search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.49k stars 1.25k forks source link

false positive on Monarch plugin #1527

Closed truesamurai closed 4 years ago

truesamurai commented 4 years ago

False positive on Monarch (divi plugin by elegant themes)

When doing wpscan on my company website I get a vulnerability identified on Monarch plugin. It says: [+] monarch | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection)

[!] 1 vulnerability identified:
[!] Title: ElegantThemes - Privilege Escalation
Fixed in: 1.2.7

But when I check my website then I see I already have version 1.4.12 of this plugin. So the wpscan i giving a false positive

Your environment

Steps to reproduce

I scanned my company website for vulnerabilities

Expected behavior

I should not says that Monarch is vulnerable, the version given by wpscan is wrong.

Actual behavior

It gives me a false positive

What have you already tried

scanned again , checked i was using API for sure

Things you have tried (where relevant):

erwanlr commented 4 years ago

the version given by wpscan is wrong.

I don't see the version given in the output, could you paste it please ?

truesamurai commented 4 years ago

the version given by wpscan is wrong.

I don't see the version given in the output, could you paste it please ?

[+] monarch Location: xxxxxxxxx
Found By: Urls In Homepage (Passive Detection)
Confirmed By: Urls In 404 Page (Passive Detection)
[!] 1 vulnerability identified:
[!] Title: ElegantThemes - Privilege Escalation
Fixed in: 1.2.7
References:
- https://wpvulndb.com/vulnerabilities/8394
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11002
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11004
- http://www.pritect.net/blog/elegant-themes-security-vulnerability
- http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
The version could not be determined.

So it says the version could not be determined, but it says fixed in version 1.2.7 while I have 1.4.12

erwanlr commented 4 years ago

| The version could not be determined.

So there is why. WPScan could not determine the version, hence the vulnerability being output.

erwanlr commented 4 years ago

I've added version detection for this plugin. Just update wpscan DB with wpscan --update to get it.

Please note that success will vary depending on the hardening of the blog and CLI option used to scan (especially the --plugins-version-detection one).