diff --git a/wp-content/plugins/wpscan/app/Checks/System.php b/wp-content/plugins/wpscan/app/Checks/System.php
index 340fdc5d..e07dc083 100644
--- a/wp-content/plugins/wpscan/app/Checks/System.php
+++ b/wp-content/plugins/wpscan/app/Checks/System.php
@@ -24,6 +24,7 @@ class System {
// Current running events.
public $current_running = '';
+
/**
* A list of registered checks.
*
@@ -158,51 +159,12 @@ class System {
}
}
- /**
- * List vulnerabilities in the report.
- *
- * @param object $check - The check instance.
- *
- * @access public
- * @return string
- * @since 1.0.0
- *
- */
- public function list_check_vulnerabilities( $instance ) {
- $vulnerabilities = $instance->get_vulnerabilities();
- $count = $instance->get_vulnerabilities_count();
- $ignored = $this->parent->get_ignored_vulnerabilities();
-
- $not_checked_text = __( 'Not checked yet. Click the Run button to run a scan', 'wpscan' );
-
- if ( ! isset( $vulnerabilities ) ) {
- echo esc_html( $not_checked_text );
- } elseif ( empty( $vulnerabilities ) || 0 === $count ) {
- echo esc_html( $instance->success_message() );
- } else {
- $list = array();
-
- foreach ( $vulnerabilities as $item ) {
- if ( in_array( $item['id'], $ignored, true ) ) {
- continue;
- }
-
- $html = "
';
- echo '
';
+ echo '
';
echo '
' . __( 'Settings', 'wpscan' ) . '
';
@@ -323,6 +332,21 @@ class Settings {
echo '
';
}
+ /**
+ * Disable security checks field
+ *
+ * @since 1.15.2
+ * @access public
+ * @return string
+ */
+ public function field_disable_security_checks() {
+ $opt = $this->parent->OPT_DISABLE_CHECKS;
+
+ $value = get_option( $opt, array() );
+ $checked = $value === '1' ? 'checked' : null;
+
+ echo "
";
+ }
/**
* Ignore items field
diff --git a/wp-content/plugins/wpscan/app/Summary.php b/wp-content/plugins/wpscan/app/Summary.php
index a5d36265..7460b8a6 100644
--- a/wp-content/plugins/wpscan/app/Summary.php
+++ b/wp-content/plugins/wpscan/app/Summary.php
@@ -25,7 +25,11 @@ class Summary {
add_action( 'admin_init', array( $this, 'add_meta_box_summary' ) );
add_action( 'wp_ajax_wpscan_check_now', array( $this, 'ajax_check_now' ) );
- add_action( 'wp_ajax_wpscan_security_check_now', array( $this, 'ajax_security_check_now' ) );
+
+ if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
+ add_action( 'wp_ajax_wpscan_security_check_now', array( $this, 'ajax_security_check_now' ) );
+ }
+
add_action( 'wp_ajax_' . $this->parent->WPSCAN_TRANSIENT_CRON, array( $this, 'ajax_doing_cron' ) );
}
@@ -161,7 +165,7 @@ class Summary {
}
/**
- * Ajax scurity check now
+ * Ajax security check now
*
* @return void
* @since 1.0.0
diff --git a/wp-content/plugins/wpscan/app/ignoreVulnerabilities.php b/wp-content/plugins/wpscan/app/ignoreVulnerabilities.php
index 9f12c7a7..a13f4e1f 100644
--- a/wp-content/plugins/wpscan/app/ignoreVulnerabilities.php
+++ b/wp-content/plugins/wpscan/app/ignoreVulnerabilities.php
@@ -127,9 +127,11 @@ class ignoreVulnerabilities {
foreach ( wp_get_themes() as $name => $details ) {
$this->list_vulnerabilities_to_ignore( 'themes', $this->parent->get_theme_slug( $name, $details ) );
}
-
- foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) {
- $this->list_vulnerabilities_to_ignore( 'security-checks', $id );
+
+ if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
+ foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) {
+ $this->list_vulnerabilities_to_ignore( 'security-checks', $id );
+ }
}
}
diff --git a/wp-content/plugins/wpscan/assets/css/style.css b/wp-content/plugins/wpscan/assets/css/style.css
index baf1cc0f..74a77bf9 100644
--- a/wp-content/plugins/wpscan/assets/css/style.css
+++ b/wp-content/plugins/wpscan/assets/css/style.css
@@ -161,11 +161,10 @@
.vulnerability-severity {
float: left;
- min-width: 60px;
- margin-right: 20px;
+ min-width: 100px;
}
-.vulnerability-title {
+.vulnerability-title .vulnerability-status .vulnerability-link {
float: left;
}
@@ -175,9 +174,8 @@
text-align: center;
border-radius: 3px;
