updated plugin WPScan version 1.15.4

This commit is contained in:
KawaiiPunk 2021-07-25 23:25:13 +00:00 committed by Gitium
parent aa6967db92
commit 0a73b21fab
19 changed files with 228 additions and 156 deletions

View File

@ -24,6 +24,7 @@ class System {
// Current running events. // Current running events.
public $current_running = ''; public $current_running = '';
/** /**
* A list of registered checks. * A list of registered checks.
* *
@ -158,51 +159,12 @@ class System {
} }
} }
/**
* List vulnerabilities in the report.
*
* @param object $check - The check instance.
*
* @access public
* @return string
* @since 1.0.0
*
*/
public function list_check_vulnerabilities( $instance ) {
$vulnerabilities = $instance->get_vulnerabilities();
$count = $instance->get_vulnerabilities_count();
$ignored = $this->parent->get_ignored_vulnerabilities();
$not_checked_text = __( 'Not checked yet. Click the Run button to run a scan', 'wpscan' );
if ( ! isset( $vulnerabilities ) ) {
echo esc_html( $not_checked_text );
} elseif ( empty( $vulnerabilities ) || 0 === $count ) {
echo esc_html( $instance->success_message() );
} else {
$list = array();
foreach ( $vulnerabilities as $item ) {
if ( in_array( $item['id'], $ignored, true ) ) {
continue;
}
$html = "<div class='vulnerability'>";
$html .= "<span class='vulnerability-severity'>";
$html .= "<span class='wpscan-" . esc_attr( $item['severity'] ) . "'>" . esc_html( $item['severity'] ) ."</span>";
$html .= '</span>';
$html .= "<div class='vulnerability-title'>" . wp_kses( $item['title'], array( 'a' => array( 'href' => array() ) ) ) . '</div>';
$html .= "<div class='vulnerability-remediation'> <a href='" . $item['remediation_url'] . "' target='_blank'>Click here for further info</a></div>";
$html .= '</div>';
$list[] = $html;
}
echo join( '<br>', $list );
}
}
/** /**
* Return vulnerabilities in the report. * Return vulnerabilities in the report.
*
* This is very similar, but subtly different to
* Report->list_security_check_vulnerabilities().
* Should see if they could be merged.
* *
* @param object $check - The check instance. * @param object $check - The check instance.
* *

