From a15028793e0a54ad4da3d72fd7e2f5920e1f2c51 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Sun, 23 Sep 2012 21:50:41 +0200
Subject: [PATCH] -) custom plugins directory (outside of wp-content) -)
 feedback from ewanlr -) Regex fix for version detection from readme.txt due
 to false positives (tag-cloud-widget plugin)

---
 doc/WpDetector.html                           |   4 +-
 doc/WpEnumerator.html                         |  10 +-
 doc/WpItem.html                               | 201 +++++-----
 doc/WpOptions.html                            |   2 +-
 doc/WpPlugin.html                             |   2 +-
 doc/WpPlugins.html                            |  10 +-
 doc/WpTarget.html                             |   2 +-
 doc/WpTheme.html                              |  19 +-
 doc/WpTimthumbs.html                          |   2 +-
 doc/WpVersion.html                            |  17 +-
 doc/created.rid                               |  28 +-
 doc/index.html                                |   4 +-
 doc/lib/wpscan/modules/wp_plugins_rb.html     |   2 +-
 doc/lib/wpscan/modules/wp_timthumbs_rb.html   |   2 +-
 doc/lib/wpscan/wp_detector_rb.html            |   2 +-
 doc/lib/wpscan/wp_enumerator_rb.html          |   2 +-
 doc/lib/wpscan/wp_options_rb.html             |   2 +-
 doc/lib/wpscan/wp_plugin_rb.html              |   2 +-
 doc/lib/wpscan/wp_target_rb.html              |   2 +-
 doc/lib/wpscan/wp_theme_rb.html               |   2 +-
 doc/lib/wpscan/wp_version_rb.html             |   2 +-
 doc/wpscan_rb.html                            |   2 +-
 lib/wpscan/modules/wp_login_protection.rb     |  12 +-
 lib/wpscan/modules/wp_plugins.rb              |  10 +-
 lib/wpscan/modules/wp_themes.rb               |   6 +-
 lib/wpscan/modules/wp_timthumbs.rb            |   2 +-
 lib/wpscan/wp_detector.rb                     |   4 +-
 lib/wpscan/wp_enumerator.rb                   |  10 +-
 lib/wpscan/wp_item.rb                         |  27 +-
 lib/wpscan/wp_options.rb                      |   2 +-
 lib/wpscan/wp_plugin.rb                       |   2 +-
 lib/wpscan/wp_target.rb                       |   2 +-
 lib/wpscan/wp_theme.rb                        |   6 +-
 lib/wpscan/wp_version.rb                      |  16 +-
 .../modules/wp_login_protection_spec.rb       |   4 +-
 spec/lib/wpscan/modules/wp_plugins_spec.rb    |  28 +-
 spec/lib/wpscan/modules/wp_themes_spec.rb     |  42 +-
 spec/lib/wpscan/modules/wp_timthumbs_spec.rb  |   8 +-
 spec/lib/wpscan/wp_item_spec.rb               | 372 +++++++++++++-----
 spec/lib/wpscan/wp_options_spec.rb            |  14 +-
 spec/lib/wpscan/wp_plugin_spec.rb             |  14 +-
 spec/lib/wpscan/wp_target_spec.rb             |  13 +-
 spec/lib/wpscan/wp_theme_spec.rb              |  34 +-
 spec/lib/wpscan/wp_version_spec.rb            |  10 +-
 spec/lib/wpscan/wp_vulnerability_spec.rb      |   4 +-
 wpscan.rb                                     |  12 +-
 46 files changed, 560 insertions(+), 415 deletions(-)

diff --git a/doc/WpDetector.html b/doc/WpDetector.html
index 9cf2a0e3..55fb879f 100644
--- a/doc/WpDetector.html
+++ b/doc/WpDetector.html
@@ -236,7 +236,7 @@
 
   <span class="ruby-identifier">result</span> = <span class="ruby-identifier">items</span>
   <span class="ruby-keyword">if</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
-    <span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
+    <span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
   <span class="ruby-keyword">end</span>
 
   <span class="ruby-identifier">enum_results</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>)
@@ -303,7 +303,7 @@
 
   <span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
     <span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
         <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>,
         <span class="ruby-value">:type</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
         <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,
diff --git a/doc/WpEnumerator.html b/doc/WpEnumerator.html
index 0042d206..e4aab697 100644
--- a/doc/WpEnumerator.html
+++ b/doc/WpEnumerator.html
@@ -232,7 +232,7 @@
 <ul><li>
 <p><tt>targets</tt> - targets to enumerate</p>
 </li><li><ul><li>
-<p><tt>:url</tt> - Base URL</p>
+<p><tt>:base_url</tt> - Base URL</p>
 </li></ul>
 </li><li><ul><li>
 <p><tt>:wp_content</tt> - wp-content directory</p>
@@ -273,7 +273,7 @@
   <span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
 
   <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_url</span>
+    <span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
 