font-size: 11px;
- margin: 6px 0px 0px 0px;
line-height: 19px;
- min-width: 60px;
+ min-width: 100px;
color: #4e645a;
background: #c6e1d5;
}
diff --git a/wp-content/plugins/wpscan/assets/js/download-report.js b/wp-content/plugins/wpscan/assets/js/download-report.js
index e0aa2ad2..22742a64 100644
--- a/wp-content/plugins/wpscan/assets/js/download-report.js
+++ b/wp-content/plugins/wpscan/assets/js/download-report.js
@@ -360,8 +360,7 @@ jQuery(document).ready(function ($) {
const topTableBorder = is_wordpress_section ? 'WPTableLine' : 'tableLine';
- // name
-
+ // Name
table.table.body[1].push({
text: 'Name',
style: 'tableHeader',
@@ -369,7 +368,7 @@ jQuery(document).ready(function ($) {
});
table.table.widths.push(149);
- // version
+ // Version
if (!is_security_checks) {
table.table.body[1].push({
text: 'Version',
@@ -407,9 +406,9 @@ jQuery(document).ready(function ($) {
.each(function () {
let row = [];
- // Item title
- let itemTitle = $(this).find('.plugin-title strong').text().trim();
-
+ // Item name
+ let itemTitle = is_wordpress_section ? 'WordPress' : $(this).find('.plugin-title strong').text().trim();
+
if ($(this).find('.plugin-title .item-closed').length) {
itemTitle =
itemTitle +
@@ -425,12 +424,11 @@ jQuery(document).ready(function ($) {
});
// Item version
+ let itemVersion = is_wordpress_section ? $(this).find('#wordpress-version').text().trim() : $(this).find('.plugin-title .item-version span').text().trim();
+
if (!is_security_checks) {
row.push({
- text: $(this)
- .find('.plugin-title .item-version span')
- .text()
- .trim(),
+ text: itemVersion,
style: 'resTable',
borderColor,
});
@@ -450,19 +448,20 @@ jQuery(document).ready(function ($) {
.find('.vulnerabilities .vulnerability')
.each(function () {
let item = $(this).clone();
- let linkText =
- item.find('.vulnerability-severity span').text().trim() + ' - ';
- item.find('.vulnerability-severity span').remove();
- linkText = linkText + item.text().trim();
- linkText = linkText.charAt(0).toUpperCase() + linkText.slice(1);
+ let title = item.find('.vulnerability-title').text().trim();
+ let status = item.find('.vulnerability-status').text().trim();
+ let severity = item.find('.vulnerability-severity span').text().trim();
+ let link_text = item.find('.vulnerability-link').text().trim();
+ let link_href = item.find('.vulnerability-link a').attr('href');
- col.stack.push({
- text: linkText,
- link: $(this).attr('href'),
- style: 'resTable',
- lineHeight: 2,
- borderColor,
- });
+ let vulnerability_text = [
+ { text: title, style: 'resTable' },
+ { text: status, style: 'resTable' },
+ { text: severity.charAt(0).toUpperCase() + severity.slice(1), style: 'resTable' },
+ { text: link_text, link: link_href, style: 'resTable' }
+ ]
+
+ col.stack.push( vulnerability_text );
});
row.push(col);
@@ -478,7 +477,7 @@ jQuery(document).ready(function ($) {
table.table.body.push(row);
});
- // push the table
+ // Push the table
is_wordpress_section
? wpscanReport.content.push(wordpressTable)
: wpscanReport.content.push(mainTable);
diff --git a/wp-content/plugins/wpscan/readme.txt b/wp-content/plugins/wpscan/readme.txt
index 1d6f594e..bdab822a 100644
--- a/wp-content/plugins/wpscan/readme.txt
+++ b/wp-content/plugins/wpscan/readme.txt
@@ -3,7 +3,7 @@ Contributors: ethicalhack3r, xfirefartx, erwanlr
Tags: wpscan, wpvulndb, security, vulnerability, hack, scan, exploit, secure, alerts
Requires at least: 3.4
Tested up to: 5.6
-Stable tag: 1.15.1
+Stable tag: 1.15.4
Requires PHP: 5.5
License: GPLv3
License URI: https://www.gnu.org/licenses/gpl.html
@@ -90,6 +90,18 @@ The WPScan WordPress Security Plugin will also check for other security issues,
== Changelog ==
+= 1.15.4 =
+* Fix images not loading on some hosted websites
+* Update remediation links
+
+= 1.15.3 =
+* Fix fatal error in security checks
+
+= 1.15.2 =
+* Improve HTML and PDF report output
+* Disable security checks setting
+* Some refactoring
+
= 1.15.1 =