View File

@ -14,10 +14,11 @@ defined( 'ABSPATH' ) || exit;
*/ */
class Plugin { class Plugin {
// Settings. // Settings.
public $OPT_API_TOKEN = 'wpscan_api_token'; public $OPT_API_TOKEN = 'wpscan_api_token';
public $OPT_SCANNING_INTERVAL = 'wpscan_scanning_interval'; public $OPT_SCANNING_INTERVAL = 'wpscan_scanning_interval';
public $OPT_SCANNING_TIME = 'wpscan_scanning_time'; public $OPT_SCANNING_TIME = 'wpscan_scanning_time';
public $OPT_IGNORE_ITEMS = 'wpscan_ignore_items'; public $OPT_IGNORE_ITEMS = 'wpscan_ignore_items';
public $OPT_DISABLE_CHECKS = 'wpscan_disable_security_checks';
// Account. // Account.
public $OPT_ACCOUNT_STATUS = 'wpscan_account_status'; public $OPT_ACCOUNT_STATUS = 'wpscan_account_status';
@ -52,9 +53,6 @@ class Plugin {
// Plugin path. // Plugin path.
public $plugin_dir = ''; public $plugin_dir = '';
// Plugin URI.
public $plugin_url = '';
// Page. // Page.
public $page_hook = 'toplevel_page_wpscan'; public $page_hook = 'toplevel_page_wpscan';
@ -73,7 +71,6 @@ class Plugin {
*/ */
public function __construct() { public function __construct() {
$this->plugin_dir = trailingslashit( str_replace( '\\', '/', dirname( WPSCAN_PLUGIN_FILE ) ) ); $this->plugin_dir = trailingslashit( str_replace( '\\', '/', dirname( WPSCAN_PLUGIN_FILE ) ) );
$this->plugin_url = site_url( str_replace( str_replace( '\\', '/', ABSPATH ), '', $this->plugin_dir ) );
// Languages. // Languages.
load_plugin_textdomain( 'wpscan', false, $this->plugin_dir . 'languages' ); load_plugin_textdomain( 'wpscan', false, $this->plugin_dir . 'languages' );
@ -387,7 +384,7 @@ class Plugin {
$this->WPSCAN_ROLE, $this->WPSCAN_ROLE,
'wpscan', 'wpscan',
array( $this->classes['report'], 'page' ), array( $this->classes['report'], 'page' ),
$this->plugin_url . 'assets/svg/menu-icon.svg', plugin_dir_url( dirname( __FILE__ ) ) . 'assets/svg/menu-icon.svg',
null null
); );
} }
@ -554,18 +551,20 @@ class Plugin {
} }
// Security checks. // Security checks.
$this->report['security-checks'] = array(); if ( get_option( $this->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
$this->report['security-checks'] = array();
foreach ( $this->classes['checks/system']->checks as $id => $data ) { foreach ( $this->classes['checks/system']->checks as $id => $data ) {
$data['instance']->perform(); $data['instance']->perform();
$this->report['security-checks'][ $id ]['vulnerabilities'] = array(); $this->report['security-checks'][ $id ]['vulnerabilities'] = array();
if ( $data['instance']->vulnerabilities ) { if ( $data['instance']->vulnerabilities ) {
$this->report['security-checks'][ $id ]['vulnerabilities'] = $data['instance']->get_vulnerabilities(); $this->report['security-checks'][ $id ]['vulnerabilities'] = $data['instance']->get_vulnerabilities();
$this->maybe_fire_issue_found_action( 'security-check', $id, $this->report['security-checks'][ $id ] ); $this->maybe_fire_issue_found_action( 'security-check', $id, $this->report['security-checks'][ $id ] );
}
} }
} }
// Caching. // Caching.
$this->report['cache'] = strtotime( current_time( 'mysql' ) ); $this->report['cache'] = strtotime( current_time( 'mysql' ) );

