P7Ping7 security tools

WordPress local checker

Check CVE-2026-1492 without touching site files

A read-only local checker for WordPress owners. It checks plugin exposure, hidden administrators, suspicious uploads, cron changes, and file changes that often matter after an auth bypass.

Open repository View script Read guide All Ping7 tools Repair help
9.8CVSS critical
0 writesdoes not modify WordPress
WP rootruns where wp-config.php exists
Use this only on WordPress sites you own or support. The checker does not modify files. No payloads. No broad scanning. No exploitation steps.
# from the WordPress root
curl -fsSLO https://raw.githubusercontent.com/limo57640-crypto/wp-user-registration-vuln-checker/main/check.sh
less check.sh
bash check.sh

# or pass the site path
bash check.sh /home/example/public_html

Checks that matter after auth bypass

The script focuses on evidence a site owner can preserve before cleanup.

Plugin and core state

Confirms the User Registration plugin presence and version, plus basic WordPress environment details.

Admin and role drift

Looks for visible administrators, hidden role mappings, suspicious recent admin creation, and usermeta anomalies.

Post-compromise traces

Reviews upload PHP files, cron entries, theme/config changes, and unexpected files in core folders.

Result states

Use the exact status word in the repair ticket so the next person knows where to start.

CLEAN

No obvious indicator was found with the current local access.

SUSPICIOUS

One or more checks need review before the incident can be closed.

COMPROMISED

Strong indicators were found. Preserve evidence before deleting files.

ERROR

The script could not complete, usually because the WordPress path or permissions were wrong.

Issue or repair

Open a GitHub issue for tool bugs, false positives, host compatibility problems, or non-sensitive documentation fixes.

Use Ping7 repair when the result is SUSPICIOUS or COMPROMISED, or when live domains, customer data, admin usernames, upload filenames, or database details should not be posted in public.

Evidence to keep

  • Checker output and version.
  • WordPress path, host type, and plugin version.
  • First suspicious timestamp.
  • Unknown admin names, upload PHP filenames, cron entries, redirects, or changed theme files.
  • Whether access logs and database backups are still available.

Repair handoff

Send the domain, plugin version, detector result, symptoms, and whether logs still exist. Do not send passwords in the first message.

Request Ping7 repair help