Scan WP - WordPress Theme and Plugin Detector
Version 2.0 View in Chrome Web Store
Last scanned: about 3 hours ago
Extension Details
Developer:
OK Digital LTD.
Rating:
3.9 ★
(55 ratings)
Users:
30,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: The extension has a moderate user base of 30,000 users and a decent rating of 3.9/5, suggesting some level of community acceptance. The developer OK Digital LTD appears to be a legitimate company. The extension's stated purpose of detecting WordPress themes and plugins is a legitimate use case for web developers and security professionals.
Concerns: The extension exhibits concerning permission patterns that exceed what would typically be necessary for WordPress detection. The tabs permission combined with content script injection across all URLs creates a powerful surveillance capability. While WordPress detection could theoretically require accessing website source code, the broad scope of permissions suggests the extension could monitor all browsing activity, not just WordPress sites. The ability to inject scripts into any website poses significant privacy and security risks, as it could potentially capture sensitive information like login credentials, personal data, or financial information from any site visited.
Recommendations: Given the high-risk permission combination, consider running this extension in a separate Chrome profile dedicated solely to WordPress development work. Only enable the extension when actively analyzing WordPress sites, and disable it during regular browsing. Alternatively, consider using online WordPress detection tools or browser developer tools for occasional use instead of installing this extension. If you must use it, regularly review your browsing data and consider using it only on test sites rather than production environments.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
Security Analysis Details
Required Permissions:
- tabs
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (3 total):
| https://developer.chrome.com/extensions/tabs#type-Tab | https://scanwp.net/extension/?url= | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Scan WP - WordPress Theme and Plugin Detector", "action": { "default_icon": "icon.png", "default_popup": "Popup.html" }, "version": "2.0", "update_url": "https://clients2.google.com/service/update2/crx", "permissions": [ "tabs" ], "content_scripts": [ { "js": [ "jquery.min.js" ], "run_at": "document_end", "matches": [ "<all_urls>" ] } ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -