Closed kp-emagine closed 5 years ago
CMSScan use wpscan for scanning Wordpress sites. If there is an issue in the scan result, you need to contact wpscan team.
I have contacted them, because I have 0 issues using their tool scanning this site, they are pushing back on me to come back to you to re-open this issue
This is exactly how we run the tool for WordPress. Try this manually.
wpscan --url <url> --no-banner -f json --force -e vp,vt --plugins-detection mixed --rua
There is a change in latest master. You might want to pull that as well.
latest master for? CMSScan? I get the same results running your last query
Yes latest master of CMSScan.
And that's what I am saying. We are not changing or adding to the result from CMSScan, but just using wpscan to do the scan. The result generated is by wpscan. CMSScan just collects and store it.
i mentioned it to them.
I have tested against a specific site, the results are a bit strange and I am pretty confused by it.
Per the results, the site I scanned contains a Wordpress Plugin called Tweet Blender, and is on a vulnerable version of it.
I can confirm, that, that plugin does not exist on their site, nor has it ever existed on their site. On top of this the host would not allow it
"plugins": { "tweet-blender": { "slug": "tweet-blender", "location": "https://www.mysite.com/wp-content/plugins/tweet-blender/", "latest_version": "4.0.2", "last_updated": "2013-11-13T08:18:00.000Z", "outdated": false, "readme_url": null, "changelog_url": null, "directory_listing": false, "error_log_url": null, "found_by": "Known Locations (Aggressive Detection)", "confidence": 80, "interesting_entries": [
},
Please advise
You closed my other Issue Request stating I need to check with another developer with a separate piece of software, however, this issue was not caused by using there's... it was caused by using this one, and yours