Closed GHA193 closed 2 years ago
| Found By: Urls In Homepage (Passive Detection)
Which means that in the homepage of the blog, there is something like https://mywebsite.org/wp-content/plugins/user-access-manager/
, usually the plugin loading CSS/JS etc there. The 500 from checking https://mywebsite.org/wp-content/plugins/user-access-manager/
directly were ignored as not reported in the output.
The vulnerabilities are reported because the version could not be determined
Alright, thanks for your help.
Description
Added --exclude-content-based 'Internal Server Error' option, plugins with status code 500 will also report vulnerabilities. Please advise.
Your environment
Version of WPScan: Docker latest version (3.8.20)
Command
docker run --rm -v /tmp/wpscandb:/wpscan/.wpscan/db wpscanteam/wpscan --force --ignore-main-redirect --disable-tls-checks -f cli -e vt,vp --ua customer_ua --api-token mytoken --proxy http://proxyip:port --exclude-content-based Internal Server Error --url https://mywebsite.org/
Output