kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated plugin WPScan version 1.15.4

Browse Source
This commit is contained in:
KawaiiPunk
2021-07-25 23:25:13 +00:00
committed by Gitium
parent aa6967db92
commit 0a73b21fab
19 changed files with 228 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wp-content/plugins/wpscan/security-checks/database-exports/check.php
View File

@ -73,7 +73,7 @@ class databaseExports extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/2021/01/28/wordpress-database-backup-files.html' );
$this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/wordpress-database-backup-files/' );
}
}
}

2
wp-content/plugins/wpscan/security-checks/debuglog-files/check.php
View File

@ -68,7 +68,7 @@ class debuglogFiles extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/18/wordpress-debug-log-files.html' );
$this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-debug-log-files/' );
}
}
}

2
wp-content/plugins/wpscan/security-checks/https/check.php
View File

@ -66,7 +66,7 @@ class https extends Check {
// Check if the current page is using HTTPS.
if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
// No HTTPS used.
$this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/2021/03/23/wordpress-ssl-tls-https.html' );
$this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/wordpress-ssl-tls-https-encryption/' );
}
}
}

2
wp-content/plugins/wpscan/security-checks/secret-keys/check.php
View File

@ -64,7 +64,7 @@ class secretKeys extends Check {
foreach ( $keys as $key ) {
if ( defined( $key ) && constant( $key ) === 'put your unique phrase here' ) {
$this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . " <a href='https://api.wordpress.org/secret-key/1.1/salt/' target='_blank'>https://api.wordpress.org/secret-key/1.1/salt/</a>.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/2021/03/23/wordpress-secret-keys.html' );
$this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . " <a href='https://api.wordpress.org/secret-key/1.1/salt/' target='_blank'>https://api.wordpress.org/secret-key/1.1/salt/</a>.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/wordpress-secret-keys/' );
}
}
}

2
wp-content/plugins/wpscan/security-checks/version-control/check.php
View File

@ -70,7 +70,7 @@ class versionControl extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/23/wordpress-version-control-files.html' );
$this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-version-control-files/' );
}
}
}

2
wp-content/plugins/wpscan/security-checks/weak-passwords/check.php
View File

@ -90,7 +90,7 @@ class weakPasswords extends Check {
);
}
$this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan/2019/09/17/wpscan-brute-force.html' );
$this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan-brute-force/' );
}
}
}

2
wp-content/plugins/wpscan/security-checks/wpconfig-backups/check.php
View File

@ -73,7 +73,7 @@ class wpconfigBackups extends Check {
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/2021/04/01/wordpress-wp-config-backup-file.html' );
$this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/wordpress-configuration-file-backups/' );
}
}
}

4
wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php
View File

@ -75,7 +75,7 @@ class xmlrpcEnabled extends Check {
error_log( $authenticated_response->get_error_message() );
} else {
if ( preg_match( '/<string>Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
return;
} else {
// Try an unauthenticated request.
@ -83,7 +83,7 @@ class xmlrpcEnabled extends Check {
$unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) );
if ( preg_match( '/<string>Hello!<\/string>/', $unauthenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
}
}
}