     <span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span> })
     <span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
@@ -342,7 +342,7 @@
   <span class="ruby-identifier">file</span>              = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
   <span class="ruby-identifier">vulns_file</span>        = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
   <span class="ruby-identifier">wp_content_dir</span>    = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
-  <span class="ruby-identifier">url</span>               = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">url</span>               = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
   <span class="ruby-identifier">type</span>              = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
   <span class="ruby-identifier">plugins_dir</span>       = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
   <span class="ruby-identifier">targets_url</span>       = []
@@ -352,7 +352,7 @@
     <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">&quot;r&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
       <span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
         <span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-            <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
+            <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
             <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>,
             <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
             <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>),
@@ -374,7 +374,7 @@
     <span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
       <span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">&quot;name&quot;</span>).<span class="ruby-identifier">text</span>
       <span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-          <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
+          <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
           <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
           <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
           <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
diff --git a/doc/WpItem.html b/doc/WpItem.html
index e67b0fdb..71de90c0 100644
--- a/doc/WpItem.html
+++ b/doc/WpItem.html
@@ -79,9 +79,9 @@
           
           <li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a></li>
           
-          <li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
+          <li><a href="#method-i-get_full_url">#get_full_url</a></li>
           
-          <li><a href="#method-i-get_url">#get_url</a></li>
+          <li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
           
           <li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a></li>
           
@@ -235,14 +235,27 @@
         <h3 class="section-header">Attributes</h3>
 
         
+        <div id="base_url-attribute-method" class="method-detail">
+          <a name="base_url"></a>
+          
+          <div class="method-heading attribute-method-heading">
+            <span class="method-name">base_url</span><span
+              class="attribute-access-type">[R]</span>
+          </div>
+
+          <div class="method-description">
+          
+          
+          
+          </div>
+        </div>
+        
         <div id="name-attribute-method" class="method-detail">
           <a name="name"></a>
           
-          <a name="name="></a>
-          
           <div class="method-heading attribute-method-heading">
             <span class="method-name">name</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
           </div>
 
           <div class="method-description">
@@ -255,11 +268,9 @@
         <div id="path-attribute-method" class="method-detail">
           <a name="path"></a>
           
-          <a name="path="></a>
-          
           <div class="method-heading attribute-method-heading">
             <span class="method-name">path</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
           </div>
 
           <div class="method-description">
@@ -272,28 +283,9 @@
         <div id="type-attribute-method" class="method-detail">
           <a name="type"></a>
           
-          <a name="type="></a>
-          
           <div class="method-heading attribute-method-heading">
             <span class="method-name">type</span><span
-              class="attribute-access-type">[RW]</span>
-          </div>
-
-          <div class="method-description">
-          
-          
-          
-          </div>
-        </div>
-        
-        <div id="url-attribute-method" class="method-detail">
-          <a name="url"></a>
-          
-          <a name="url="></a>
-          
-          <div class="method-heading attribute-method-heading">
-            <span class="method-name">url</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
           </div>
 
           <div class="method-description">
@@ -306,11 +298,9 @@
         <div id="vulns_file-attribute-method" class="method-detail">
           <a name="vulns_file"></a>
           
-          <a name="vulns_file="></a>
-          
           <div class="method-heading attribute-method-heading">
             <span class="method-name">vulns_file</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
           </div>
 
           <div class="method-description">
@@ -323,11 +313,9 @@
         <div id="vulns_xpath-attribute-method" class="method-detail">
           <a name="vulns_xpath"></a>
           
-          <a name="vulns_xpath="></a>
-          
           <div class="method-heading attribute-method-heading">
             <span class="method-name">vulns_xpath</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
           </div>
 
           <div class="method-description">
@@ -340,11 +328,9 @@
         <div id="wp_content_dir-attribute-method" class="method-detail">
           <a name="wp_content_dir"></a>
           
-          <a name="wp_content_dir="></a>
-          
           <div class="method-heading attribute-method-heading">
             <span class="method-name">wp_content_dir</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
           </div>
 
           <div class="method-description">
@@ -354,14 +340,12 @@
           </div>
         </div>
         
-        <div id="wp_plugin_dir-attribute-method" class="method-detail">
-          <a name="wp_plugin_dir"></a>
-          
-          <a name="wp_plugin_dir="></a>
+        <div id="wp_plugins_dir-attribute-method" class="method-detail">
+          <a name="wp_plugins_dir"></a>
           
           <div class="method-heading attribute-method-heading">
-            <span class="method-name">wp_plugin_dir</span><span
-              class="attribute-access-type">[RW]</span>
+            <span class="method-name">wp_plugins_dir</span><span
+              class="attribute-access-type">[R]</span>
           </div>
 
           <div class="method-description">
@@ -402,15 +386,15 @@
 <span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
   <span class="ruby-ivar">@type</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
-  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;wp-content&quot;</span>
-  <span class="ruby-ivar">@wp_plugin_dir</span>  = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;plugins&quot;</span>
-  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-string">&quot;wp-content&quot;</span>
+  <span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#@wp_content_dir/plugins&quot;</span>
+  <span class="ruby-ivar">@base_url</span>       = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
   <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
   <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
   <span class="ruby-ivar">@vulns_file</span>     = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
   <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
 
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>)            <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url not set&quot;</span>)       <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
   <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>)           <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
   <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
   <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>)           <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
@@ -452,7 +436,7 @@
             
             <div class="method-source-code" id="3C-3D-3E-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 121</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 122</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
   <span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -485,7 +469,7 @@
             
             <div class="method-source-code" id="3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 111</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 112</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">other</span>)
   <span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -518,7 +502,7 @@
             
             <div class="method-source-code" id="3D-3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 116</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 117</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
   <span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -551,7 +535,7 @@
             
             <div class="method-source-code" id="changelog_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 131</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 132</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
   <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -584,7 +568,7 @@
             
