kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated plugin WPScan version 1.15.4

Browse Source
This commit is contained in:
KawaiiPunk
2021-07-25 23:25:13 +00:00
committed by Gitium
parent aa6967db92
commit 0a73b21fab
19 changed files with 228 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php
View File

@ -75,7 +75,7 @@ class xmlrpcEnabled extends Check {
error_log( $authenticated_response->get_error_message() );
} else {
if ( preg_match( '/<string>Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
return;
} else {
// Try an unauthenticated request.
@ -83,7 +83,7 @@ class xmlrpcEnabled extends Check {
$unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) );
if ( preg_match( '/<string>Hello!<\/string>/', $unauthenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
}
}
}