* Improved email alert text
* Improved PDF report download layout
diff --git a/wp-content/plugins/wpscan/security-checks/database-exports/check.php b/wp-content/plugins/wpscan/security-checks/database-exports/check.php
index 75041d2b..f8868680 100644
--- a/wp-content/plugins/wpscan/security-checks/database-exports/check.php
+++ b/wp-content/plugins/wpscan/security-checks/database-exports/check.php
@@ -73,7 +73,7 @@ class databaseExports extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
- $this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . "
$url.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/2021/01/28/wordpress-database-backup-files.html' );
+ $this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . "
$url.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/wordpress-database-backup-files/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/security-checks/debuglog-files/check.php b/wp-content/plugins/wpscan/security-checks/debuglog-files/check.php
index 806ecbfc..d2a25894 100644
--- a/wp-content/plugins/wpscan/security-checks/debuglog-files/check.php
+++ b/wp-content/plugins/wpscan/security-checks/debuglog-files/check.php
@@ -68,7 +68,7 @@ class debuglogFiles extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
- $this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . "
$url.", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/18/wordpress-debug-log-files.html' );
+ $this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . "
$url", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-debug-log-files/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/security-checks/https/check.php b/wp-content/plugins/wpscan/security-checks/https/check.php
index 750ba8d5..069b50c6 100644
--- a/wp-content/plugins/wpscan/security-checks/https/check.php
+++ b/wp-content/plugins/wpscan/security-checks/https/check.php
@@ -66,7 +66,7 @@ class https extends Check {
// Check if the current page is using HTTPS.
if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
// No HTTPS used.
- $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/2021/03/23/wordpress-ssl-tls-https.html' );
+ $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/wordpress-ssl-tls-https-encryption/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/security-checks/secret-keys/check.php b/wp-content/plugins/wpscan/security-checks/secret-keys/check.php
index 26a6ca77..a1e8a9f7 100644
--- a/wp-content/plugins/wpscan/security-checks/secret-keys/check.php
+++ b/wp-content/plugins/wpscan/security-checks/secret-keys/check.php
@@ -64,7 +64,7 @@ class secretKeys extends Check {
foreach ( $keys as $key ) {
if ( defined( $key ) && constant( $key ) === 'put your unique phrase here' ) {
- $this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . "
https://api.wordpress.org/secret-key/1.1/salt/.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/2021/03/23/wordpress-secret-keys.html' );
+ $this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . "
https://api.wordpress.org/secret-key/1.1/salt/.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/wordpress-secret-keys/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/security-checks/version-control/check.php b/wp-content/plugins/wpscan/security-checks/version-control/check.php
index c92298c4..3f4a8463 100644
--- a/wp-content/plugins/wpscan/security-checks/version-control/check.php
+++ b/wp-content/plugins/wpscan/security-checks/version-control/check.php
@@ -70,7 +70,7 @@ class versionControl extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
- $this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/23/wordpress-version-control-files.html' );
+ $this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-version-control-files/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/security-checks/weak-passwords/check.php b/wp-content/plugins/wpscan/security-checks/weak-passwords/check.php
index 1bb508a2..0bbf6e3e 100644