             <div class="method-source-code" id="directory_listing-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 94</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 95</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
   <span class="ruby-comment"># Need to remove to file part from the url</span>
   <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
@@ -618,9 +602,9 @@
             
             <div class="method-source-code" id="extract_name_from_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 100</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 101</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
-  <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
+  <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
 <span class="ruby-keyword">end</span></pre>
             </div><!-- extract_name_from_url-source -->
             
@@ -632,6 +616,53 @@
         </div><!-- extract_name_from_url-method -->
 
       
+        <div id="get_full_url-method" class="method-detail ">
+          <a name="method-i-get_full_url"></a>
+
+          
+          <div class="method-heading">
+            <span class="method-name">get_full_url</span><span
+              class="method-args">()</span>
+            <span class="method-click-advice">click to toggle source</span>
+          </div>
+          
+
+          <div class="method-description">
+            
+            <p>Get the full url for this item</p>
+            
+
+            
+            <div class="method-source-code" id="get_full_url-source">
+<pre>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 57</span>
+<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_full_url</span>
+  <span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
+  <span class="ruby-comment"># remove first and last /</span>
+  <span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
+  <span class="ruby-comment"># remove first /</span>
+  <span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
+  <span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span><span class="ruby-string">&quot;plugins&quot;</span>
+    <span class="ruby-comment"># plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir</span>
+    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#@wp_plugins_dir/#{path}&quot;</span>)
+  <span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
+    <span class="ruby-comment"># timthumbs have folder in path variable</span>
+    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
+  <span class="ruby-keyword">else</span>
+    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
+  <span class="ruby-keyword">end</span>
+  <span class="ruby-identifier">ret</span>
+<span class="ruby-keyword">end</span></pre>
+            </div><!-- get_full_url-source -->
+            
+          </div>
+
+          
+
+          
+        </div><!-- get_full_url-method -->
+
+      
         <div id="get_sub_folder-method" class="method-detail ">
           <a name="method-i-get_sub_folder"></a>
 
@@ -654,8 +685,6 @@
 <span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 43</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
   <span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
-    <span class="ruby-keyword">when</span> <span class="ruby-string">&quot;plugins&quot;</span>
-      <span class="ruby-identifier">folder</span> = <span class="ruby-ivar">@wp_plugin_dir</span>
     <span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
       <span class="ruby-identifier">folder</span> = <span class="ruby-string">&quot;themes&quot;</span>
     <span class="ruby-keyword">when</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
@@ -676,50 +705,6 @@
         </div><!-- get_sub_folder-method -->
 
       
-        <div id="get_url-method" class="method-detail ">
-          <a name="method-i-get_url"></a>
-
-          
-          <div class="method-heading">
-            <span class="method-name">get_url</span><span
-              class="method-args">()</span>
-            <span class="method-click-advice">click to toggle source</span>
-          </div>
-          
-
-          <div class="method-description">
-            
-            <p>Get the full url for this item</p>
-            
-
-            
-            <div class="method-source-code" id="get_url-source">
-<pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 59</span>
-<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url</span>
-  <span class="ruby-identifier">url</span> = <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@url/&quot;</span>
-  <span class="ruby-comment"># remove first and last /</span>
-  <span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
-  <span class="ruby-comment"># remove first /</span>
-  <span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
-  <span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
-    <span class="ruby-comment"># timthumbs have folder in path variable</span>
-    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
-  <span class="ruby-keyword">else</span>
-    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
-  <span class="ruby-keyword">end</span>
-  <span class="ruby-identifier">ret</span>
-<span class="ruby-keyword">end</span></pre>
-            </div><!-- get_url-source -->
-            
-          </div>
-
-          
-
-          
-        </div><!-- get_url-method -->
-
-      
         <div id="get_url_without_filename-method" class="method-detail ">
           <a name="method-i-get_url_without_filename"></a>
 
@@ -739,9 +724,9 @@
             
             <div class="method-source-code" id="get_url_without_filename-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 75</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
-  <span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>
+  <span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>
   <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
   <span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
     <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
@@ -777,7 +762,7 @@
             
             <div class="method-source-code" id="has_changelog-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 145</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 146</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
   <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
     <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
@@ -814,7 +799,7 @@
             
             <div class="method-source-code" id="has_readme-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 136</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 137</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
   <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
     <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
@@ -851,7 +836,7 @@
             
             <div class="method-source-code" id="readme_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 126</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 127</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
   <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -884,7 +869,7 @@
             
             <div class="method-source-code" id="to_s-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 105</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 106</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
   <span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
   <span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
@@ -918,10 +903,10 @@
             
             <div class="method-source-code" id="version-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 85</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 86</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
   <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
-    <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
+    <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
     <span class="ruby-ivar">@version</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%{stable tag: #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
   <span class="ruby-keyword">end</span>
   <span class="ruby-ivar">@version</span>
diff --git a/doc/WpOptions.html b/doc/WpOptions.html
index 871d1290..95da2aab 100644
--- a/doc/WpOptions.html
+++ b/doc/WpOptions.html
@@ -255,7 +255,7 @@
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_options.rb, line 34</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url must be set&quot;</span>)                  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url must be set&quot;</span>)             <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
   <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;only_vulnerable_ones must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
   <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;file must be set&quot;</span>)                 <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
   <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file must be set&quot;</span>)           <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
diff --git a/doc/WpPlugin.html b/doc/WpPlugin.html
index 884a062a..c8b0cbd9 100644
--- a/doc/WpPlugin.html
+++ b/doc/WpPlugin.html
@@ -315,7 +315,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 39</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
-  <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
+  <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
 <span class="ruby-keyword">end</span></pre>
             </div><!-- error_log_url-source -->
             
