diff --git a/README b/README
index d0cf21ba..3741f5e1 100644
--- a/README
+++ b/README
@@ -105,6 +105,12 @@ ryandewhurst at gmail
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+ - no such file to load -- rubygems
+ Run update-alternatives --config ruby
+ And select your ruby version
+
+ See https://github.com/wpscanteam/wpscan/issues/148
+
==WPSCAN ARGUMENTS==
diff --git a/README.md b/README.md
index bb6aeafe..cc53af5f 100644
--- a/README.md
+++ b/README.md
@@ -116,6 +116,14 @@ Prerequisites:
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+ - no such file to load -- rubygems
+
+ ```update-alternatives --config ruby```
+
+ And select your ruby version
+
+ See https://github.com/wpscanteam/wpscan/issues/148
+
#### WPSCAN ARGUMENTS
--update Update to the latest revision
diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index 650f6ce0..7594af2d 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -4096,4 +4096,86 @@
+
+
+ Mathjax Latex 1.1 CSRF Vulnerability
+ http://1337day.com/exploit/20566
+ CSRF
+
+
+
+
+
+ XSS vulnerability on WP-Banners-Lite
+ http://seclists.org/fulldisclosure/2013/Mar/209
+ http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
+ XSS
+
+
+
+
+
+ Backupbuddy - sensitive data exposure in importbuddy.php
+ http://seclists.org/fulldisclosure/2013/Mar/206
+ http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html
+ UNKNOWN
+
+
+
+
+
+ WP FuneralPress - Stored XSS in Guestbook
+ http://seclists.org/fulldisclosure/2013/Mar/282
+ XSS
+
+
+
+
+
+ ofc_upload_image.php Arbitrary File Upload Vulnerability
+ http://www.exploit-db.com/exploits/24492/
+ UPLOAD
+
+
+
+
+
+ ofc_upload_image.php Arbitrary File Upload Vulnerability
+ http://www.exploit-db.com/exploits/24492/
+ UPLOAD
+
+
+
+
+
+ ofc_upload_image.php Arbitrary File Upload Vulnerability
+ http://www.exploit-db.com/exploits/24492/
+ UPLOAD
+
+
+
+
+
+ ofc_upload_image.php Arbitrary File Upload Vulnerability
+ http://www.exploit-db.com/exploits/24492/
+ UPLOAD
+
+
+
+
+
+ ofc_upload_image.php Arbitrary File Upload Vulnerability
+ http://www.exploit-db.com/exploits/24492/
+ UPLOAD
+
+
+
+
+
+ ofc_upload_image.php Arbitrary File Upload Vulnerability
+ http://www.exploit-db.com/exploits/24492/
+ UPLOAD
+
+
+
diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 5c5bf661..e3e99c83 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -1221,7 +1221,7 @@
XSS
-
+
Wordpress theme pinboard 1.0.6 XSS
@@ -1264,4 +1264,21 @@
+
+
+ felici XSS Vulnerability
+ http://1337day.com/exploit/20560
+ XSS
+
+
+
+
+
+ CVE-2007-4483: Classic v1.5 Theme PHP_SELF XSS
+ http://osvdb.org/38450
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4483
+ XSS
+
+
+
diff --git a/lib/common/browser.rb b/lib/common/browser.rb
index eb44664b..e0468ec2 100644
--- a/lib/common/browser.rb
+++ b/lib/common/browser.rb
@@ -196,6 +196,10 @@ class Browser
params = params.merge(cache_ttl: @cache_ttl)
end
+ # Disable SSL-Certificate checks
+ params = params.merge(ssl_verifypeer: false)
+ params = params.merge(ssl_verifyhost: 0)
+
params
end
diff --git a/spec/lib/common/browser_spec.rb b/spec/lib/common/browser_spec.rb
index f66afee6..24fd65b0 100644
--- a/spec/lib/common/browser_spec.rb
+++ b/spec/lib/common/browser_spec.rb
@@ -278,7 +278,7 @@ describe Browser do
describe '#merge_request_params' do
let(:params) { {} }
- let(:default_expectation) { { cache_ttl: 250, headers: { 'User-Agent' => 'SomeUA' } } }
+ let(:default_expectation) { { cache_ttl: 250, headers: { 'User-Agent' => 'SomeUA' }, ssl_verifypeer: false, ssl_verifyhost: 0 } }
after :each do
@browser.stub(user_agent: 'SomeUA')
diff --git a/wpscan.rb b/wpscan.rb
index 9b13bd07..d21e5726 100755
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -24,4 +24,4 @@ $: << '.'
require File.dirname(__FILE__) + '/lib/wpscan/wpscan_helper'
require File.dirname(__FILE__) + '/main'
-main()
\ No newline at end of file
+main()