kawaiipunk
/
laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated plugin `WPScan` version 1.15.4

This commit is contained in:
KawaiiPunk 2021-07-25 23:25:13 +00:00 committed by Gitium
parent aa6967db92
commit 0a73b21fab
19 changed files with 228 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
wp-content/plugins/wpscan/app/Checks/System.php
View File

@ -24,6 +24,7 @@ class System {
// Current running events. // Current running events.
public $current_running = ''; public $current_running = '';
/** /**
* A list of registered checks. * A list of registered checks.
* *
@ -158,51 +159,12 @@ class System {
} }
} }
/**
* List vulnerabilities in the report.
*
* @param object $check - The check instance.
*
* @access public
* @return string
* @since 1.0.0
*
*/
public function list_check_vulnerabilities( $instance ) {
$vulnerabilities = $instance->get_vulnerabilities();
$count = $instance->get_vulnerabilities_count();
$ignored = $this->parent->get_ignored_vulnerabilities();
$not_checked_text = __( 'Not checked yet. Click the Run button to run a scan', 'wpscan' );
if ( ! isset( $vulnerabilities ) ) {
echo esc_html( $not_checked_text );
} elseif ( empty( $vulnerabilities ) || 0 === $count ) {
echo esc_html( $instance->success_message() );
} else {
$list = array();
foreach ( $vulnerabilities as $item ) {
if ( in_array( $item['id'], $ignored, true ) ) {
continue;
}
$html = "<div class='vulnerability'>";
$html .= "<span class='vulnerability-severity'>";
$html .= "<span class='wpscan-" . esc_attr( $item['severity'] ) . "'>" . esc_html( $item['severity'] ) ."</span>";
$html .= '</span>';
$html .= "<div class='vulnerability-title'>" . wp_kses( $item['title'], array( 'a' => array( 'href' => array() ) ) ) . '</div>';
$html .= "<div class='vulnerability-remediation'> <a href='" . $item['remediation_url'] . "' target='_blank'>Click here for further info</a></div>";
$html .= '</div>';
$list[] = $html;
}
echo join( '<br>', $list );
}
}
/** /**
* Return vulnerabilities in the report. * Return vulnerabilities in the report.
*
* This is very similar, but subtly different to
* Report->list_security_check_vulnerabilities().
* Should see if they could be merged.
* *
* @param object $check - The check instance. * @param object $check - The check instance.
* *