diff --git a/doc/WpPlugins.html b/doc/WpPlugins.html
index 9e1ce0e8..2c845832 100644
--- a/doc/WpPlugins.html
+++ b/doc/WpPlugins.html
@@ -235,12 +235,12 @@
   <span class="ruby-identifier">plugins</span> = []
   <span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
     <span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">url</span>,
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
         <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
         <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
         <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
         <span class="ruby-value">:type</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
-        <span class="ruby-value">:wp_plugins_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugin_dir</span>
+        <span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
     )
   <span class="ruby-keyword">end</span>
   <span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
@@ -285,16 +285,16 @@ plugins can be found in the source code :</p>
 <span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 51</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
   <span class="ruby-identifier">plugins</span> = []
-  <span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
+  <span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
 
   <span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
     <span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">url</span>,
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
         <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
         <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
         <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
         <span class="ruby-value">:type</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
-        <span class="ruby-value">:wp_plugins_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugin_dir</span>]
+        <span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
     )
   <span class="ruby-keyword">end</span>
   <span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
diff --git a/doc/WpTarget.html b/doc/WpTarget.html
index ef4994fa..7c9b1a0a 100644
--- a/doc/WpTarget.html
+++ b/doc/WpTarget.html
@@ -780,7 +780,7 @@
 <span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 105</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
   <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
-    <span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-string">&quot;plugins&quot;</span>
+    <span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-node">&quot;#{wp_content_dir}/plugins&quot;</span>
   <span class="ruby-keyword">end</span>
   <span class="ruby-ivar">@wp_plugins_dir</span>
 <span class="ruby-keyword">end</span></pre>
diff --git a/doc/WpTheme.html b/doc/WpTheme.html
index c74123fa..7998da6c 100644
--- a/doc/WpTheme.html
+++ b/doc/WpTheme.html
@@ -215,21 +215,6 @@
         <h3 class="section-header">Attributes</h3>
 
         
-        <div id="name-attribute-method" class="method-detail">
-          <a name="name"></a>
-          
-          <div class="method-heading attribute-method-heading">
-            <span class="method-name">name</span><span
-              class="attribute-access-type">[R]</span>
-          </div>
-
-          <div class="method-description">
-          
-          
-          
-          </div>
-        </div>
-        
         <div id="style_url-attribute-method" class="method-detail">
           <a name="style_url"></a>
           
@@ -382,7 +367,7 @@
 
     <span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
                <span class="ruby-value">:style_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
-               <span class="ruby-value">:url</span>             =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
+               <span class="ruby-value">:base_url</span>        =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
                <span class="ruby-value">:path</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
                <span class="ruby-value">:wp_content_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
     )
@@ -431,7 +416,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
 
     <span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_name</span>,
                <span class="ruby-value">:version</span>         =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_version</span>,
-               <span class="ruby-value">:url</span>             =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
+               <span class="ruby-value">:base_url</span>        =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
                <span class="ruby-value">:path</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
                <span class="ruby-value">:wp_content_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
     )
diff --git a/doc/WpTimthumbs.html b/doc/WpTimthumbs.html
index 7aff900d..a311a682 100644
--- a/doc/WpTimthumbs.html
+++ b/doc/WpTimthumbs.html
@@ -322,7 +322,7 @@
     scripts/timthumb.php tools/timthumb.php functions/timthumb.php
   }</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
     <span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>],
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
         <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
         <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
         <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
diff --git a/doc/WpVersion.html b/doc/WpVersion.html
index bca92ace..f6b35a5f 100644
--- a/doc/WpVersion.html
+++ b/doc/WpVersion.html
@@ -293,7 +293,7 @@ etc)</p>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
   <span class="ruby-identifier">options</span> = {
-      <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
+      <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
       <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
   }
   <span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
@@ -393,7 +393,7 @@ file across all versions of wordpress.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 94</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
   <span class="ruby-comment"># needed for rpsec tests</span>
   <span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_versions.xml&quot;</span>
   <span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
@@ -451,7 +451,7 @@ upgrade.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
   <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
 
   <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{name=&quot;generator&quot; content=&quot;wordpress ([^&quot;]+)&quot;}</span>, <span class="ruby-value">1</span>]
@@ -487,7 +487,7 @@ upgrade.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 119</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
   <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
 <span class="ruby-keyword">end</span></pre>
             </div><!-- find_from_readme-source -->
@@ -521,7 +521,7 @@ upgrade.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 68</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
   <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
 
   <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;generator&gt;http://wordpress.org/\?v=([^&lt;]+)&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
@@ -558,7 +558,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 125</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
   <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;sitemap.xml&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
 <span class="ruby-keyword">end</span></pre>
             </div><!-- find_from_sitemap_generator-source -->
@@ -584,8 +584,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
 
           <div class="method-description">
             
-            <p>Used to check if the version is correct : should be numeric with at least
-one ‘.’</p>
+            <p>Used to check if the version is correct : must contain at least one .</p>
             
 
             
