Open yeukhon opened 10 years ago
It would be nice if we can expose this
wordpress
version:
is_multi_site
is_outdated
readme_exists
theme
vulnerability [
title
references: [ ]
]
plugins = [
{
name
vulnerability:
title
references: [ ]
}
]
themes = [
{
name:
vulnerability:
title
references: [ ]
in_use: true/false
}
]
users = [
{
id
login
name
password
}
]
Something like this:
{
"wordpress": {
"version": "3.8",
"is_multi_site": false,
"is_outdated": false,
"readme_exists": true,
"theme": "twentyten",
"vulnerabilities": [
{
"title": "wp-admin/link-manager.php Multiple Parameter SQL Injection",
"references": [
"http://secunia.com/advisories/45099",
"http://osvdb.org/73723",
"http://www.exploit-db.com/exploits/17465/"
],
"fixed_since": "3.1.4"
}
]
},
"plugins": [
{
"name": "advanced-custom-fields",
"vulnerabilities": {
"title": "Advanced Custom Fields <= 3.5.1 - Remote File Inclusion",
"references": [
"http://packetstormsecurity.com/files/119221/",
"http://www.exploit-db.com/exploits/23856/"
],
"fixed_since": "3.5.2"
}
}
],
"themes": [
{
"name": "xxxxx",
"vulnerabilities": {}
}
],
"users": [
{
"id": "1",
"login": "admin",
"name": "admin",
"password": ""
},
{
"id": "2",
"login": "bob",
"name": "Bob",
"password": "123456"
}
]
}
When there are no vulnerabilities, the dict remains empty.
{
"wordpress": {
"version": "",
"is_multi_site": False,
"is_outdated": False,
"readme_exists": True,
"theme": "",
"vulnerabilities": [
{
"title": "",
"references": [
],
"fixed_since": ""
}
]
},
"plugins": [
{
"name": "",
"vulnerabilities": {
"title": "",
"references": [
],
"fixed_since": ""
}
}
],
"themes": [
{
"name": "",
"vulnerabilities": {}
}
],
"users": [
{
"id": "",
"login": "",
"name": "",
"password": ""
}
]
These are the issues we probably should expose.