View File

@ -63,6 +63,37 @@ class Report
include $this->parent->plugin_dir . '/views/report.php'; include $this->parent->plugin_dir . '/views/report.php';
} }
/**
* Get vulnerability status based on fixed_in
*
* @since 1.15.2
* @access public
* @return string
*/
public function status( $vulnerability ) {
return empty( $vulnerability->fixed_in )
? __( 'We are not aware of a fix for this vulnerability.', 'wpscan' )
: sprintf( __( 'This vulnerability was fixed in version %s. We recommend that you update as soon as possible.', 'wpscan' ), esc_html( $vulnerability->fixed_in ) );
}
/**
* HTML markup for the vulnerability details
*
* @since 1.15.2
* @access public
* @return string
*/
public function vulnerability_output( $vulnerability ) {
$html = '<div class="vulnerability">';
$html .= '<p class="vulnerability-title"><b>' . esc_html( $vulnerability->title ) . '</b></p>';
$html .= '<p class="vulnerability-status">' . $this->status( $vulnerability ) . '</p>';
$html .= $this->vulnerability_severity( $vulnerability );
$html .= '<br /><p class="vulnerability-link"><a href="' . esc_url( 'https://wpscan.com/vulnerability/' . $vulnerability->id ) . '" target="_blank">Click here for further details</a></p>';
$html .= '</div>';
return $html;
}
/** /**
* List vulnerabilities on screen * List vulnerabilities on screen
* *
@ -99,21 +130,14 @@ class Report
usort( $report['vulnerabilities'], array( 'self', 'sort_vulnerabilities' ) ); usort( $report['vulnerabilities'], array( 'self', 'sort_vulnerabilities' ) );
foreach ( $report['vulnerabilities'] as $item ) { foreach ( $report['vulnerabilities'] as $vulnerability ) {
$id = 'security-checks' === $type ? $item['id'] : $item->id; $id = 'security-checks' === $type ? $vulnerability['id'] : $vulnerability->id;
if ( in_array( $id, $ignored, true ) ) { if ( in_array( $id, $ignored, true ) ) {
continue; continue;
} }
$html = '<div class="vulnerability">'; $list[] = $this->vulnerability_output( $vulnerability );
$html .= $this->vulnerability_severity( $item );
$html .= '<a href="' . esc_url( 'https://wpscan.com/vulnerability/' . $item->id ) . '" target="_blank">';
$html .= $this->parent->get_sanitized_vulnerability_title( $item );
$html .= '</a>';
$html .= '</div>';
$list[] = $html;
} }
echo empty( $list ) ? $null_text : join( '<br>', $list ); echo empty( $list ) ? $null_text : join( '<br>', $list );
@ -123,6 +147,53 @@ class Report
} }
} }
/**
* List security check vulnerabilities in the report.
* This should be merged with the list_api_vulnerabilities() function,
* in the future, if anyone can figure out how...
*
* @param object $check - The check instance.
*
* @access public
* @return string
* @since 1.0.0
*
*/
public function list_security_check_vulnerabilities( $instance ) {
$vulnerabilities = $instance->get_vulnerabilities();
$count = $instance->get_vulnerabilities_count();
$ignored = $this->parent->get_ignored_vulnerabilities();
$not_checked_text = __( 'Not checked yet. Click the Run button to run a scan', 'wpscan' );
if ( ! isset( $vulnerabilities ) ) {
echo esc_html( $not_checked_text );
} elseif ( empty( $vulnerabilities ) || 0 === $count ) {
echo esc_html( $instance->success_message() );
} else {
$list = array();
foreach ( $vulnerabilities as $vulnerability ) {
if ( in_array( $vulnerability['id'], $ignored, true ) ) {
continue;
}
$html = "<div class='vulnerability'>";
$html .= "<p class='vulnerability-title'>" . wp_kses( $vulnerability['title'], array( 'a' => array( 'href' => array() ) ) ) . '</p><br />';
$html .= "<p class='vulnerability-severity'>";
$html .= "<span class='wpscan-" . esc_attr( $vulnerability['severity'] ) . "'>" . esc_html( $vulnerability['severity'] ) ." Severity</span>";
$html .= '</p>';
$html .= "<br /><br /><p class='vulnerability-link'><a href='" . esc_url( $vulnerability['remediation_url'] ) . "' target='_blank'>Click here for further details</a></p>";
$html .= '</div>';
$list[] = $html;
}
echo join( '<br>', $list );
}
}
/** /**
* Sort vulnerabilities by severity * Sort vulnerabilities by severity
* *
@ -155,7 +226,7 @@ class Report
if ( isset( $vulnerability->cvss->severity ) ) { if ( isset( $vulnerability->cvss->severity ) ) {
$severity = $vulnerability->cvss->severity; $severity = $vulnerability->cvss->severity;
$html .= "<span class='wpscan-" . esc_attr( $severity ) . "'>" . esc_html( $severity ) . '</span>'; $html .= "<span class='wpscan-" . esc_attr( $severity ) . "'>" . esc_html( $severity ) . ' Severity</span>';
} }
$html .= '</div>'; $html .= '</div>';

View File

@ -82,6 +82,7 @@ class Settings {
register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS ); register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS );
register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' ); register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' );
register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' ); register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' );
register_setting( $this->page, $this->parent->OPT_DISABLE_CHECKS, array( 'type' => 'boolean', 'default' => '0' ) );
$section = $this->page . '_section'; $section = $this->page . '_section';
@ -116,6 +117,14 @@ class Settings {
$section $section
); );
add_settings_field(
$this->parent->OPT_DISABLE_CHECKS,
__( 'Disable Security Checks', 'wpscan' ),
array( $this, 'field_disable_security_checks' ),
$this->page,
$section
);
add_settings_field( add_settings_field(
$this->parent->OPT_IGNORE_ITEMS, $this->parent->OPT_IGNORE_ITEMS,
__( 'Ignore Items', 'wpscan' ), __( 'Ignore Items', 'wpscan' ),
@ -197,7 +206,7 @@ class Settings {
*/ */
public function page() { public function page() {
echo '<div class="wrap">'; echo '<div class="wrap">';
echo '<h1><img src="' . $this->parent->plugin_url . 'assets/svg/logo.svg" alt="WPScan"></h1>'; echo '<h1><img src="' . plugin_dir_url( dirname( __FILE__ ) ) . 'assets/svg/logo.svg" alt="WPScan"></h1>';
echo '<h2>' . __( 'Settings', 'wpscan' ) . '</h2>'; echo '<h2>' . __( 'Settings', 'wpscan' ) . '</h2>';
@ -323,6 +332,21 @@ class Settings {
echo '</p><br/>'; echo '</p><br/>';
} }
/**
* Disable security checks field
*
* @since 1.15.2
* @access public
* @return string
*/
public function field_disable_security_checks() {
$opt = $this->parent->OPT_DISABLE_CHECKS;
$value = get_option( $opt, array() );
$checked = $value === '1' ? 'checked' : null;
echo "<input name='{$opt}' type='checkbox' $checked value='1' >";
}
/** /**
* Ignore items field * Ignore items field