31
wp-content/plugins/wpscan/app/Plugin.php
View File

@ -14,10 +14,11 @@ defined( 'ABSPATH' ) || exit;
*/ */
class Plugin { class Plugin {
// Settings. // Settings.
public $OPT_API_TOKEN = 'wpscan_api_token'; public $OPT_API_TOKEN = 'wpscan_api_token';
public $OPT_SCANNING_INTERVAL = 'wpscan_scanning_interval'; public $OPT_SCANNING_INTERVAL = 'wpscan_scanning_interval';
public $OPT_SCANNING_TIME = 'wpscan_scanning_time'; public $OPT_SCANNING_TIME = 'wpscan_scanning_time';
public $OPT_IGNORE_ITEMS = 'wpscan_ignore_items'; public $OPT_IGNORE_ITEMS = 'wpscan_ignore_items';
public $OPT_DISABLE_CHECKS = 'wpscan_disable_security_checks';
// Account. // Account.
public $OPT_ACCOUNT_STATUS = 'wpscan_account_status'; public $OPT_ACCOUNT_STATUS = 'wpscan_account_status';
@ -52,9 +53,6 @@ class Plugin {
// Plugin path. // Plugin path.
public $plugin_dir = ''; public $plugin_dir = '';
// Plugin URI.
public $plugin_url = '';
// Page. // Page.
public $page_hook = 'toplevel_page_wpscan'; public $page_hook = 'toplevel_page_wpscan';
@ -73,7 +71,6 @@ class Plugin {
*/ */
public function __construct() { public function __construct() {
$this->plugin_dir = trailingslashit( str_replace( '\\', '/', dirname( WPSCAN_PLUGIN_FILE ) ) ); $this->plugin_dir = trailingslashit( str_replace( '\\', '/', dirname( WPSCAN_PLUGIN_FILE ) ) );
$this->plugin_url = site_url( str_replace( str_replace( '\\', '/', ABSPATH ), '', $this->plugin_dir ) );
// Languages. // Languages.
load_plugin_textdomain( 'wpscan', false, $this->plugin_dir . 'languages' ); load_plugin_textdomain( 'wpscan', false, $this->plugin_dir . 'languages' );
@ -387,7 +384,7 @@ class Plugin {
$this->WPSCAN_ROLE, $this->WPSCAN_ROLE,
'wpscan', 'wpscan',
array( $this->classes['report'], 'page' ), array( $this->classes['report'], 'page' ),
$this->plugin_url . 'assets/svg/menu-icon.svg', plugin_dir_url( dirname( __FILE__ ) ) . 'assets/svg/menu-icon.svg',
null null
); );
} }
@ -554,18 +551,20 @@ class Plugin {
} }
// Security checks. // Security checks.
$this->report['security-checks'] = array(); if ( get_option( $this->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
$this->report['security-checks'] = array();
foreach ( $this->classes['checks/system']->checks as $id => $data ) { foreach ( $this->classes['checks/system']->checks as $id => $data ) {
$data['instance']->perform(); $data['instance']->perform();
$this->report['security-checks'][ $id ]['vulnerabilities'] = array(); $this->report['security-checks'][ $id ]['vulnerabilities'] = array();
if ( $data['instance']->vulnerabilities ) { if ( $data['instance']->vulnerabilities ) {
$this->report['security-checks'][ $id ]['vulnerabilities'] = $data['instance']->get_vulnerabilities(); $this->report['security-checks'][ $id ]['vulnerabilities'] = $data['instance']->get_vulnerabilities();
$this->maybe_fire_issue_found_action( 'security-check', $id, $this->report['security-checks'][ $id ] ); $this->maybe_fire_issue_found_action( 'security-check', $id, $this->report['security-checks'][ $id ] );
}
} }
} }
// Caching. // Caching.
$this->report['cache'] = strtotime( current_time( 'mysql' ) ); $this->report['cache'] = strtotime( current_time( 'mysql' ) );

