WPscan 3.7.5 not finding vulnerabilities

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

https://wpscan.com/wordpress-cli-scanner

Other

8.49k stars 1.25k forks source link

WPscan 3.7.5 not finding vulnerabilities #1431

Closed meir555 closed 4 years ago

meir555 commented 4 years ago

I scanned the same wp site with wpscan v3.7.5 and 2.9.4

The 2.9.4 version found many vulnerabilities and the 3.7.5 version did not find anything

Here is the scan from the 2.9.4 version: https://pastebin.com/acn4tnpv

And here is the scan with 3.7.5 version https://pastebin.com/d1sXn52L

erwanlr commented 4 years ago

From the 3.7.5 output you provided, at the bottom:

[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.

meir555 commented 4 years ago

@erwanlr Thanks, And 2.9.4 does not need an api-token? Or does it use a local database?

erwanlr commented 4 years ago

versions < 3.7.0 do not need an API Token, however do not benefit from the latest vulnerabilities, and those versions will not work after February 1st next year, see https://blog.wpscan.org/wpscan/deprecation/2019/11/25/old-wpscan-deprecation.html

igorogi1000 commented 4 years ago

so sad