View File

@ -25,7 +25,11 @@ class Summary {
add_action( 'admin_init', array( $this, 'add_meta_box_summary' ) ); add_action( 'admin_init', array( $this, 'add_meta_box_summary' ) );
add_action( 'wp_ajax_wpscan_check_now', array( $this, 'ajax_check_now' ) ); add_action( 'wp_ajax_wpscan_check_now', array( $this, 'ajax_check_now' ) );
add_action( 'wp_ajax_wpscan_security_check_now', array( $this, 'ajax_security_check_now' ) );
if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
add_action( 'wp_ajax_wpscan_security_check_now', array( $this, 'ajax_security_check_now' ) );
}
add_action( 'wp_ajax_' . $this->parent->WPSCAN_TRANSIENT_CRON, array( $this, 'ajax_doing_cron' ) ); add_action( 'wp_ajax_' . $this->parent->WPSCAN_TRANSIENT_CRON, array( $this, 'ajax_doing_cron' ) );
} }
@ -161,7 +165,7 @@ class Summary {
} }
/** /**
* Ajax scurity check now * Ajax security check now
* *
* @return void * @return void
* @since 1.0.0 * @since 1.0.0

View File

@ -127,9 +127,11 @@ class ignoreVulnerabilities {
foreach ( wp_get_themes() as $name => $details ) { foreach ( wp_get_themes() as $name => $details ) {
$this->list_vulnerabilities_to_ignore( 'themes', $this->parent->get_theme_slug( $name, $details ) ); $this->list_vulnerabilities_to_ignore( 'themes', $this->parent->get_theme_slug( $name, $details ) );
} }
foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) { if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) {
$this->list_vulnerabilities_to_ignore( 'security-checks', $id ); foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) {
$this->list_vulnerabilities_to_ignore( 'security-checks', $id );
}
} }
} }

View File

@ -161,11 +161,10 @@
.vulnerability-severity { .vulnerability-severity {
float: left; float: left;
min-width: 60px; min-width: 100px;
margin-right: 20px;
} }
.vulnerability-title { .vulnerability-title .vulnerability-status .vulnerability-link {
float: left; float: left;
} }
@ -175,9 +174,8 @@
text-align: center; text-align: center;
border-radius: 3px; border-radius: 3px;
font-size: 11px; font-size: 11px;
margin: 6px 0px 0px 0px;
line-height: 19px; line-height: 19px;
min-width: 60px; min-width: 100px;
color: #4e645a; color: #4e645a;
background: #c6e1d5; background: #c6e1d5;
} }