93
wp-content/plugins/wpscan/app/Report.php
View File

@ -63,6 +63,37 @@ class Report
include $this->parent->plugin_dir . '/views/report.php'; include $this->parent->plugin_dir . '/views/report.php';
} }
/**
* Get vulnerability status based on fixed_in
*
* @since 1.15.2
* @access public
* @return string
*/
public function status( $vulnerability ) {
return empty( $vulnerability->fixed_in )
? __( 'We are not aware of a fix for this vulnerability.', 'wpscan' )
: sprintf( __( 'This vulnerability was fixed in version %s. We recommend that you update as soon as possible.', 'wpscan' ), esc_html( $vulnerability->fixed_in ) );
}
/**
* HTML markup for the vulnerability details
*
* @since 1.15.2
* @access public
* @return string
*/
public function vulnerability_output( $vulnerability ) {
$html = '<div class="vulnerability">';
$html .= '<p class="vulnerability-title"><b>' . esc_html( $vulnerability->title ) . '</b></p>';
$html .= '<p class="vulnerability-status">' . $this->status( $vulnerability ) . '</p>';
$html .= $this->vulnerability_severity( $vulnerability );
$html .= '<br /><p class="vulnerability-link"><a href="' . esc_url( 'https://wpscan.com/vulnerability/' . $vulnerability->id ) . '" target="_blank">Click here for further details</a></p>';
$html .= '</div>';
return $html;
}
/** /**
* List vulnerabilities on screen * List vulnerabilities on screen
* *
@ -99,21 +130,14 @@ class Report
usort( $report['vulnerabilities'], array( 'self', 'sort_vulnerabilities' ) ); usort( $report['vulnerabilities'], array( 'self', 'sort_vulnerabilities' ) );
foreach ( $report['vulnerabilities'] as $item ) { foreach ( $report['vulnerabilities'] as $vulnerability ) {
$id = 'security-checks' === $type ? $item['id'] : $item->id; $id = 'security-checks' === $type ? $vulnerability['id'] : $vulnerability->id;
if ( in_array( $id, $ignored, true ) ) { if ( in_array( $id, $ignored, true ) ) {
continue; continue;
} }
$html = '<div class="vulnerability">'; $list[] = $this->vulnerability_output( $vulnerability );
$html .= $this->vulnerability_severity( $item );
$html .= '<a href="' . esc_url( 'https://wpscan.com/vulnerability/' . $item->id ) . '" target="_blank">';
$html .= $this->parent->get_sanitized_vulnerability_title( $item );
$html .= '</a>';
$html .= '</div>';
$list[] = $html;
} }
echo empty( $list ) ? $null_text : join( '<br>', $list ); echo empty( $list ) ? $null_text : join( '<br>', $list );
@ -123,6 +147,53 @@ class Report
} }
} }
/**
* List security check vulnerabilities in the report.
* This should be merged with the list_api_vulnerabilities() function,
* in the future, if anyone can figure out how...
*
* @param object $check - The check instance.
*
* @access public
* @return string
* @since 1.0.0
*
*/
public function list_security_check_vulnerabilities( $instance ) {
$vulnerabilities = $instance->get_vulnerabilities();
$count = $instance->get_vulnerabilities_count();
$ignored = $this->parent->get_ignored_vulnerabilities();
$not_checked_text = __( 'Not checked yet. Click the Run button to run a scan', 'wpscan' );
if ( ! isset( $vulnerabilities ) ) {
echo esc_html( $not_checked_text );
} elseif ( empty( $vulnerabilities ) || 0 === $count ) {
echo esc_html( $instance->success_message() );
} else {
$list = array();
foreach ( $vulnerabilities as $vulnerability ) {
if ( in_array( $vulnerability['id'], $ignored, true ) ) {
continue;
}
$html = "<div class='vulnerability'>";
$html .= "<p class='vulnerability-title'>" . wp_kses( $vulnerability['title'], array( 'a' => array( 'href' => array() ) ) ) . '</p><br />';
$html .= "<p class='vulnerability-severity'>";
$html .= "<span class='wpscan-" . esc_attr( $vulnerability['severity'] ) . "'>" . esc_html( $vulnerability['severity'] ) ." Severity</span>";
$html .= '</p>';
$html .= "<br /><br /><p class='vulnerability-link'><a href='" . esc_url( $vulnerability['remediation_url'] ) . "' target='_blank'>Click here for further details</a></p>";
$html .= '</div>';
$list[] = $html;
}
echo join( '<br>', $list );
}
}
/** /**
* Sort vulnerabilities by severity * Sort vulnerabilities by severity
* *
@ -155,7 +226,7 @@ class Report
if ( isset( $vulnerability->cvss->severity ) ) { if ( isset( $vulnerability->cvss->severity ) ) {
$severity = $vulnerability->cvss->severity; $severity = $vulnerability->cvss->severity;
$html .= "<span class='wpscan-" . esc_attr( $severity ) . "'>" . esc_html( $severity ) . '</span>'; $html .= "<span class='wpscan-" . esc_attr( $severity ) . "'>" . esc_html( $severity ) . ' Severity</span>';
} }
$html .= '</div>'; $html .= '</div>';

26
wp-content/plugins/wpscan/app/Settings.php
View File

@ -82,6 +82,7 @@ class Settings {
register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS ); register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS );
register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' ); register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' );
register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' ); register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' );
register_setting( $this->page, $this->parent->OPT_DISABLE_CHECKS, array( 'type' => 'boolean', 'default' => '0' ) );
$section = $this->page . '_section'; $section = $this->page . '_section';
@ -116,6 +117,14 @@ class Settings {
$section $section
); );
add_settings_field(
$this->parent->OPT_DISABLE_CHECKS,
__( 'Disable Security Checks', 'wpscan' ),
array( $this, 'field_disable_security_checks' ),
$this->page,
$section
);
add_settings_field( add_settings_field(
$this->parent->OPT_IGNORE_ITEMS, $this->parent->OPT_IGNORE_ITEMS,
__( 'Ignore Items', 'wpscan' ), __( 'Ignore Items', 'wpscan' ),
@ -197,7 +206,7 @@ class Settings {
*/ */
public function page() { public function page() {
echo '<div class="wrap">'; echo '<div class="wrap">';
echo '<h1><img src="' . $this->parent->plugin_url . 'assets/svg/logo.svg" alt="WPScan"></h1>'; echo '<h1><img src="' . plugin_dir_url( dirname( __FILE__ ) ) . 'assets/svg/logo.svg" alt="WPScan"></h1>';
echo '<h2>' . __( 'Settings', 'wpscan' ) . '</h2>'; echo '<h2>' . __( 'Settings', 'wpscan' ) . '</h2>';
@ -323,6 +332,21 @@ class Settings {
echo '</p><br/>'; echo '</p><br/>';
} }
/**
* Disable security checks field
*
* @since 1.15.2
* @access public
* @return string
*/
public function field_disable_security_checks() {
$opt = $this->parent->OPT_DISABLE_CHECKS;
$value = get_option( $opt, array() );
$checked = $value === '1' ? 'checked' : null;
echo "<input name='{$opt}' type='checkbox' $checked value='1' >";
}
/** /**
* Ignore items field * Ignore items field

