v3.7.9

• Avoid sending irrelevant request params (such as cookies and headers) when updating and checking VulnAPI - Ref #1451
• Target IP address added to output - Ref #1088
• Time to detect non WP sites greatly reduced when there are a lot of links in the homepage.
• Passive scanning time reduced when there are a lot of links in the homepage.

v3.7.8

• Fixed Issue with CF-Connecting-IP header provided in CLI which was also sent to VulnAPI - #1451

v3.7.7

• Fixed rare crash due to conflict between slugs and API endpoints
• Fixed Incorrect RDF URLs detection

v3.7.6

• Status code from responses are now displayed as interesting entries for KnownLocation finders
• Code updated to be compatible with ruby 2.7+

v3.7.5

• Fixed DB Exports not detected in some cases - Ref #1426

v3.7.4

• Fixed Incorrect wp-content detected from links in homepage - Ref #1412
• Fixed exception raised by old version of activesupport in some cases - Ref #1419
• WPScan can now run on Windows, thanks @Reelix - Ref wpscanteam/CMSScanner#114
• Adds detection of WP, Plugins, Themes, Main Themes and their versions from 404

v3.7.3

• Fixed Incorrect parsing of theme data when new lines before/after comments were stripped from the CSS file - Ref #1404
• Improved passive detection of WordPress
• Default wp-content location is now checked regardless of the detection mode choose, if the directory could not be detected passively
• Fixed empty username returned in some cases when detected via Author ID brute forcing.
• Fixed an issue where some plugins/themes were not detected when using he --scope option
• Fixed incorrect detection of the wp-content folder in some cases - Ref #1411

v3.7.2

• Fixed Registration Link to WpVulnDB API - Thanks @noplanman, Ref #1397
• --plugins-threshold and --themes-threshold CLI options moved to the advanced section of the help (--hh) - Ref #1399

v3.7.1

• Fixed crash when a theme or plugin detected had dots in their slug
• Updated enumeration help message which displayed that p/t would enumerate plugins/themes rather than popular plugins/popular themes.
• Login requests are no longer cached - Ref #1395

v3.7.0

• Vulnerabilities retrieved from the API directly (requires an API Token). Other data, such as latest plugin version etc is also retrieved from API when Token is provided (otherwise it will be from the local DB).
• Removed Secunia and OSVDB references (via CMSScanner 0.5.8)
• Updated packetstorm and securityfocus reference URLs to use HTTPS rather than HTTP (via CMSScanner 0.5.8)
• Removed sitepress-multilingual-cms DF causing False Positive - Ref #1386
• 404 are now ignored with the BodyPatten DF - Ref #1386
• The --disable-tls-checks now tries to downgrade to TLSv1 to avoid SSL errors - Ref #1380