erwanlr
commented
2 years ago We set a Wordpress plugin version to a known vulnerability in the WPScan database. It is expected to find the following vulnerability:
The vulnerabilities you provided are related to WordPress core and not a plugin. If you are expecting WPScan to report those vulnerabilities, then you will have to install the vulnerable version of WordPress and disable the auto updating or it will update to the latest (https://dev.cap5.nl/ is running WP 6.0)
gerardjp
alexsanford
We're seeing different outputs (vulnerability count) on a scanned website of ours when running wpscan on different workstations while using the same API.
My workstation: WPScan version: Current Version: 3.8.22x Ruby version: ruby 2.6.8p205 (2021-07-07 revision 67951) [universal.arm64e-darwin21] OS: macOS Monterey Version 12.4 MacBook Pro (13-inch, M1, 2020)
Steps to reproduce
wpscan --url https://dev.cap5.nl/ --output test_test.json --format json --api-token
wpscan --url https://dev.cap5.nl/ -e vp --plugin-detection mixed --output test_test1.json --format json --api-token
Expected behavior
We set a Wordpress plugin version to a known vulnerability in the WPScan database. It is expected to find the following vulnerability:
"vulnerabilities": [ { "title": "WordPress < 5.8.2 - Expired DST Root CA X3 Certificate", "fixed_in": "5.8.2", "references": { "url": [ "https://wordpress.org/news/2021/11/wordpress-5-8-2-security-and-maintenance-release/", "https://core.trac.wordpress.org/ticket/54207" ], "wpvulndb": [ "cc23344a-5c91-414a-91e3-c46db614da8d" ] } }, { "title": "WordPress < 5.8.3 - SQL Injection via WP_Query", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21661" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84", "https://hackerone.com/reports/1378209" ], "wpvulndb": [ "7f768bcf-ed33-4b22-b432-d1e7f95c1317" ] } }, { "title": "WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21662" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w", "https://hackerone.com/reports/425342", "https://blog.sonarsource.com/wordpress-stored-xss-vulnerability" ], "wpvulndb": [ "dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8" ] } }, { "title": "WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21664" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86" ], "wpvulndb": [ "24462ac4-7959-4575-97aa-a6dcceeae722" ] } }, { "title": "WordPress < 5.8.3 - Super Admin Object Injection in Multisites", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21663" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h", "https://hackerone.com/reports/541469" ], "wpvulndb": [ "008c21ab-3d7e-4d97-b6c3-db9d83f390a7" ] } }, { "title": "WordPress < 5.9.2 - Prototype Pollution in jQuery", "fixed_in": "5.8.4", "references": { "url": [ "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/" ], "wpvulndb": [ "1ac912c1-5e29-41ac-8f76-a062de254c09" ] } }, { "title": "WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution via Gutenberg’s wordpress/url package", "fixed_in": "5.8.4", "references": { "url": [ "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/", "https://github.com/WordPress/gutenberg/pull/39365/files" ], "wpvulndb": [ "6e61b246-5af1-4a4f-9ca8-a8c87eb2e499" ] } } ]
Actual behavior
My WPScan doesn't return the vulnerability.
"vulnerabilities": [
Things I have tried
WPScan is updated to the lateset version brew upgrade ruby gives: Warning: ruby 3.1.2 already installed
curl https://dev.cap5.nl/ gives: <!DOCTYPE html>
Maintenance mode
Sorry for the inconvenience.
Our website is currently undergoing scheduled maintenance.
Thank you for your understanding.
I proxied the scan and it said that the site is down. Which is not true, it is currently under maintenance.