erwanlr
commented
9 years ago Unable to reproduce. I installed YARPP 4.2.4 & wp-socializer 2.4.4, ran a scan then updated them re-ran a scan, versions are correctly detected.
Note: The plugin version is displayed along with the plugin name, and not in the vulnerability title
[+] Name: wp-socializer - v2.4.9.8
| Location: http://wp.lab/wordpress-4.2/wp-content/plugins/wp-socializer/
| Readme: http://wp.lab/wordpress-4.2/wp-content/plugins/wp-socializer/readme.txt
[!] Directory listing is enabled: http://wp.lab/wordpress-4.2/wp-content/plugins/wp-socializer/
[!] Title: WP Socializer 2.4.2 - admin/wpsr-services-selector.php val Parameter XSS
Reference: https://wpvulndb.com/vulnerabilities/7053
Reference: https://secunia.com/advisories/49824/
Reference: http://osvdb.org/show/osvdb/83645The vulnerability affecting the 2.4.2 is displayed there as we were not aware of a fix, I have checked and this issue has been resolved in the 2.4.3. I have update the DB to reflect that, hence the issue will not be displayed if the detected version is >= 2.4.3 (will require an ./wpscan.rb --update)
Back to your issue, can you post the output of the identified plugins ?
JayKey
tl;dr: Wpscan finds YARPP in version 4.2.4 while I have latest one (4.2.5) installed.
While scanning Wpscan finds YARPP in version 4.2.4. First time around that was correct. After the scan I updated each plugin and base Wordpress. I run another scan, and Wpscan still shows YARPP to be in version 4.2.4 when it's in 4.2.5 version according to Wordpress backend. Is there some issue with finding YARPP version in Wpscan or something is wrong on Wordpress end?
I have the same issue with WP Socializer, Wpscan shows 2.4.2, Wordpress - 2.4.9.8.