False Positive

[kp-emagine]

I have tested against a specific site, the results are a bit strange and I am pretty confused by it.

Per the results, the site I scanned contains a Wordpress Plugin called Tweet Blender, and is on a vulnerable version of it.

I can confirm, that, that plugin does not exist on their site, nor has it ever existed on their site. On top of this the host would not allow it

"plugins": {
    "tweet-blender": {
      "slug": "tweet-blender",
      "location": "https://www.mysite.com/wp-content/plugins/tweet-blender/",
      "latest_version": "4.0.2",
      "last_updated": "2013-11-13T08:18:00.000Z",
      "outdated": false,
      "readme_url": null,
      "changelog_url": null,
      "directory_listing": false,
      "error_log_url": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [

      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Tweet Blender 4.0.1 - Unspecified XSS",
          "fixed_in": "4.0.2",
          "references": {
            "cve": [
              "2013-6342"
            ],
            "secunia": [
              "55780"
            ],
            "url": [
              "http://packetstormsecurity.com/files/124047/"
            ],
            "wpvulndb": [
              "6981"
            ]
          }
        }
      ],
      "version": null
    }
  },

Please advise

[ajinabraham]

You might want to report this to WPScan https://github.com/wpscanteam/wpscan

[kp-emagine]

Am I understanding that you are no longer developing this? Because this issue was discovered by using yours, and not wpscan

[ajinabraham]

@kp-emagine CMSScan uses wpscan for wordpress.