Closed luuk2205 closed 11 months ago
We set a Wordpress plugin version to a known vulnerability in the WPScan database. It is expected to find the following vulnerability:
The vulnerabilities you provided are related to WordPress core and not a plugin. If you are expecting WPScan to report those vulnerabilities, then you will have to install the vulnerable version of WordPress and disable the auto updating or it will update to the latest (https://dev.cap5.nl/ is running WP 6.0)
The vulnerabilities you provided are related to WordPress core and not a plugin. If you are expecting WPScan to report those vulnerabilities, then you will have to install the vulnerable version of WordPress and disable the auto updating or it will update to the latest (https://dev.cap5.nl/ is running WP 6.0)
Interesting. What you are saying is that plugin vulnerabilities are WP version dependant? Running a newer WP version then makes the older plugin vulnerabilities void?
No, that's not what I am saying at all.
You said you installed a vulnerable plugin and were expecting some vulnerabilities to be reported about it. However, the vulnerabilities you gave here as the ones you are expecting are NOT from a plugin, they are from WP core
Closing this, given it appears the test was not conducted correctly. Feel free to reopen if the issue is still occurring!
We're seeing different outputs (vulnerability count) on a scanned website of ours when running wpscan on different workstations while using the same API.
My workstation: WPScan version: Current Version: 3.8.22x Ruby version: ruby 2.6.8p205 (2021-07-07 revision 67951) [universal.arm64e-darwin21] OS: macOS Monterey Version 12.4 MacBook Pro (13-inch, M1, 2020)
Steps to reproduce
wpscan --url https://dev.cap5.nl/ --output test_test.json --format json --api-token
wpscan --url https://dev.cap5.nl/ -e vp --plugin-detection mixed --output test_test1.json --format json --api-token
Expected behavior
We set a Wordpress plugin version to a known vulnerability in the WPScan database. It is expected to find the following vulnerability:
"vulnerabilities": [ { "title": "WordPress < 5.8.2 - Expired DST Root CA X3 Certificate", "fixed_in": "5.8.2", "references": { "url": [ "https://wordpress.org/news/2021/11/wordpress-5-8-2-security-and-maintenance-release/", "https://core.trac.wordpress.org/ticket/54207" ], "wpvulndb": [ "cc23344a-5c91-414a-91e3-c46db614da8d" ] } }, { "title": "WordPress < 5.8.3 - SQL Injection via WP_Query", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21661" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84", "https://hackerone.com/reports/1378209" ], "wpvulndb": [ "7f768bcf-ed33-4b22-b432-d1e7f95c1317" ] } }, { "title": "WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21662" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w", "https://hackerone.com/reports/425342", "https://blog.sonarsource.com/wordpress-stored-xss-vulnerability" ], "wpvulndb": [ "dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8" ] } }, { "title": "WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21664" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86" ], "wpvulndb": [ "24462ac4-7959-4575-97aa-a6dcceeae722" ] } }, { "title": "WordPress < 5.8.3 - Super Admin Object Injection in Multisites", "fixed_in": "5.8.3", "references": { "cve": [ "2022-21663" ], "url": [ "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h", "https://hackerone.com/reports/541469" ], "wpvulndb": [ "008c21ab-3d7e-4d97-b6c3-db9d83f390a7" ] } }, { "title": "WordPress < 5.9.2 - Prototype Pollution in jQuery", "fixed_in": "5.8.4", "references": { "url": [ "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/" ], "wpvulndb": [ "1ac912c1-5e29-41ac-8f76-a062de254c09" ] } }, { "title": "WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution via Gutenberg’s wordpress/url package", "fixed_in": "5.8.4", "references": { "url": [ "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/", "https://github.com/WordPress/gutenberg/pull/39365/files" ], "wpvulndb": [ "6e61b246-5af1-4a4f-9ca8-a8c87eb2e499" ] } } ]
Actual behavior
My WPScan doesn't return the vulnerability.
"vulnerabilities": [
Things I have tried
WPScan is updated to the lateset version brew upgrade ruby gives: Warning: ruby 3.1.2 already installed
curl https://dev.cap5.nl/ gives: <!DOCTYPE html>
Maintenance mode
Sorry for the inconvenience.
Our website is currently undergoing scheduled maintenance.
Thank you for your understanding.
I proxied the scan and it said that the site is down. Which is not true, it is currently under maintenance.