window.
- Select a date to view detailed results from the scan run on that day
See View detailed results of the last scan if you need more help with this.