8
wp-content/plugins/wpscan/app/Summary.php
View File

@ -25,7 +25,11 @@ class Summary {
add_action( 'admin_init', array( $this, 'add_meta_box_summary' ) ); add_action( 'admin_init', array( $this, 'add_meta_box_summary' ) );
add_action( 'wp_ajax_wpscan_check_now', array( $this, 'ajax_check_now' ) ); add_action( 'wp_ajax_wpscan_check_now', array( $this, 'ajax_check_now' ) );
add_action( 'wp_ajax_wpscan_security_check_now', array( $this, 'ajax_security_check_now' ) );
if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
add_action( 'wp_ajax_wpscan_security_check_now', array( $this, 'ajax_security_check_now' ) );
}
add_action( 'wp_ajax_' . $this->parent->WPSCAN_TRANSIENT_CRON, array( $this, 'ajax_doing_cron' ) ); add_action( 'wp_ajax_' . $this->parent->WPSCAN_TRANSIENT_CRON, array( $this, 'ajax_doing_cron' ) );
} }
@ -161,7 +165,7 @@ class Summary {
} }
/** /**
* Ajax scurity check now * Ajax security check now
* *
* @return void * @return void
* @since 1.0.0 * @since 1.0.0

8
wp-content/plugins/wpscan/app/ignoreVulnerabilities.php
View File

@ -127,9 +127,11 @@ class ignoreVulnerabilities {
foreach ( wp_get_themes() as $name => $details ) { foreach ( wp_get_themes() as $name => $details ) {
$this->list_vulnerabilities_to_ignore( 'themes', $this->parent->get_theme_slug( $name, $details ) ); $this->list_vulnerabilities_to_ignore( 'themes', $this->parent->get_theme_slug( $name, $details ) );
} }
foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) { if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
$this->list_vulnerabilities_to_ignore( 'security-checks', $id ); foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) {
$this->list_vulnerabilities_to_ignore( 'security-checks', $id );
}
} }
} }

8
wp-content/plugins/wpscan/assets/css/style.css
View File

@ -161,11 +161,10 @@
.vulnerability-severity { .vulnerability-severity {
float: left; float: left;
min-width: 60px; min-width: 100px;
margin-right: 20px;
} }
.vulnerability-title { .vulnerability-title .vulnerability-status .vulnerability-link {
float: left; float: left;
} }
@ -175,9 +174,8 @@
text-align: center; text-align: center;
border-radius: 3px; border-radius: 3px;
font-size: 11px; font-size: 11px;
margin: 6px 0px 0px 0px;
line-height: 19px; line-height: 19px;
min-width: 60px; min-width: 100px;
color: #4e645a; color: #4e645a;
background: #c6e1d5; background: #c6e1d5;
} }

