outdated api - Githubissues

Tuhinshubhra / WPintel

Chrome extension designed for WordPress Vulnerability Scanning and information gathering!

GNU General Public License v3.0

104 stars 29 forks source link

outdated api #1

Open d4op opened 4 years ago

d4op commented 4 years ago

function check_vuln(version){
    show_scanning('../images/crawl_vuln.svg', 'Checking for Version Vulnerabilities...', '4');
    var vuln_ver = version.split(".").join("");
    var vuln_url = 'https://wpvulndb.com/api/v2/wordpresses/' + vuln_ver;

they switched to v3 with apikey. maybe you want to update your script.

d4op commented 4 years ago

var t = new Request("https://wpvulndb.com/api/v3/wordpresses/" + e.split(".").join(""), {
    method: 'GET',
    headers: {'Authorization': 'Token token=XXX'}
});

Tuhinshubhra commented 4 years ago

hey @d4op I am aware of this event and I'm working on a solution so that I don't have to use wpvulndb api at all. anyways thank you for the report i will fix it asap!

d4op commented 4 years ago

btw i see they added plugin vuln check https://wpvulndb.com/api/v3/plugins/eshop so you can add not only the list of plugins, you can display if the plugin in v X got vulns too :)

d4op commented 4 years ago

and theme too curl -H "Authorization: Token token=API_TOKEN" https://wpvulndb.com/api/v3/themes/pagelines

Tuhinshubhra commented 4 years ago

But the problem is every user is rate limited to 50 calls every day which i think is way too less. I am almost done making another alternative solution, stay tuned.