-
Authenticated scanning should be fairly easy to add, login in and then query the list of installed plugins and core version.
Would be useful for automating daily checks to ensure sites are kept up-to…
-
You are breaking the WPScan license with these commits:
https://github.com/fgeek/pyfiscan/commit/59b5a8c622c4c9052cca5b461793e2931be4766e
and
https://github.com/fgeek/pyfiscan/blob/master/yamls/wor…
-
There have been some changes:
1. New sponsor banner.
2. Fix parent theme infinite loop.
3. Remove malware functionality.
4. Improve plugin version detection.
5. Better plugin readme file detection.
6.…
-
http://www.openwall.com/lists/oss-security/2014/11/11/4
fgeek updated
9 years ago
-
In WPscan, there could be better ways to identify version numbers of plugins. For example, one scan I found responds with this:
```
[32m[+] [0m Name: wp-photo-album
| Location: http://target.org/wp-…
-
Running the latest version of wpscan I got a bunch of findings like this one:
[!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library
Reference: https://wpvulndb.com/vulnerability/7530
Unfortunat…
-
cd /smartbuild/work/wpscan.git && git pull
ruby /smartbuild/work/wpscan.git/wpscan.rb --update --no-color
ruby /smartbuild/work/wpscan.git/wpstools.rb --cvru
[+] Checking vulnerabilities reference …
-
Running against mysite.com I am getting false positives for 2 plugins: feed and lazy-seo.
When I enter the location http://mysite.com/wp-content/plugins/feed I get my RSS feed page.
When I enter the l…
-
- [x] CVE-2012-6653
- [x] CVE-2014-5180
- [x] CVE-2014-5181
- [x] CVE-2014-5182
- [x] CVE-2014-5183
- [x] CVE-2014-5184
- [x] CVE-2014-5185
- [x] CVE-2014-5186
- [x] CVE-2014-5187
- [x] CVE-2014-5188
…
fgeek updated
9 years ago
-
Vulnerability 7745 on the WPScan Vulnerability Database indicates it is exploitable in versions