45
wp-content/plugins/wpscan/assets/js/download-report.js
View File

@ -360,8 +360,7 @@ jQuery(document).ready(function ($) {
const topTableBorder = is_wordpress_section ? 'WPTableLine' : 'tableLine'; const topTableBorder = is_wordpress_section ? 'WPTableLine' : 'tableLine';
// name // Name
table.table.body[1].push({ table.table.body[1].push({
text: 'Name', text: 'Name',
style: 'tableHeader', style: 'tableHeader',
@ -369,7 +368,7 @@ jQuery(document).ready(function ($) {
}); });
table.table.widths.push(149); table.table.widths.push(149);
// version // Version
if (!is_security_checks) { if (!is_security_checks) {
table.table.body[1].push({ table.table.body[1].push({
text: 'Version', text: 'Version',
@ -407,9 +406,9 @@ jQuery(document).ready(function ($) {
.each(function () { .each(function () {
let row = []; let row = [];
// Item title // Item name
let itemTitle = $(this).find('.plugin-title strong').text().trim(); let itemTitle = is_wordpress_section ? 'WordPress' : $(this).find('.plugin-title strong').text().trim();
if ($(this).find('.plugin-title .item-closed').length) { if ($(this).find('.plugin-title .item-closed').length) {
itemTitle = itemTitle =
itemTitle + itemTitle +
@ -425,12 +424,11 @@ jQuery(document).ready(function ($) {
}); });
// Item version // Item version
let itemVersion = is_wordpress_section ? $(this).find('#wordpress-version').text().trim() : $(this).find('.plugin-title .item-version span').text().trim();
if (!is_security_checks) { if (!is_security_checks) {
row.push({ row.push({
text: $(this) text: itemVersion,
.find('.plugin-title .item-version span')
.text()
.trim(),
style: 'resTable', style: 'resTable',
borderColor, borderColor,
}); });
@ -450,19 +448,20 @@ jQuery(document).ready(function ($) {
.find('.vulnerabilities .vulnerability') .find('.vulnerabilities .vulnerability')
.each(function () { .each(function () {
let item = $(this).clone(); let item = $(this).clone();
let linkText = let title = item.find('.vulnerability-title').text().trim();
item.find('.vulnerability-severity span').text().trim() + ' - '; let status = item.find('.vulnerability-status').text().trim();
item.find('.vulnerability-severity span').remove(); let severity = item.find('.vulnerability-severity span').text().trim();
linkText = linkText + item.text().trim(); let link_text = item.find('.vulnerability-link').text().trim();
linkText = linkText.charAt(0).toUpperCase() + linkText.slice(1); let link_href = item.find('.vulnerability-link a').attr('href');
col.stack.push({ let vulnerability_text = [
text: linkText, { text: title, style: 'resTable' },
link: $(this).attr('href'), { text: status, style: 'resTable' },
style: 'resTable', { text: severity.charAt(0).toUpperCase() + severity.slice(1), style: 'resTable' },
lineHeight: 2, { text: link_text, link: link_href, style: 'resTable' }
borderColor, ]
});
col.stack.push( vulnerability_text );
}); });
row.push(col); row.push(col);
@ -478,7 +477,7 @@ jQuery(document).ready(function ($) {
table.table.body.push(row); table.table.body.push(row);
}); });
// push the table // Push the table
is_wordpress_section is_wordpress_section
? wpscanReport.content.push(wordpressTable) ? wpscanReport.content.push(wordpressTable)
: wpscanReport.content.push(mainTable); : wpscanReport.content.push(mainTable);

14
wp-content/plugins/wpscan/readme.txt
View File

@ -3,7 +3,7 @@ Contributors: ethicalhack3r, xfirefartx, erwanlr
Tags: wpscan, wpvulndb, security, vulnerability, hack, scan, exploit, secure, alerts Tags: wpscan, wpvulndb, security, vulnerability, hack, scan, exploit, secure, alerts
Requires at least: 3.4 Requires at least: 3.4
Tested up to: 5.6 Tested up to: 5.6
Stable tag: 1.15.1 Stable tag: 1.15.4
Requires PHP: 5.5 Requires PHP: 5.5
License: GPLv3 License: GPLv3
License URI: https://www.gnu.org/licenses/gpl.html License URI: https://www.gnu.org/licenses/gpl.html
@ -90,6 +90,18 @@ The WPScan WordPress Security Plugin will also check for other security issues,
== Changelog == == Changelog ==
= 1.15.4 =
* Fix images not loading on some hosted websites
* Update remediation links
= 1.15.3 =
* Fix fatal error in security checks
= 1.15.2 =
* Improve HTML and PDF report output
* Disable security checks setting
* Some refactoring
= 1.15.1 = = 1.15.1 =
* Improved email alert text * Improved email alert text
* Improved PDF report download layout * Improved PDF report download layout

2
wp-content/plugins/wpscan/security-checks/database-exports/check.php
View File

@ -73,7 +73,7 @@ class databaseExports extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/2021/01/28/wordpress-database-backup-files.html' ); $this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/wordpress-database-backup-files/' );
} }
} }
} }