View File

@ -360,8 +360,7 @@ jQuery(document).ready(function ($) {
const topTableBorder = is_wordpress_section ? 'WPTableLine' : 'tableLine'; const topTableBorder = is_wordpress_section ? 'WPTableLine' : 'tableLine';
// name // Name
table.table.body[1].push({ table.table.body[1].push({
text: 'Name', text: 'Name',
style: 'tableHeader', style: 'tableHeader',
@ -369,7 +368,7 @@ jQuery(document).ready(function ($) {
}); });
table.table.widths.push(149); table.table.widths.push(149);
// version // Version
if (!is_security_checks) { if (!is_security_checks) {
table.table.body[1].push({ table.table.body[1].push({
text: 'Version', text: 'Version',
@ -407,9 +406,9 @@ jQuery(document).ready(function ($) {
.each(function () { .each(function () {
let row = []; let row = [];
// Item title // Item name
let itemTitle = $(this).find('.plugin-title strong').text().trim(); let itemTitle = is_wordpress_section ? 'WordPress' : $(this).find('.plugin-title strong').text().trim();
if ($(this).find('.plugin-title .item-closed').length) { if ($(this).find('.plugin-title .item-closed').length) {
itemTitle = itemTitle =
itemTitle + itemTitle +
@ -425,12 +424,11 @@ jQuery(document).ready(function ($) {
}); });
// Item version // Item version
let itemVersion = is_wordpress_section ? $(this).find('#wordpress-version').text().trim() : $(this).find('.plugin-title .item-version span').text().trim();
if (!is_security_checks) { if (!is_security_checks) {
row.push({ row.push({
text: $(this) text: itemVersion,
.find('.plugin-title .item-version span')
.text()
.trim(),
style: 'resTable', style: 'resTable',
borderColor, borderColor,
}); });
@ -450,19 +448,20 @@ jQuery(document).ready(function ($) {
.find('.vulnerabilities .vulnerability') .find('.vulnerabilities .vulnerability')
.each(function () { .each(function () {
let item = $(this).clone(); let item = $(this).clone();
let linkText = let title = item.find('.vulnerability-title').text().trim();
item.find('.vulnerability-severity span').text().trim() + ' - '; let status = item.find('.vulnerability-status').text().trim();
item.find('.vulnerability-severity span').remove(); let severity = item.find('.vulnerability-severity span').text().trim();
linkText = linkText + item.text().trim(); let link_text = item.find('.vulnerability-link').text().trim();
linkText = linkText.charAt(0).toUpperCase() + linkText.slice(1); let link_href = item.find('.vulnerability-link a').attr('href');
col.stack.push({ let vulnerability_text = [
text: linkText, { text: title, style: 'resTable' },
link: $(this).attr('href'), { text: status, style: 'resTable' },
style: 'resTable', { text: severity.charAt(0).toUpperCase() + severity.slice(1), style: 'resTable' },
lineHeight: 2, { text: link_text, link: link_href, style: 'resTable' }
borderColor, ]
});
col.stack.push( vulnerability_text );
}); });
row.push(col); row.push(col);
@ -478,7 +477,7 @@ jQuery(document).ready(function ($) {
table.table.body.push(row); table.table.body.push(row);
}); });
// push the table // Push the table
is_wordpress_section is_wordpress_section
? wpscanReport.content.push(wordpressTable) ? wpscanReport.content.push(wordpressTable)
: wpscanReport.content.push(mainTable); : wpscanReport.content.push(mainTable);

View File

@ -3,7 +3,7 @@ Contributors: ethicalhack3r, xfirefartx, erwanlr
Tags: wpscan, wpvulndb, security, vulnerability, hack, scan, exploit, secure, alerts Tags: wpscan, wpvulndb, security, vulnerability, hack, scan, exploit, secure, alerts
Requires at least: 3.4 Requires at least: 3.4
Tested up to: 5.6 Tested up to: 5.6
Stable tag: 1.15.1 Stable tag: 1.15.4
Requires PHP: 5.5 Requires PHP: 5.5
License: GPLv3 License: GPLv3
License URI: https://www.gnu.org/licenses/gpl.html License URI: https://www.gnu.org/licenses/gpl.html
@ -90,6 +90,18 @@ The WPScan WordPress Security Plugin will also check for other security issues,
== Changelog == == Changelog ==
= 1.15.4 =
* Fix images not loading on some hosted websites
* Update remediation links
= 1.15.3 =
* Fix fatal error in security checks
= 1.15.2 =
* Improve HTML and PDF report output
* Disable security checks setting
* Some refactoring
= 1.15.1 = = 1.15.1 =
* Improved email alert text * Improved email alert text
* Improved PDF report download layout * Improved PDF report download layout

View File

@ -73,7 +73,7 @@ class databaseExports extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/2021/01/28/wordpress-database-backup-files.html' ); $this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/wordpress-database-backup-files/' );
} }
} }
} }