@@ -593,7 +592,7 @@ one ‘.’</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 131</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
-  <span class="ruby-string">'(.*(?=.)(?=.*\d)(?=.*[.]).*)'</span>
+  <span class="ruby-string">'([^\r\n]+[\.][^\r\n]+)'</span>
 <span class="ruby-keyword">end</span></pre>
             </div><!-- version_pattern-source -->
             
diff --git a/doc/created.rid b/doc/created.rid
index a561312f..b1138ea1 100644
--- a/doc/created.rid
+++ b/doc/created.rid
@@ -1,4 +1,4 @@
-Sat, 22 Sep 2012 23:49:14 +0200
+Sun, 23 Sep 2012 21:48:18 +0200
 ./CREDITS	Mon, 17 Sep 2012 20:18:24 +0200
 ./Gemfile	Sat, 22 Sep 2012 00:14:07 +0200
 ./lib/browser.rb	Sat, 22 Sep 2012 15:51:15 +0200
@@ -15,23 +15,23 @@ Sat, 22 Sep 2012 23:49:14 +0200
 ./lib/wpscan/modules/web_site.rb	Sat, 22 Sep 2012 16:18:55 +0200
 ./lib/wpscan/modules/wp_config_backup.rb	Sat, 22 Sep 2012 15:01:32 +0200
 ./lib/wpscan/modules/wp_full_path_disclosure.rb	Sat, 15 Sep 2012 08:01:17 +0200
-./lib/wpscan/modules/wp_login_protection.rb	Sat, 22 Sep 2012 16:18:32 +0200
-./lib/wpscan/modules/wp_plugins.rb	Sat, 22 Sep 2012 21:05:32 +0200
+./lib/wpscan/modules/wp_login_protection.rb	Sun, 23 Sep 2012 19:38:40 +0200
+./lib/wpscan/modules/wp_plugins.rb	Sun, 23 Sep 2012 20:20:17 +0200
 ./lib/wpscan/modules/wp_readme.rb	Sat, 15 Sep 2012 08:01:52 +0200
-./lib/wpscan/modules/wp_themes.rb	Sat, 22 Sep 2012 21:32:34 +0200
-./lib/wpscan/modules/wp_timthumbs.rb	Sat, 22 Sep 2012 23:24:13 +0200
+./lib/wpscan/modules/wp_themes.rb	Sun, 23 Sep 2012 19:41:17 +0200
+./lib/wpscan/modules/wp_timthumbs.rb	Sun, 23 Sep 2012 19:40:38 +0200
 ./lib/wpscan/modules/wp_usernames.rb	Sat, 22 Sep 2012 15:01:32 +0200
 ./lib/wpscan/msfrpc_client.rb	Fri, 21 Sep 2012 23:32:27 +0200
 ./lib/wpscan/vulnerable.rb	Sat, 22 Sep 2012 21:23:01 +0200
-./lib/wpscan/wp_detector.rb	Sat, 22 Sep 2012 21:23:10 +0200
-./lib/wpscan/wp_enumerator.rb	Sat, 22 Sep 2012 23:22:53 +0200
-./lib/wpscan/wp_item.rb	Sat, 22 Sep 2012 23:38:11 +0200
-./lib/wpscan/wp_options.rb	Sat, 22 Sep 2012 20:33:35 +0200
-./lib/wpscan/wp_plugin.rb	Sat, 22 Sep 2012 21:24:14 +0200
-./lib/wpscan/wp_target.rb	Sat, 22 Sep 2012 23:47:42 +0200
-./lib/wpscan/wp_theme.rb	Sat, 22 Sep 2012 21:24:57 +0200
+./lib/wpscan/wp_detector.rb	Sun, 23 Sep 2012 19:40:56 +0200
+./lib/wpscan/wp_enumerator.rb	Sun, 23 Sep 2012 19:58:52 +0200
+./lib/wpscan/wp_item.rb	Sun, 23 Sep 2012 21:47:56 +0200
+./lib/wpscan/wp_options.rb	Sun, 23 Sep 2012 19:35:16 +0200
+./lib/wpscan/wp_plugin.rb	Sun, 23 Sep 2012 19:59:17 +0200
+./lib/wpscan/wp_target.rb	Sun, 23 Sep 2012 20:07:45 +0200
+./lib/wpscan/wp_theme.rb	Sun, 23 Sep 2012 19:56:18 +0200
 ./lib/wpscan/wp_user.rb	Sat, 22 Sep 2012 16:12:25 +0200
-./lib/wpscan/wp_version.rb	Sat, 22 Sep 2012 21:25:11 +0200
+./lib/wpscan/wp_version.rb	Sun, 23 Sep 2012 21:26:24 +0200
 ./lib/wpscan/wp_vulnerability.rb	Sat, 22 Sep 2012 16:11:58 +0200
 ./lib/wpscan/wpscan_helper.rb	Sat, 15 Sep 2012 21:19:30 +0200
 ./lib/wpscan/wpscan_options.rb	Sat, 22 Sep 2012 15:01:32 +0200
@@ -39,5 +39,5 @@ Sat, 22 Sep 2012 23:49:14 +0200
 ./lib/wpstools/parse_svn.rb	Sat, 22 Sep 2012 16:10:30 +0200
 ./lib/wpstools/wpstools_helper.rb	Sat, 22 Sep 2012 15:00:03 +0200
 ./README	Thu, 13 Sep 2012 22:54:08 +0200
-./wpscan.rb	Sat, 22 Sep 2012 23:46:46 +0200
+./wpscan.rb	Sun, 23 Sep 2012 19:58:44 +0200
 ./wpstools.rb	Sat, 22 Sep 2012 14:59:30 +0200
diff --git a/doc/index.html b/doc/index.html
index cae72895..d520143b 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -291,6 +291,8 @@
     
