http://veliks.mozello.lv/wwww/wpsec-1/ Andris Veliks - WPSec http://veliks.mozello.lv/wwww/wpsec-1/params/post/5266373/wpsec-june-2026-update-introducing-attack-surface Fri, 12 Jun 2026 19:38:00 +0000 <div style="font-weight: 400; font-style: normal;" class="moze-start"><br class="Apple-interchange-newline"><table role="presentation" class="m_8437754732885314590body-wrap" width="100%" cellpadding="0" cellspacing="0"><tbody><tr><td align="center"><table role="presentation" class="m_8437754732885314590container" width="600" cellpadding="0" cellspacing="0"><tbody><tr><td class="m_8437754732885314590header-td" style="text-align: center"><a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/P2iTQOOjHJ763CFRtTUco1763w/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/P2iTQOOjHJ763CFRtTUco1763w/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw1yiO2OBcrZhkrKZZJSmxrL"><img src="https://ci3.googleusercontent.com/meips/ADKq_NZjYpchE9svUQAon5qR4XHWVxykezhehVovUmeMuGGHlSStKmORZ5-S5m4u-DACM3qvCtEXe5I6FpLrzmEg=s0-d-e1-ft#https://wpsec.com/images/wpsec_white.png" alt="WPSec" width="180" style="text-decoration: none; width: 180px; height: auto"></a></td></tr><tr><td class="m_8437754732885314590hero-td" style="text-align: center"><b><h1 class="m_8437754732885314590hero-title" style="font-weight: 700">June 2026 Update</h1></b><p class="m_8437754732885314590hero-sub">Introducing Attack Surface — see where your sites are exposed</p></td></tr><tr><td class="m_8437754732885314590content-td"><p class="m_8437754732885314590section-body">Hi Andris Veliks,</p><p class="m_8437754732885314590section-body">This month we’re launching the biggest addition to WPSec in a while: <strong>Attack Surface</strong> — a per-plugin security risk analysis for every WordPress site you scan. Plugins are where most WordPress sites get compromised, and Attack Surface gives you the clearest picture yet of where yours are exposed.</p></td></tr><tr><td class="m_8437754732885314590content-td"><table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tbody><tr><td><table role="presentation" cellpadding="0" cellspacing="0"><tbody><tr><td style="text-align: center"><img data-emoji="🎯" class="an1" alt="🎯" aria-label="🎯" draggable="false" src="https://fonts.gstatic.com/s/e/notoemoji/17.0/1f3af/32.png" loading="lazy" style="text-decoration: none; width: 1.2em; height: auto"></td></tr></tbody></table></td><td><b><h2 class="m_8437754732885314590section-title" style="font-weight: 700">Introducing Attack Surface</h2></b></td></tr></tbody></table><p class="m_8437754732885314590section-body">Every plugin you install adds code that can be attacked. Attack Surface analyzes every plugin WPSec detects across your sites and rates each one — so you can see your real exposure at a glance.</p><div class="m_8437754732885314590section-body"><ul><li>A risk level for every plugin — Critical, High, Medium, Low, or Minimal</li><li>A 0–100 risk score, so you can compare plugins directly</li><li>Outdated plugins flagged with exactly how many releases behind they are</li><li>Plugins removed from WordPress.org flagged automatically — a common warning sign</li><li>Every site on your account, in one place</li></ul></div><table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tbody><tr><td><a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/5OzJ0AE892AX2QpDstyS2Lhg/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/5OzJ0AE892AX2QpDstyS2Lhg/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw2O2iOeeuBFNsLsqSrt39dx"><img src="https://ci3.googleusercontent.com/meips/ADKq_NYprxxWQHRhvcxxnWD-VSP-o00Z-L9JI1aSKg2iZpJrt8wN98OYC0ZGugrEwR3YYKQp_WiGAfwhezqnp9dFEZaMsT8mswE0nO5TG5VTKv5ZHjwe=s0-d-e1-ft#https://wpsec.com/images/newsletter/attacksurface-2026-06.png" alt="Attack Surface dashboard showing per-plugin risk levels and scores" width="520" style="text-decoration: none; width: 520px; height: auto"></a></td></tr></tbody></table><table role="presentation" cellpadding="0" cellspacing="0"><tbody><tr><td class="m_8437754732885314590btn-td"><a class="m_8437754732885314590btn" href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/5OzJ0AE892AX2QpDstyS2Lhg/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/5OzJ0AE892AX2QpDstyS2Lhg/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw2O2iOeeuBFNsLsqSrt39dx" style="text-decoration: none; font-weight: 600">Open Attack Surface</a></td></tr></tbody></table></td></tr><tr><td><hr style="border-width: 1px medium medium; border-style: solid none none; border-color: rgb(229, 234, 240) currentcolor currentcolor; border-image: initial; margin: 0px;"></td></tr><tr><td class="m_8437754732885314590content-td"><table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tbody><tr><td><table role="presentation" cellpadding="0" cellspacing="0"><tbody><tr><td style="text-align: center"><img data-emoji="📊" class="an1" alt="📊" aria-label="📊" draggable="false" src="https://fonts.gstatic.com/s/e/notoemoji/17.0/1f4ca/32.png" loading="lazy" style="text-decoration: none; width: 1.2em; height: auto"></td></tr></tbody></table></td><td><b><h2 class="m_8437754732885314590section-title" style="font-weight: 700">See exactly what’s exposed</h2></b></td></tr></tbody></table><p class="m_8437754732885314590section-body">For every plugin, Attack Surface breaks down what actually makes up its attack surface:</p><div class="m_8437754732885314590section-body"><ul><li><strong>REST API endpoints</strong> the plugin registers — each one is a way in</li><li><strong>Input parameters</strong> it accepts — every one is a potential injection point</li><li><strong>File upload points</strong> — among the highest-risk vectors on any site</li><li><strong>WordPress hooks</strong> that handle user input, such as AJAX handlers</li><li><strong>Security issues</strong> surfaced by static analysis, mapped to their OWASP category</li></ul></div></td></tr><tr><td><hr style="border-width: 1px medium medium; border-style: solid none none; border-color: rgb(229, 234, 240) currentcolor currentcolor; border-image: initial; margin: 0px;"></td></tr><tr><td class="m_8437754732885314590content-td"><table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tbody><tr><td><table role="presentation" cellpadding="0" cellspacing="0"><tbody><tr><td style="text-align: center"><img data-emoji="🔍" class="an1" alt="🔍" aria-label="🔍" draggable="false" src="https://fonts.gstatic.com/s/e/notoemoji/17.0/1f50d/32.png" loading="lazy" style="text-decoration: none; width: 1.2em; height: auto"></td></tr></tbody></table></td><td><b><h2 class="m_8437754732885314590section-title" style="font-weight: 700">Two views, built for fixing things</h2></b></td></tr></tbody></table><p class="m_8437754732885314590section-body">Look at your plugins whichever way helps you act:</p><div class="m_8437754732885314590section-body"><ul><li><strong>By Website</strong> — the full risk profile of a single site</li><li><strong>By Severity</strong> — every plugin across all your sites, ranked worst-first, so you tackle the most dangerous things first</li><li>Hide plugins whose risk you’ve accepted, report false positives, or manually add plugins a scan didn’t catch</li></ul></div></td></tr><tr><td><hr style="border-width: 1px medium medium; border-style: solid none none; border-color: rgb(229, 234, 240) currentcolor currentcolor; border-image: initial; margin: 0px;"></td></tr><tr><td class="m_8437754732885314590content-td"><table role="presentation" width="100%" cellpadding="0" cellspacing="0"><tbody><tr><td><table role="presentation" cellpadding="0" cellspacing="0"><tbody><tr><td style="text-align: center"><img data-emoji="📄" class="an1" alt="📄" aria-label="📄" draggable="false" src="https://fonts.gstatic.com/s/e/notoemoji/17.0/1f4c4/32.png" loading="lazy" style="text-decoration: none; width: 1.2em; height: auto"></td></tr></tbody></table></td><td><b><h2 class="m_8437754732885314590section-title" style="font-weight: 700">Share it as a PDF</h2></b></td></tr></tbody></table><p class="m_8437754732885314590section-body">Need to hand the findings to a client or a colleague? Download a complete Attack Surface report as a PDF — a clean summary of every site and every plugin, ready to send or file.