--- a/wp-content/plugins/wpscan/security-checks/weak-passwords/check.php
+++ b/wp-content/plugins/wpscan/security-checks/weak-passwords/check.php
@@ -90,7 +90,7 @@ class weakPasswords extends Check {
);
}
- $this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan/2019/09/17/wpscan-brute-force.html' );
+ $this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan-brute-force/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/security-checks/wpconfig-backups/check.php b/wp-content/plugins/wpscan/security-checks/wpconfig-backups/check.php
index c16e591a..472dc4d5 100644
--- a/wp-content/plugins/wpscan/security-checks/wpconfig-backups/check.php
+++ b/wp-content/plugins/wpscan/security-checks/wpconfig-backups/check.php
@@ -73,7 +73,7 @@ class wpconfigBackups extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
- $this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . "
$url.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/2021/04/01/wordpress-wp-config-backup-file.html' );
+ $this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . "
$url.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/wordpress-configuration-file-backups/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php b/wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php
index 41392cef..9f0aae50 100644
--- a/wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php
+++ b/wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php
@@ -75,7 +75,7 @@ class xmlrpcEnabled extends Check {
error_log( $authenticated_response->get_error_message() );
} else {
if ( preg_match( '/
Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) {
- $this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
+ $this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
return;
} else {
// Try an unauthenticated request.
@@ -83,7 +83,7 @@ class xmlrpcEnabled extends Check {
$unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) );
if ( preg_match( '/Hello!<\/string>/', $unauthenticated_response['body'] ) ) {
- $this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
+ $this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
}
}
}
diff --git a/wp-content/plugins/wpscan/views/report.php b/wp-content/plugins/wpscan/views/report.php
index 9f20c807..cffacbcb 100644
--- a/wp-content/plugins/wpscan/views/report.php
+++ b/wp-content/plugins/wpscan/views/report.php
@@ -8,7 +8,7 @@
- parent->plugin_dir. 'assets/svg/logo.svg'); ?>
+
@@ -50,11 +50,8 @@
get_status( 'wordpress', get_bloginfo( 'version' ) ) ?> |
-
- WordPress
-
- %s', 'wpscan' ), get_bloginfo( 'version' ) ) ?>
-
+ |
+ WordPress
|
|
-
+
%s', 'wpscan' ), esc_html($details['Version']) ) ?>
@@ -162,41 +159,45 @@
-
-
+ parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) { ?>
-
-
-
- |
- |
- |
- |
-
-
-
- parent->classes['checks/system']->checks as $id => $data ) : ?>
-
-
- get_status('security-checks', $id) ?> |
-
-
-
- title()) ?>
-
- |
-
- parent->classes['checks/system']->list_check_vulnerabilities( $data['instance'] ) ?>
- |
-
- parent->classes['checks/system']->list_actions($data['instance']) ?>
-
- |
-
-
-
-
-
+
+
+
+
+
+
+ |
+ |
+ |
+ |
+
+
+
+ parent->classes['checks/system']->checks as $id => $data ) : ?>
+
+
+ get_status('security-checks', $id) ?> |
+
+
+
+ title() ) ?>
+
+ |
+
+ list_security_check_vulnerabilities( $data['instance'] ) ?>
+ |
+
+ parent->classes['checks/system']->list_actions($data['instance']) ?>
+
+ |
+
+
+
+
+
+
+
parent->OPT_API_TOKEN ) ) { ?>
diff --git a/wp-content/plugins/wpscan/wpscan.php b/wp-content/plugins/wpscan/wpscan.php
index 5f726694..817dfc29 100644
--- a/wp-content/plugins/wpscan/wpscan.php
+++ b/wp-content/plugins/wpscan/wpscan.php
@@ -3,7 +3,7 @@
* Plugin Name: WPScan
* Plugin URI: http://wordpress.org/plugins/wpscan/
* Description: WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
- * Version: 1.15.1
+ * Version: 1.15.4
* Author: WPScan Team
* Author URI: https://wpscan.com/
* License: GPLv3
|