       <li><a href="RpcClient.html#method-i-get_exploit_info">#get_exploit_info &mdash; RpcClient</a></li>
     
+      <li><a href="WpItem.html#method-i-get_full_url">#get_full_url &mdash; WpItem</a></li>
+    
       <li><a href="WpUsernames.html#method-i-get_nickname_from_response">#get_nickname_from_response &mdash; WpUsernames</a></li>
     
       <li><a href="WpUsernames.html#method-i-get_nickname_from_url">#get_nickname_from_url &mdash; WpUsernames</a></li>
@@ -303,8 +305,6 @@
     
       <li><a href="WpItem.html#method-i-get_sub_folder">#get_sub_folder &mdash; WpItem</a></li>
     
-      <li><a href="WpItem.html#method-i-get_url">#get_url &mdash; WpItem</a></li>
-    
       <li><a href="WpItem.html#method-i-get_url_without_filename">#get_url_without_filename &mdash; WpItem</a></li>
     
       <li><a href="Object.html#method-i-green">#green &mdash; Object</a></li>
diff --git a/doc/lib/wpscan/modules/wp_plugins_rb.html b/doc/lib/wpscan/modules/wp_plugins_rb.html
index 375773cb..a957f7e9 100644
--- a/doc/lib/wpscan/modules/wp_plugins_rb.html
+++ b/doc/lib/wpscan/modules/wp_plugins_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:05:32 +0200</dd>
+      <dd class="modified-date">2012-09-23 20:20:17 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/modules/wp_timthumbs_rb.html b/doc/lib/wpscan/modules/wp_timthumbs_rb.html
index 408c7604..4789dce4 100644
--- a/doc/lib/wpscan/modules/wp_timthumbs_rb.html
+++ b/doc/lib/wpscan/modules/wp_timthumbs_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:24:13 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:40:38 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/wp_detector_rb.html b/doc/lib/wpscan/wp_detector_rb.html
index 451e993e..bdc256ac 100644
--- a/doc/lib/wpscan/wp_detector_rb.html
+++ b/doc/lib/wpscan/wp_detector_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:23:10 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:40:56 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/wp_enumerator_rb.html b/doc/lib/wpscan/wp_enumerator_rb.html
index 470f8b83..caabd18d 100644
--- a/doc/lib/wpscan/wp_enumerator_rb.html
+++ b/doc/lib/wpscan/wp_enumerator_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:22:53 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:58:52 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/wp_options_rb.html b/doc/lib/wpscan/wp_options_rb.html
index c2bdd2e8..2cae4d51 100644
--- a/doc/lib/wpscan/wp_options_rb.html
+++ b/doc/lib/wpscan/wp_options_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 20:33:35 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:35:16 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/wp_plugin_rb.html b/doc/lib/wpscan/wp_plugin_rb.html
index 87462010..2ae3a21a 100644
--- a/doc/lib/wpscan/wp_plugin_rb.html
+++ b/doc/lib/wpscan/wp_plugin_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:24:14 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:59:17 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/wp_target_rb.html b/doc/lib/wpscan/wp_target_rb.html
index 3762198b..cf1a80b4 100644
--- a/doc/lib/wpscan/wp_target_rb.html
+++ b/doc/lib/wpscan/wp_target_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:47:42 +0200</dd>
+      <dd class="modified-date">2012-09-23 20:07:45 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/wp_theme_rb.html b/doc/lib/wpscan/wp_theme_rb.html
index 9160117e..105bcd25 100644
--- a/doc/lib/wpscan/wp_theme_rb.html
+++ b/doc/lib/wpscan/wp_theme_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:24:57 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:56:18 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/lib/wpscan/wp_version_rb.html b/doc/lib/wpscan/wp_version_rb.html
index b98561a0..065afc9d 100644
--- a/doc/lib/wpscan/wp_version_rb.html
+++ b/doc/lib/wpscan/wp_version_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:25:11 +0200</dd>
+      <dd class="modified-date">2012-09-23 21:26:24 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/doc/wpscan_rb.html b/doc/wpscan_rb.html
index 92570ed4..1d5ee923 100644
--- a/doc/wpscan_rb.html
+++ b/doc/wpscan_rb.html
@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:46:46 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:58:44 +0200</dd>
 
       
       <dt class="requires">Requires</dt>
diff --git a/lib/wpscan/modules/wp_login_protection.rb b/lib/wpscan/modules/wp_login_protection.rb
index 648c2e1a..39102a7e 100644
--- a/lib/wpscan/modules/wp_login_protection.rb
+++ b/lib/wpscan/modules/wp_login_protection.rb
@@ -38,7 +38,7 @@ module WpLoginProtection
 
           return @login_protection_plugin = WpPlugin.new(
               :name           => plugin_name,
-              :url            => @uri,
+              :base_url       => @uri,
               :path           => "/plugins/#{plugin_name}/",
               :wp_content_dir => @wp_content_dir
           )
@@ -68,7 +68,7 @@ module WpLoginProtection
 