View File

@ -68,7 +68,7 @@ class debuglogFiles extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/18/wordpress-debug-log-files.html' ); $this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-debug-log-files/' );
} }
} }
} }

View File

@ -66,7 +66,7 @@ class https extends Check {
// Check if the current page is using HTTPS. // Check if the current page is using HTTPS.
if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) { if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
// No HTTPS used. // No HTTPS used.
$this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/2021/03/23/wordpress-ssl-tls-https.html' ); $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/wordpress-ssl-tls-https-encryption/' );
} }
} }
} }

View File

@ -64,7 +64,7 @@ class secretKeys extends Check {
foreach ( $keys as $key ) { foreach ( $keys as $key ) {
if ( defined( $key ) && constant( $key ) === 'put your unique phrase here' ) { if ( defined( $key ) && constant( $key ) === 'put your unique phrase here' ) {
$this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . " <a href='https://api.wordpress.org/secret-key/1.1/salt/' target='_blank'>https://api.wordpress.org/secret-key/1.1/salt/</a>.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/2021/03/23/wordpress-secret-keys.html' ); $this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . " <a href='https://api.wordpress.org/secret-key/1.1/salt/' target='_blank'>https://api.wordpress.org/secret-key/1.1/salt/</a>.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/wordpress-secret-keys/' );
} }
} }
} }

View File

@ -70,7 +70,7 @@ class versionControl extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/23/wordpress-version-control-files.html' ); $this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/wordpress-version-control-files/' );
} }
} }
} }

View File

@ -90,7 +90,7 @@ class weakPasswords extends Check {
); );
} }
$this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan/2019/09/17/wpscan-brute-force.html' ); $this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan-brute-force/' );
} }
} }
} }

View File

@ -73,7 +73,7 @@ class wpconfigBackups extends Check {
$code = wp_remote_retrieve_response_code( $response ); $code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) { if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/2021/04/01/wordpress-wp-config-backup-file.html' ); $this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/wordpress-configuration-file-backups/' );
} }
} }
} }

View File

@ -75,7 +75,7 @@ class xmlrpcEnabled extends Check {
error_log( $authenticated_response->get_error_message() ); error_log( $authenticated_response->get_error_message() );
} else { } else {
if ( preg_match( '/<string>Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) { if ( preg_match( '/<string>Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' ); $this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
return; return;
} else { } else {
// Try an unauthenticated request. // Try an unauthenticated request.
@ -83,7 +83,7 @@ class xmlrpcEnabled extends Check {
$unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) ); $unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) );
if ( preg_match( '/<string>Hello!<\/string>/', $unauthenticated_response['body'] ) ) { if ( preg_match( '/<string>Hello!<\/string>/', $unauthenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' ); $this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/' );
} }
} }
} }

