Closed ssnepenthe closed 3 years ago
Hi @ssnepenthe thanks for your suggestion!
I tried out v2 and it seems requests can be done without an authorization token too. Maybe we can update the package to use v2 instead of v1 if the WPScan team decides to stop maintaining v1. If they also stop maintaining v2, then your suggestion sounds like the most reasonable step to follow.
Definitely something we can improve on!
Yeah looking back at this there probably is no rush considering v1 is still available. Should this issue be closed altogether?
v1 seems to be no longer available and the endpoint returns 404. At the same time, wp vuln scan happily reports no issues. We need to update the package for it to work again. A token parameter seems the proper way to address this.
Seems like this is done but the issue was left open: https://github.com/10up/wp-vulnerability-scanner/commit/59bc7422ee29cf63fc78273d5034e59211f4a656
Agree, this one is done, closing this issue
I'm not sure if this package is still maintained, but it looks like WPVulnDB recently opened up v3 of their API which requires all requests to be sent with an auth token (you are still using v1).
I reached out to the WPScan team who have indicated that they won't be maintaining the older versions indefinitely... It is unclear if they will be blocking access completely.
Maybe the token could be accepted as a command line option (e.g.
--token=asd123
) and the readme could encourage users to set a default value via WP-CLI config?