   def better_wp_security_url
     WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                  :path            => "/plugins/better-wp-security/",
                  :name            => "better-wp-security"
     ).get_url_without_filename
@@ -81,7 +81,7 @@ module WpLoginProtection
 
   def simple_login_lockdown_url
     WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                  :path            => "/plugins/simple-login-lockdown/",
                  :name            => "simple-login-lockdown"
     ).get_url_without_filename
@@ -94,7 +94,7 @@ module WpLoginProtection
 
   def login_security_solution_url
     WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                  :path            => "/plugins/login-security-solution/",
                  :name            => "login-security-solution"
     ).get_url_without_filename
@@ -107,7 +107,7 @@ module WpLoginProtection
 
   def limit_login_attempts_url
     WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                  :path            => "/plugins/limit-login-attempts/",
                  :name            => "limit-login-attempts"
     ).get_url_without_filename
@@ -120,7 +120,7 @@ module WpLoginProtection
 
   def bluetrait_event_viewer_url
     WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                  :path            => "/plugins/bluetrait-event-viewer/",
                  :name            => "bluetrait-event-viewer"
     ).get_url_without_filename
diff --git a/lib/wpscan/modules/wp_plugins.rb b/lib/wpscan/modules/wp_plugins.rb
index 68c1ad7e..bad4c765 100644
--- a/lib/wpscan/modules/wp_plugins.rb
+++ b/lib/wpscan/modules/wp_plugins.rb
@@ -31,12 +31,12 @@ module WpPlugins
     plugins = []
     result.each do |r|
       plugins << WpPlugin.new(
-          :url            => r.url,
+          :base_url       => r.base_url,
           :path           => r.path,
           :wp_content_dir => r.wp_content_dir,
           :name           => r.name,
           :type           => "plugins",
-          :wp_plugins_dir  => r.wp_plugin_dir
+          :wp_plugins_dir => r.wp_plugins_dir
       )
     end
     plugins.sort_by { |p| p.name }
@@ -50,16 +50,16 @@ module WpPlugins
   # return array of WpPlugin
   def plugins_from_passive_detection(options)
     plugins = []
-    temp = WpDetector.passive_detection(options[:url], "plugins", options[:wp_content_dir])
+    temp = WpDetector.passive_detection(options[:base_url], "plugins", options[:wp_content_dir])
 
     temp.each do |item|
       plugins << WpPlugin.new(
-          :url            => item.url,
+          :base_url       => item.base_url,
           :name           => item.name,
           :path           => item.path,
           :wp_content_dir => options[:wp_content_dir],
           :type           => "plugins",
-          :wp_plugins_dir  => options[:wp_plugin_dir]
+          :wp_plugins_dir => options[:wp_plugins_dir]
       )
     end
     plugins.sort_by { |p| p.name }
diff --git a/lib/wpscan/modules/wp_themes.rb b/lib/wpscan/modules/wp_themes.rb
index 97d6b302..78e93fd5 100644
--- a/lib/wpscan/modules/wp_themes.rb
+++ b/lib/wpscan/modules/wp_themes.rb
@@ -29,7 +29,7 @@ module WpThemes
     themes = []
     result.each do |r|
       themes << WpTheme.new(
-          :url            => r.url,
+          :base_url       => r.base_url,
           :path           => r.path,
           :wp_content_dir => r.wp_content_dir,
           :name           => r.name
@@ -40,11 +40,11 @@ module WpThemes
 
   def themes_from_passive_detection(options)
     themes = []
-    temp = WpDetector.passive_detection(options[:url], "themes", options[:wp_content_dir])
+    temp = WpDetector.passive_detection(options[:base_url], "themes", options[:wp_content_dir])
 
     temp.each do |item|
       themes << WpTheme.new(
-          :url            => item.url,
+          :base_url       => item.base_url,
           :name           => item.name,
           :path           => item.path,
           :wp_content_dir => options[:wp_content_dir]
diff --git a/lib/wpscan/modules/wp_timthumbs.rb b/lib/wpscan/modules/wp_timthumbs.rb
index cae99b4d..95f47391 100644
--- a/lib/wpscan/modules/wp_timthumbs.rb
+++ b/lib/wpscan/modules/wp_timthumbs.rb
@@ -55,7 +55,7 @@ module WpTimthumbs
       scripts/timthumb.php tools/timthumb.php functions/timthumb.php
     }.each do |file|
       targets << WpItem.new(
-          :url            => options[:url],
+          :base_url       => options[:base_url],
           :path           => "themes/#{theme_name}/#{file}",
           :wp_content_dir => options[:wp_content_dir],
           :name           => theme_name,
diff --git a/lib/wpscan/wp_detector.rb b/lib/wpscan/wp_detector.rb
index 43933d36..40362e94 100644
--- a/lib/wpscan/wp_detector.rb
+++ b/lib/wpscan/wp_detector.rb
@@ -23,7 +23,7 @@ class WpDetector
 
     result = items
     if items == nil or items.length == 0
-      result = passive_detection(options[:url], options[:type], options[:wp_content_dir])
+      result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir])
     end
 
     enum_results = WpEnumerator.enumerate(options)
@@ -61,7 +61,7 @@ class WpDetector
 