View File

@ -8,7 +8,7 @@
<div class="wrap"> <div class="wrap">
<h1> <h1>
<?php echo file_get_contents($this->parent->plugin_dir. 'assets/svg/logo.svg'); ?> <?php echo file_get_contents( plugin_dir_url( dirname( __FILE__ ) ) . 'assets/svg/logo.svg'); ?>
</h1> </h1>
<hr class="wp-header-end"> <hr class="wp-header-end">
@ -50,11 +50,8 @@
<tr> <tr>
<th scope="row" class="check-column" style="text-align: center"> <th scope="row" class="check-column" style="text-align: center">
<?php echo $this->get_status( 'wordpress', get_bloginfo( 'version' ) ) ?></th> <?php echo $this->get_status( 'wordpress', get_bloginfo( 'version' ) ) ?></th>
<td class="plugin-title column-primary"> <td class="wordpress-title column-primary">
<strong>WordPress</strong> <strong>WordPress <span id="wordpress-version"><?php echo get_bloginfo( 'version' ) ?></span></strong>
<span class='item-version'>
<?php echo sprintf( __( 'Version <span>%s</span>', 'wpscan' ), get_bloginfo( 'version' ) ) ?>
</span>
</td> </td>
<td class="vulnerabilities"> <td class="vulnerabilities">
<?php <?php
@ -93,7 +90,7 @@
</th> </th>
<td class="plugin-title column-primary"> <td class="plugin-title column-primary">
<strong><?php echo esc_html($details['Name']) ?></strong> <strong><?php echo esc_html( $details['Name'] ) ?></strong>
<span class='item-version'> <span class='item-version'>
<?php echo sprintf( __( 'Version <span>%s</span>', 'wpscan' ), esc_html($details['Version']) ) ?> <?php echo sprintf( __( 'Version <span>%s</span>', 'wpscan' ), esc_html($details['Version']) ) ?>
</span> </span>
@ -162,41 +159,45 @@
</div> </div>
<div class="wpscan-report-section security-checks"> <?php if ( get_option( $this->parent->OPT_DISABLE_CHECKS, array() ) !== '1' ) { ?>
<h3><?php _e('Security Checks', 'wpscan') ?></h3>
<table class="wp-list-table widefat striped plugins"> <div class="wpscan-report-section security-checks">
<thead> <h3><?php _e('Security Checks', 'wpscan') ?></h3>
<tr>
<td scope="col" class="manage-column check-column"></td> <table class="wp-list-table widefat striped plugins">
<th scope="col" class="manage-column column-name column-primary"><?php _e('Name', 'wpscan') ?></th> <thead>
<th scope="col" class="manage-column column-description"><?php _e('Result', 'wpscan') ?></th> <tr>
<th scope="col" class="manage-column column-description"><?php _e('Actions', 'wpscan') ?></th> <td scope="col" class="manage-column check-column"></td>
</tr> <th scope="col" class="manage-column column-name column-primary"><?php _e('Name', 'wpscan') ?></th>
</thead> <th scope="col" class="manage-column column-description"><?php _e('Result', 'wpscan') ?></th>
<tbody id="report-themes"> <th scope="col" class="manage-column column-description"><?php _e('Actions', 'wpscan') ?></th>
<?php foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) : ?> </tr>
<tr> </thead>
<th scope="row" class="check-column" style="text-align: center"> <tbody id="report-themes">
<?php echo $this->get_status('security-checks', $id) ?></th> <?php foreach ( $this->parent->classes['checks/system']->checks as $id => $data ) : ?>
</th> <tr>
<td class="plugin-title column-primary"> <th scope="row" class="check-column" style="text-align: center">
<strong title="<?php echo esc_attr($data['instance']->description()) ?>"> <?php echo $this->get_status('security-checks', $id) ?></th>
<?php echo esc_html($data['instance']->title()) ?> </th>
</strong> <td class="plugin-title column-primary">
</td> <strong title="<?php echo esc_attr($data['instance']->description()) ?>">
<td class="vulnerabilities"> <?php echo esc_html( $data['instance']->title() ) ?>
<?php $this->parent->classes['checks/system']->list_check_vulnerabilities( $data['instance'] ) ?> </strong>
</td> </td>
<td class="security-check-actions"> <td class="vulnerabilities">
<?php $this->parent->classes['checks/system']->list_actions($data['instance']) ?> <?php $this->list_security_check_vulnerabilities( $data['instance'] ) ?>
<span class="spinner"></span> </td>
</td> <td class="security-check-actions">
</tr> <?php $this->parent->classes['checks/system']->list_actions($data['instance']) ?>
<?php endforeach; ?> <span class="spinner"></span>
</tbody> </td>
</table> </tr>
</div> <?php endforeach; ?>
</tbody>
</table>
</div>
<?php } ?>
<?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?> <?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?>
<a href="#" class='button button-secondary download-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a> <a href="#" class='button button-secondary download-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a>

View File

@ -3,7 +3,7 @@
* Plugin Name: WPScan * Plugin Name: WPScan
* Plugin URI: http://wordpress.org/plugins/wpscan/ * Plugin URI: http://wordpress.org/plugins/wpscan/
* Description: WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database. * Description: WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
* Version: 1.15.1 * Version: 1.15.4
* Author: WPScan Team * Author: WPScan Team
* Author URI: https://wpscan.com/ * Author URI: https://wpscan.com/
* License: GPLv3 * License: GPLv3