Scan WP - WordPress Theme and Plugin Detector
Version 2.0 View in Chrome Web Store
Last scanned: 16 days ago
| force re-scan
Extension Details
Developer:
https://scanwp.net/
Rating:
3.9 ★
(55 ratings)
Users:
40,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (40,000), which suggests some level of trust.
- The developer has a dedicated website (https://scanwp.net/), which adds credibility.
- However, the extension has a moderate rating of 3.9 out of 5, indicating potential concerns from users.
Concerns:
- The extension requests the "tabs" permission, which allows it to access and manipulate browser tabs. This permission could potentially be misused for malicious purposes.
- The extension can inject scripts into any website through the use of the "<all_urls>" content script injection. This broad access could enable the extension to read sensitive data, modify website content, or steal credentials.
Recommendations:
- Exercise caution when using this extension, as it has high-risk permissions and broad content script injection capabilities.
- Consider running the extension in a separate Chrome profile or a sandboxed environment to isolate it from your main browsing activities.
- Regularly review the extension's permissions and behavior, and uninstall it if you notice any suspicious activities.
- Look for alternative extensions with similar functionality but fewer permissions or content script injection capabilities.
- If you must use this extension, ensure that you only visit trusted websites while it is active, and avoid entering sensitive information on those sites.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 2 total findings, ranked without considering overall context, including 2 high-risk and 0 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
Security Analysis Details
Required Permissions:
- tabs
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (3 total):
| https://developer.chrome.com/extensions/tabs#type-Tab | https://scanwp.net/extension/?url= | |
| https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Scan WP - WordPress Theme and Plugin Detector", "action": { "default_icon": "icon.png", "default_popup": "Popup.html" }, "version": "2.0", "update_url": "https://clients2.google.com/service/update2/crx", "permissions": [ "tabs" ], "content_scripts": [ { "js": [ "jquery.min.js" ], "run_at": "document_end", "matches": [ "<all_urls>" ] } ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" } }
Secure Annex (beta)
Coming soon...