WordPress v6.4.3 wrongly detected as v6.4.2 resulting in a false positive alert

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

https://wpscan.com/wordpress-cli-scanner

Other

8.37k stars 1.24k forks source link

WordPress v6.4.3 wrongly detected as v6.4.2 resulting in a false positive alert #1830

Closed andrei-a-papou closed 5 months ago

andrei-a-papou commented 5 months ago

Subject of the issue

WordPress v6.4.3 wrongly detected as v6.4.2 resulting in a false positive alert and failing tests.

Your environment

Version of WPScan: 3.8.25
Operating System (OS): Debian 11.8

Steps to reproduce

Run a scan against fully updated WordPress v6.4.3.

Expected behavior

No vulnerabilities should be reported against WordPress core.

Actual behavior

We get a false positive, possibly based on an obsolete checksum: https://i.imgur.com/WYE9xei.png

erwanlr commented 5 months ago

Update the checksum data with wpscan --update then re-run the scan ;)

andrei-a-papou commented 5 months ago

Works now, thanks. Shouldn't the fingerprints be pushed automatically? ;)