regex escaping when using variables

lib/wpscan/modules/malwares.rb

@@ -53,7 +53,8 @@ module Malwares
     malwares_file_path || DATA_DIR + '/malwares.txt'
   end
 
-  def self.malware_pattern(url)
-    %r{<(?:script|iframe).* src=(?:"|')(#{url}[^"']*)(?:"|')[^>]*>}i
+  def self.malware_pattern(url_regex)
+    # no need to escape regex here, because malware.txt contains regex
+    %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}i
   end
 end

lib/wpscan/wp_detector.rb

@@ -54,7 +54,7 @@ class WpDetector
     regex2        = %r{\\?/}
     regex3        = %r{\\?/([^/\\"']+)\\?(?:/|"|')}
     # Custom wp-content dir is now used in this regex
-    names = response.body.scan(/#{regex1}#{wp_content_dir}#{regex2}#{type}#{regex3}/i)
+    names = response.body.scan(/#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i)
 
     names.flatten!
     names.uniq!

lib/wpscan/wp_target.rb

@@ -93,10 +93,10 @@ class WpTarget
       # Only use the path because domain can be text or an ip
       uri_path = @uri.path
 
-      if index_body[/#{uri_path}\/wp-content\/(?:themes|plugins)\//i]
+      if index_body[/#{Regexp.escape(uri_path)}\/wp-content\/(?:themes|plugins)\//i]
         @wp_content_dir = "wp-content"
       else
-        @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{uri_path}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
+        @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
       end
     end
     @wp_content_dir