2
wp-content/plugins/wpscan/security-checks/debuglog-files/check.php
View File

@ -68,7 +68,7 @@ class debuglogFiles extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/18/wordpress-debug-log-files.html' ); $this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-debug-log-files/' );
} }
} }
} }

2
wp-content/plugins/wpscan/security-checks/https/check.php
View File

@ -66,7 +66,7 @@ class https extends Check {
// Check if the current page is using HTTPS. // Check if the current page is using HTTPS.
if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) { if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
// No HTTPS used. // No HTTPS used.
$this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/2021/03/23/wordpress-ssl-tls-https.html' ); $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/wordpress-ssl-tls-https-encryption/' );
} }
} }
} }

2
wp-content/plugins/wpscan/security-checks/secret-keys/check.php
View File

@ -64,7 +64,7 @@ class secretKeys extends Check {
foreach ( $keys as $key ) { foreach ( $keys as $key ) {
if ( defined( $key ) && constant( $key ) === 'put your unique phrase here' ) { if ( defined( $key ) && constant( $key ) === 'put your unique phrase here' ) {
$this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . " <a href='https://api.wordpress.org/secret-key/1.1/salt/' target='_blank'>https://api.wordpress.org/secret-key/1.1/salt/</a>.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/2021/03/23/wordpress-secret-keys.html' ); $this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . " <a href='https://api.wordpress.org/secret-key/1.1/salt/' target='_blank'>https://api.wordpress.org/secret-key/1.1/salt/</a>.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/wordpress-secret-keys/' );
} }
} }
} }

2
wp-content/plugins/wpscan/security-checks/version-control/check.php
View File

@ -70,7 +70,7 @@ class versionControl extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/23/wordpress-version-control-files.html' ); $this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-version-control-files/' );
} }
} }
} }

2
wp-content/plugins/wpscan/security-checks/weak-passwords/check.php
View File

@ -90,7 +90,7 @@ class weakPasswords extends Check {
); );
} }
$this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan/2019/09/17/wpscan-brute-force.html' ); $this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan-brute-force/' );
} }
} }
} }

2
wp-content/plugins/wpscan/security-checks/wpconfig-backups/check.php
View File

@ -73,7 +73,7 @@ class wpconfigBackups extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/2021/04/01/wordpress-wp-config-backup-file.html' ); $this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/wordpress-configuration-file-backups/' );
} }
} }
} }

4
wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php
View File

@ -75,7 +75,7 @@ class xmlrpcEnabled extends Check {
error_log( $authenticated_response->get_error_message() ); error_log( $authenticated_response->get_error_message() );
} else { } else {
if ( preg_match( '/<string>Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) { if ( preg_match( '/<string>Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' ); $this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
return; return;
} else { } else {
// Try an unauthenticated request. // Try an unauthenticated request.
@ -83,7 +83,7 @@ class xmlrpcEnabled extends Check {
$unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) ); $unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) );
if ( preg_match( '/<string>Hello!<\/string>/', $unauthenticated_response['body'] ) ) { if ( preg_match( '/<string>Hello!<\/string>/', $unauthenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' ); $this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
} }
} }
} }

