Skip to content

Releases: wpscanteam/wpscan

v3.7.10

09 Mar 19:04
Compare
Choose a tag to compare
  • Message added to error raised when there is a checksum mismatch during update, asking the user to try again in a few minute.
  • Fixes non detection of plugins/themes when the main 404 is a redirection and the plugins/themes checked return empty 200 responses
  • API Token can now be loaded from the ENV variable WPSCAN_API_TOKEN if present.

v3.7.9

29 Feb 13:29
Compare
Choose a tag to compare
  • Avoid sending irrelevant request params (such as cookies and headers) when updating and checking VulnAPI - Ref #1451
  • Target IP address added to output - Ref #1088
  • Time to detect non WP sites greatly reduced when there are a lot of links in the homepage.
  • Passive scanning time reduced when there are a lot of links in the homepage.

v3.7.8

09 Feb 13:33
Compare
Choose a tag to compare
  • Fixed Issue with CF-Connecting-IP header provided in CLI which was also sent to VulnAPI - #1451

v3.7.7

21 Jan 16:17
Compare
Choose a tag to compare
  • Fixed rare crash due to conflict between slugs and API endpoints
  • Fixed Incorrect RDF URLs detection

v3.7.6

02 Jan 15:32
Compare
Choose a tag to compare
  • Status code from responses are now displayed as interesting entries for KnownLocation finders
  • Code updated to be compatible with ruby 2.7+

v3.7.5

11 Nov 12:45
Compare
Choose a tag to compare
  • Fixed DB Exports not detected in some cases - Ref #1426

v3.7.4

05 Nov 20:11
Compare
Choose a tag to compare
  • Fixed Incorrect wp-content detected from links in homepage - Ref #1412
  • Fixed exception raised by old version of activesupport in some cases - Ref #1419
  • WPScan can now run on Windows, thanks @Reelix - Ref wpscanteam/CMSScanner#114
  • Adds detection of WP, Plugins, Themes, Main Themes and their versions from 404

v3.7.3

11 Oct 14:26
Compare
Choose a tag to compare
  • Fixed Incorrect parsing of theme data when new lines before/after comments were stripped from the CSS file - Ref #1404
  • Improved passive detection of WordPress
  • Default wp-content location is now checked regardless of the detection mode choose, if the directory could not be detected passively
  • Fixed empty username returned in some cases when detected via Author ID brute forcing.
  • Fixed an issue where some plugins/themes were not detected when using he --scope option
  • Fixed incorrect detection of the wp-content folder in some cases - Ref #1411

v3.7.2

25 Sep 15:24
Compare
Choose a tag to compare
  • Fixed Registration Link to WpVulnDB API - Thanks @noplanman, Ref #1397
  • --plugins-threshold and --themes-threshold CLI options moved to the advanced section of the help (--hh) - Ref #1399

v3.7.1

16 Sep 12:44
Compare
Choose a tag to compare
  • Fixed crash when a theme or plugin detected had dots in their slug
  • Updated enumeration help message which displayed that p/t would enumerate plugins/themes rather than popular plugins/popular themes.
  • Login requests are no longer cached - Ref #1395