</p></td></tr><tr><td style="text-align: center"><hr style="border-width: 1px medium medium; border-style: solid none none; border-color: rgb(229, 234, 240) currentcolor currentcolor; border-image: initial; margin: 0px 0px 28px;"><p>Attack Surface is part of WPSec Premium. Log in to open it from your dashboard.</p><a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/5OzJ0AE892AX2QpDstyS2Lhg/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/5OzJ0AE892AX2QpDstyS2Lhg/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw2O2iOeeuBFNsLsqSrt39dx" style="text-decoration: none; font-weight: 600">Open Attack Surface</a></td></tr><tr><td class="m_8437754732885314590footer-td" style="text-align: center"><p><a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/uYdymyM8R86opfeSZYmVPw/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/uYdymyM8R86opfeSZYmVPw/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw1x0EkdMdw8a4V1UgAPeAzM" style="text-decoration: none">X</a> · <a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/cinsufYw1RHboR4sIo3c6A/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/cinsufYw1RHboR4sIo3c6A/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw1tA92kn7eLejY0Xd9gQr2_" style="text-decoration: none">LinkedIn</a> · <a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/cqW53pUfY9POsemMNfQzSA/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/cqW53pUfY9POsemMNfQzSA/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw04NcfcjpIwhUC59p0ZO3wT" style="text-decoration: none">Instagram</a> · <a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/2CWeL763UB6auuy9eHJZEgOw/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/2CWeL763UB6auuy9eHJZEgOw/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw0KwjPMAoNUAuLY7suxGaFD" style="text-decoration: none">Facebook</a></p><p>WPSec - WordPress Security Scanning</p><p><a href="https://list.wpsec.com/unsubscribe/djN3xwDguKXX5riBD48j1yNow2AXjRunXgEAgG63yyU/jG6UCOd7rlzK0Krq5emSnQ/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/unsubscribe/djN3xwDguKXX5riBD48j1yNow2AXjRunXgEAgG63yyU/jG6UCOd7rlzK0Krq5emSnQ/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw2696QW_4Otvn1MwnE-_xNH" style="text-decoration: underline">Unsubscribe</a> · <a href="https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/SKEqEFOES892aolsabIOp8ew/nPAPGDZ892SW6ZnFYJxZp08A" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://list.wpsec.com/l/6w67634iw3XVouXbQF763zwnkQ/SKEqEFOES892aolsabIOp8ew/nPAPGDZ892SW6ZnFYJxZp08A&amp;source=gmail&amp;ust=1781377289994000&amp;usg=AOvVaw1-k0KaEd3q6s3Qgw4Mroo7" style="text-decoration: underline">Privacy Policy</a></p></td></tr></tbody></table></td></tr></tbody></table></div><img src="https://ci3.googleusercontent.com/meips/ADKq_Na5ad5rKlMdLUQkpamCpYvKESC4bo8R30Cr71ulf1fdi1pUwMy_ddDN26M85jP_XrVmoddcJjWesmV2f83GvxJ7OUMKnyzB8goMhqKSqj-DqD4NCFGquVwXTuZpKxugm02_=s0-d-e1-ft#https://list.wpsec.com/t/nPAPGDZ892SW6ZnFYJxZp08A/6w67634iw3XVouXbQF763zwnkQ" alt="" style="text-align: start; text-decoration: none; font-weight: 400; font-style: normal; width: 1px; height: 1px"> http://veliks.mozello.lv/wwww/wpsec-1/params/post/5266367/wpsec Fri, 12 Jun 2026 19:36:00 +0000 <img src="https://site-92547.mozfiles.com/files/92547/base64img_8f2028bc561ee4daf42b2c7333b59d4d.png" alt="Online WordPress Security Scanner for Vulnerabilities | WPSec.com" class="" style="">