wpscanteam/wpscan

• Fixed Incorrect wp-content detected from links in homepage - Ref #1412
• Fixed exception raised by old version of activesupport in some cases - Ref #1419
• WPScan can now run on Windows, thanks @Reelix - Ref wpscanteam/CMSScanner#114
• Adds detection of WP, Plugins, Themes, Main Themes and their versions from 404

• Fixed Incorrect parsing of theme data when new lines before/after comments were stripped from the CSS file - Ref #1404
• Improved passive detection of WordPress
• Default wp-content location is now checked regardless of the detection mode choose, if the directory could not be detected passively
• Fixed empty username returned in some cases when detected via Author ID brute forcing.
• Fixed an issue where some plugins/themes were not detected when using he --scope option
• Fixed incorrect detection of the wp-content folder in some cases - Ref #1411

• Fixed Registration Link to WpVulnDB API - Thanks @noplanman, Ref #1397
• --plugins-threshold and --themes-threshold CLI options moved to the advanced section of the help (--hh) - Ref #1399

• Fixed crash when a theme or plugin detected had dots in their slug
• Updated enumeration help message which displayed that p/t would enumerate plugins/themes rather than popular plugins/popular themes.
• Login requests are no longer cached - Ref #1395

• Vulnerabilities retrieved from the API directly (requires an API Token). Other data, such as latest plugin version etc is also retrieved from API when Token is provided (otherwise it will be from the local DB).
• Removed Secunia and OSVDB references (via CMSScanner 0.5.8)
• Updated packetstorm and securityfocus reference URLs to use HTTPS rather than HTTP (via CMSScanner 0.5.8)
• Removed sitepress-multilingual-cms DF causing False Positive - Ref #1386
• 404 are now ignored with the BodyPatten DF - Ref #1386
• The --disable-tls-checks now tries to downgrade to TLSv1 to avoid SSL errors - Ref #1380

Fixed unhandled error when performing password attack against wp-login.php and a 302 response only contained one cookie - Ref #1378

• Added the Referer header to all requests to target blog - Ref #1376
• Added long option name in errors raised when loading an invalid option value from a file - Ref wpscanteam/OptParseValidator#33

• User Agent when updating the DB is now the default one (WPScan v<VERSION> (https://wpscan.org/))
• Fixed crash when theme or plugin slug contain illegal characters to create a class - #1374

• Reduces starting time by not creating all DF. Plugin and Theme Versions DF are now created when they are needed.
• Fixes a bug where stats were not being displayed in some cases upon error in threads
• Fixes long generation time of target urls before enumeration when the blog had no sub directory detected.

Dev:

• Potential Readme filenames can now be overridden via the DF config, leading to less requests done when looking for Readmes, and avoiding false positive due to old readme files which were checked first - #1364
• Some DF methods renamed to avoid confusion with DB methods (ie #db_data -> #df_data)