Skip to content

@erwanlr erwanlr released this Nov 11, 2019 · 26 commits to master since this release

  • Fixed DB Exports not detected in some cases - Ref #1426
Assets 2

@erwanlr erwanlr released this Nov 5, 2019 · 30 commits to master since this release

  • Fixed Incorrect wp-content detected from links in homepage - Ref #1412
  • Fixed exception raised by old version of activesupport in some cases - Ref #1419
  • WPScan can now run on Windows, thanks @Reelix - Ref wpscanteam/CMSScanner#114
  • Adds detection of WP, Plugins, Themes, Main Themes and their versions from 404
Assets 2

@erwanlr erwanlr released this Oct 11, 2019 · 51 commits to master since this release

  • Fixed Incorrect parsing of theme data when new lines before/after comments were stripped from the CSS file - Ref #1404
  • Improved passive detection of WordPress
  • Default wp-content location is now checked regardless of the detection mode choose, if the directory could not be detected passively
  • Fixed empty username returned in some cases when detected via Author ID brute forcing.
  • Fixed an issue where some plugins/themes were not detected when using he --scope option
  • Fixed incorrect detection of the wp-content folder in some cases - Ref #1411
Assets 2

@erwanlr erwanlr released this Sep 25, 2019 · 73 commits to master since this release

  • Fixed Registration Link to WpVulnDB API - Thanks @noplanman, Ref #1397
  • --plugins-threshold and --themes-threshold CLI options moved to the advanced section of the help (--hh) - Ref #1399
Assets 2

@erwanlr erwanlr released this Sep 16, 2019 · 78 commits to master since this release

  • Fixed crash when a theme or plugin detected had dots in their slug
  • Updated enumeration help message which displayed that p/t would enumerate plugins/themes rather than popular plugins/popular themes.
  • Login requests are no longer cached - Ref #1395
Assets 2

@erwanlr erwanlr released this Sep 13, 2019 · 87 commits to master since this release

  • Vulnerabilities retrieved from the API directly (requires an API Token). Other data, such as latest plugin version etc is also retrieved from API when Token is provided (otherwise it will be from the local DB).
  • Removed Secunia and OSVDB references (via CMSScanner 0.5.8)
  • Updated packetstorm and securityfocus reference URLs to use HTTPS rather than HTTP (via CMSScanner 0.5.8)
  • Removed sitepress-multilingual-cms DF causing False Positive - Ref #1386
  • 404 are now ignored with the BodyPatten DF - Ref #1386
  • The --disable-tls-checks now tries to downgrade to TLSv1 to avoid SSL errors - Ref #1380
Assets 2

@erwanlr erwanlr released this Aug 6, 2019 · 114 commits to master since this release

Fixed unhandled error when performing password attack against wp-login.php and a 302 response only contained one cookie - Ref #1378

Assets 2

@erwanlr erwanlr released this Jul 31, 2019 · 119 commits to master since this release

  • Added the Referer header to all requests to target blog - Ref #1376
  • Added long option name in errors raised when loading an invalid option value from a file - Ref wpscanteam/OptParseValidator#33
Assets 2

@erwanlr erwanlr released this Jul 23, 2019 · 123 commits to master since this release

  • User Agent when updating the DB is now the default one (WPScan v<VERSION> (https://wpscan.org/))
  • Fixed crash when theme or plugin slug contain illegal characters to create a class - #1374
Assets 2

@erwanlr erwanlr released this Jul 11, 2019 · 133 commits to master since this release

  • Reduces starting time by not creating all DF. Plugin and Theme Versions DF are now created when they are needed.
  • Fixes a bug where stats were not being displayed in some cases upon error in threads
  • Fixes long generation time of target urls before enumeration when the blog had no sub directory detected.

Dev:

  • Potential Readme filenames can now be overridden via the DF config, leading to less requests done when looking for Readmes, and avoiding false positive due to old readme files which were checked first - #1364
  • Some DF methods renamed to avoid confusion with DB methods (ie #db_data -> #df_data)
Assets 2
You can’t perform that action at this time.