Skip to content

Releases: wpscanteam/wpscan

2.9.3

19 Jul 13:25
@firefart firefart
2.9.3
641108e
This commit was signed with the committer’s verified signature.
firefart Christian Mehlmauer
GPG key ID: DCF54A05D6E62591
Learn about vigilant mode.
Compare
Choose a tag to compare
2.9.3

Released: 2017-07-19

  • Updated dependencies and required ruby version
  • Made some changes so wpscan works in ruby 2.4
  • Added a Gemfile.lock to lock all dependencies
  • You can now pass a wordlist from stdin via "--wordlist -"
  • Improved version detection regexes
  • Added an optional paramter to --log to specify a filename

WPScan Database Statistics:

  • Total tracked wordpresses: 251
  • Total tracked plugins: 68818
  • Total tracked themes: 15132
  • Total vulnerable wordpresses: 243
  • Total vulnerable plugins: 1527
  • Total vulnerable themes: 280
  • Total wordpress vulnerabilities: 5263
  • Total plugin vulnerabilities: 2406
  • Total theme vulnerabilities: 349
Assets 2
Loading

2.9.2

15 Nov 19:53
@ethicalhack3r ethicalhack3r
2.9.2
2bff063
Compare
Choose a tag to compare
2.9.2

Released: 2016-11-15

  • Fixed error when detecting plugins with UTF-8 characters
  • Use all possible finders to verify a detected version
  • Fix error when detecting a WordPress version not in our database
  • Added some additional clarification on error messages
  • Upgrade terminal-table gem
  • Add --cache-dir option
  • Add --disable-tls-checks options
  • Improve/add additional plugin passive detections
  • Remove scripts when calculating page hashes
  • Many other small bug fixes.

WPScan Database Statistics:

  • Total tracked wordpresses: 194
  • Total tracked plugins: 63703
  • Total tracked themes: 13835
  • Total vulnerable wordpresses: 177
  • Total vulnerable plugins: 1382
  • Total vulnerable themes: 379
  • Total wordpress vulnerabilities: 2617
  • Total plugin vulnerabilities: 2190
  • Total theme vulnerabilities: 452
Assets 2
Loading

2.9.1

06 May 12:00
@firefart firefart
2.9.1
f832e27
This commit was signed with the committer’s verified signature.
firefart Christian Mehlmauer
GPG key ID: DCF54A05D6E62591
Learn about vigilant mode.
Compare
Choose a tag to compare
2.9.1

Released: 2016-05-06

  • Update to Ruby 2.3.1, drop older ruby support
  • New data file location
  • Added experimental Windows support
  • Display WordPress metadata on the detected version
  • Several small fixes

WPScan Database Statistics:

  • Total vulnerable versions: 156
  • Total vulnerable plugins: 1324
  • Total vulnerable themes: 376
  • Total version vulnerabilities: 1998
  • Total plugin vulnerabilities: 2057
  • Total theme vulnerabilities: 449
Assets 2
Loading

Release - 2.9

15 Oct 11:08
@ethicalhack3r ethicalhack3r
2.9
361c96d
Compare
Choose a tag to compare
Release - 2.9

Released: 2015-10-15

New

  • GZIP Encoding in updater
  • Adds --throttle option to throttle requests
  • Uses new API and local database file structure
  • Adds last updated and latest version to plugins and themes

Removed

  • ArchAssault from README
  • APIv1 local databases

General core

  • Update to Ruby 2.2.3
  • Use yajl-ruby as JSON parser
  • New dependancy for Ubuntu 14.04 (libgmp-dev)
  • Use Travis container based infra and caching

Fixed issues

  • Fix #835 - Readme requests to wp root dir
  • Fix #836 - Critical icon output twice when the site is not running WP
  • Fix #839 - Terminal-table dependency is broken
  • Fix #841 - error: undefined method `cells' for #Array:0x000000029cc2f8
  • Fix #852 - GZIP Encoding in updater
  • Fix #853 - APIv2 integration
  • Fix #858 - Detection FP
  • Fix #873 - false positive "site has Must Use Plugins"

WPScan Database Statistics:

  • Total vulnerable versions: 132
  • Total vulnerable plugins: 1170
  • Total vulnerable themes: 368
  • Total version vulnerabilities: 1476
  • Total plugin vulnerabilities: 1913
  • Total theme vulnerabilities: 450
Assets 2
Loading

Maintenance Release - 2.8

22 Jun 17:02
@ethicalhack3r ethicalhack3r
2.8
5902a48
Compare
Choose a tag to compare
Maintenance Release - 2.8

Version 2.8

Released: 2015-06-22

New

  • Warn the user to update his DB files
  • Added last db update to --version option (see #815)
  • Add db checksum to verbose logging during update
  • Option to hide banner
  • Continue if user chooses not to update + db exists
  • Don't update if user chooses default + no DBs exist
  • Updates request timeout values to realistic ones (and in seconds)

Removed

  • Removed Time.parse('2000-01-01') expedient
  • Removed unnecessary 'return' and '()'
  • Removed debug output
  • Removed wpstools

General core

  • Update to Ruby 2.2.2
  • Switch to mitre
  • Install bundler gem README
  • Switch from gnutls to openssl

Fixed issues

  • Fix #789 - Add blackarch to readme
  • Fix #790 - Consider the target down after 30 requests timed out requests instead of 10
  • Fix #791 - Rogue character causing the scan of non-wordpress site to crash
  • Fix #792 - Adds the HttpError exception
  • Fix #795 - Remove GHOST warning
  • Fix #796 - Do not swallow exit code
  • Fix #797 - Increases the timeout values
  • Fix #801 - Forces UTF-8 encoding when enumerating usernames
  • Fix #803 - Increases default connect-timeout to 10s
  • Fix #804 - Updates the Theme detection pattern
  • Fix #816 - Ignores potential non version chars in theme version detection
  • Fix #819 - Removes potential spaces in robots.txt entries

WPScan Database Statistics:

  • Total vulnerable versions: 98
  • Total vulnerable plugins: 1076
  • Total vulnerable themes: 361
  • Total version vulnerabilities: 1104
  • Total plugin vulnerabilities: 1763
  • Total theme vulnerabilities: 443
Assets 2
Loading