83
wp-content/plugins/wpscan/views/report.php
View File

@ -8,7 +8,7 @@
<div class="wrap"> <div class="wrap">
<h1> <h1>
<?php echo file_get_contents($this->parent->plugin_dir. 'assets/svg/logo.svg'); ?> <?php echo file_get_contents( plugin_dir_url( dirname( __FILE__ ) ) . 'assets/svg/logo.svg'); ?>
</h1> </h1>
<hr class="wp-header-end"> <hr class="wp-header-end">
@ -50,11 +50,8 @@
<tr> <tr>
<th scope="row" class="check-column" style="text-align: center"> <th scope="row" class="check-column" style="text-align: center">
<?php echo $this->get_status( 'wordpress', get_bloginfo( 'version' ) ) ?></th> <?php echo $this->get_status( 'wordpress', get_bloginfo( 'version' ) ) ?></th>
<td class="plugin-title column-primary"> <td class="wordpress-title column-primary">
<strong>WordPress</strong> <strong>WordPress <span id="wordpress-version"><?php echo get_bloginfo( 'version' ) ?></span></strong>
<span class='item-version'>
<?php echo sprintf( __( 'Version <span>%s</span>', 'wpscan' ), get_bloginfo( 'version' ) ) ?>
</span>
</td> </td>
<td class="vulnerabilities"> <td class="vulnerabilities">
<?php <?php
@ -93,7 +90,7 @@
</th> </th>
<td class="plugin-title column-primary"> <td class="plugin-title column-primary">
<strong><?php echo esc_html($details['Name']) ?></strong> <strong><?php echo esc_html( $details['Name'] ) ?></strong>
<span class='item-version'> <span class='item-version'>
<?php echo sprintf( __( 'Version <span>%s</span>', 'wpscan' ), esc_html($details['Version']) ) ?> <?php echo sprintf( __( 'Version <span>%s</span>', 'wpscan' ), esc_html($details['Version']) ) ?>
</span> </span>
@ -162,41 +159,45 @@
</div> </div>
<div class="wpscan-report-section security-checks"> <?php if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) { ?>
<h3><?php _e('Security Checks', 'wpscan') ?></h3>
<table class="wp-list-table widefat striped plugins"> <div class="wpscan-report-section security-checks">
<thead> <h3><?php _e('Security Checks', 'wpscan') ?></h3>
<tr>
<td scope="col" class="manage-column check-column"></td> <table class="wp-list-table widefat striped plugins">
<th scope="col" class="manage-column column-name column-primary"><?php _e('Name', 'wpscan') ?></th> <thead>
<th scope="col" class="manage-column column-description"><?php _e('Result', 'wpscan') ?></th> <tr>
<th scope="col" class="manage-column column-description"><?php _e('Actions', 'wpscan') ?></th> <td scope="col" class="manage-column check-column"></td>
</tr> <th scope="col" class="manage-column column-name column-primary"><?php _e('Name', 'wpscan') ?></th>
</thead> <th scope="col" class="manage-column column-description"><?php _e('Result', 'wpscan') ?></th>
<tbody id="report-themes"> <th scope="col" class="manage-column column-description"><?php _e('Actions', 'wpscan') ?></th>
<?php foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) : ?> </tr>
<tr> </thead>
<th scope="row" class="check-column" style="text-align: center"> <tbody id="report-themes">
<?php echo $this->get_status('security-checks', $id) ?></th> <?php foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) : ?>
</th> <tr>
<td class="plugin-title column-primary"> <th scope="row" class="check-column" style="text-align: center">
<strong title="<?php echo esc_attr($data['instance']->description()) ?>"> <?php echo $this->get_status('security-checks', $id) ?></th>
<?php echo esc_html($data['instance']->title()) ?> </th>
</strong> <td class="plugin-title column-primary">
</td> <strong title="<?php echo esc_attr($data['instance']->description()) ?>">
<td class="vulnerabilities"> <?php echo esc_html( $data['instance']->title() ) ?>
<?php $this->parent->classes['checks/system']->list_check_vulnerabilities( $data['instance'] ) ?> </strong>
</td> </td>
<td class="security-check-actions"> <td class="vulnerabilities">
<?php $this->parent->classes['checks/system']->list_actions($data['instance']) ?> <?php $this->list_security_check_vulnerabilities( $data['instance'] ) ?>
<span class="spinner"></span> </td>
</td> <td class="security-check-actions">
</tr> <?php $this->parent->classes['checks/system']->list_actions($data['instance']) ?>
<?php endforeach; ?> <span class="spinner"></span>
</tbody> </td>
</table> </tr>
</div> <?php endforeach; ?>
</tbody>
</table>
</div>
<?php } ?>
<?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?> <?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?>
<a href="#" class='button button-secondary download-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a> <a href="#" class='button button-secondary download-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a>

2
wp-content/plugins/wpscan/wpscan.php
View File

@ -3,7 +3,7 @@
* Plugin Name: WPScan * Plugin Name: WPScan
* Plugin URI: http://wordpress.org/plugins/wpscan/ * Plugin URI: http://wordpress.org/plugins/wpscan/
* Description: WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database. * Description: WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
* Version: 1.15.1 * Version: 1.15.4
* Author: WPScan Team * Author: WPScan Team
* Author URI: https://wpscan.com/ * Author URI: https://wpscan.com/
* License: GPLv3 * License: GPLv3