     names.each do |item|
       items << WpItem.new(
-          :url            => url,
+          :base_url       => url,
           :name           => item,
           :type           => type,
           :path           => "#{item}/",
diff --git a/lib/wpscan/wp_enumerator.rb b/lib/wpscan/wp_enumerator.rb
index 11ae4eee..ba4bab5a 100644
--- a/lib/wpscan/wp_enumerator.rb
+++ b/lib/wpscan/wp_enumerator.rb
@@ -24,7 +24,7 @@ class WpEnumerator
   # ==== Attributes
   #
   # * +targets+ - targets to enumerate
-  # * * +:url+ - Base URL
+  # * * +:base_url+ - Base URL
   # * * +:wp_content+ - wp-content directory
   # * * +:path+ - Path to plugin
   # * +type+ - "plugins" or "themes", item to enumerate
@@ -50,7 +50,7 @@ class WpEnumerator
     enumerate_size = targets.size
 
     targets.each do |target|
-      url = target.get_url
+      url = target.get_full_url
 
       request = enum_browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
       request_count += 1
@@ -86,7 +86,7 @@ class WpEnumerator
     file              = options[:file]
     vulns_file        = options[:vulns_file]
     wp_content_dir    = options[:wp_content_dir]
-    url               = options[:url]
+    url               = options[:base_url]
     type              = options[:type]
     plugins_dir       = options[:wp_plugins_dir]
     targets_url       = []
@@ -96,7 +96,7 @@ class WpEnumerator
       File.open(file, "r") do |f|
         f.readlines.collect do |line|
           targets_url << WpItem.new(
-              :url            => url,
+              :base_url       => url,
               :path           => line.strip,
               :wp_content_dir => wp_content_dir,
               :name           => File.dirname(line.strip),
@@ -118,7 +118,7 @@ class WpEnumerator
       xml.xpath(options[:vulns_xpath_2]).each do |node|
         name = node.attribute("name").text
         targets_url << WpItem.new(
-            :url            => url,
+            :base_url       => url,
             :path           => name,
             :wp_content_dir => wp_content_dir,
             :name           => name,
diff --git a/lib/wpscan/wp_item.rb b/lib/wpscan/wp_item.rb
index 97b85f24..47d33928 100644
--- a/lib/wpscan/wp_item.rb
+++ b/lib/wpscan/wp_item.rb
@@ -19,20 +19,20 @@
 require "#{WPSCAN_LIB_DIR}/vulnerable"
 
 class WpItem < Vulnerable
-  attr_accessor :path, :url, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugin_dir, :type
+  attr_reader :base_url, :path, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugins_dir, :type
   @version = nil
 
   def initialize(options)
     @type           = options[:type]
-    @wp_content_dir = options[:wp_content_dir] || "wp-content"
-    @wp_plugin_dir  = options[:wp_plugins_dir] || "plugins"
-    @url            = options[:url]
+    @wp_content_dir = options[:wp_content_dir] ? options[:wp_content_dir].sub(/^\//, "").sub(/\/$/, "") : "wp-content"
+    @wp_plugins_dir = options[:wp_plugins_dir] || "#@wp_content_dir/plugins"
+    @base_url       = options[:base_url]
     @path           = options[:path]
     @name           = options[:name] || extract_name_from_url
     @vulns_file     = options[:vulns_file]
     @vulns_xpath    = options[:vulns_xpath].sub(/\$name\$/, @name) unless options[:vulns_xpath] == nil
 
-    raise("url not set")            unless @url
+    raise("base_url not set")       unless @base_url
     raise("path not set")           unless @path
     raise("wp_content_dir not set") unless @wp_content_dir
     raise("name not set")           unless @name
@@ -42,8 +42,6 @@ class WpItem < Vulnerable
 
   def get_sub_folder
     case @type
-      when "plugins"
-        folder = @wp_plugin_dir
       when "themes"
         folder = "themes"
       when "timthumbs"
@@ -56,13 +54,16 @@ class WpItem < Vulnerable
   end
 
   # Get the full url for this item
-  def get_url
-    url = @url.to_s.end_with?("/") ? @url.to_s : "#@url/"
+  def get_full_url
+    url = @base_url.to_s.end_with?("/") ? @base_url.to_s : "#@base_url/"
     # remove first and last /
     wp_content_dir = @wp_content_dir.sub(/^\//, "").sub(/\/$/, "")
     # remove first /
     path = @path.sub(/^\//, "")
-    if type == "timthumbs"
+    if type =="plugins"
+      # plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir
+      ret = URI.parse("#{url}#@wp_plugins_dir/#{path}")
+    elsif type == "timthumbs"
       # timthumbs have folder in path variable
       ret = URI.parse("#{url}#{wp_content_dir}/#{path}")
     else
@@ -73,7 +74,7 @@ class WpItem < Vulnerable
 
   # Gets the full url for this item without filenames
   def get_url_without_filename
-    location_url = get_url.to_s
+    location_url = get_full_url.to_s
     valid_location_url = location_url[%r{^(https?://.*/)[^.]+\.[^/]+$}, 1]
     unless valid_location_url
       valid_location_url = add_trailing_slash(location_url)
@@ -84,7 +85,7 @@ class WpItem < Vulnerable
   # Returns version number from readme.txt if it exists
   def version
     unless @version
-      response = Browser.instance.get(get_url.merge("readme.txt").to_s)
+      response = Browser.instance.get(get_full_url.merge("readme.txt").to_s)
       @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
     end
     @version
@@ -98,7 +99,7 @@ class WpItem < Vulnerable
 
   # Extract item name from a url
   def extract_name_from_url
-    get_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2]
+    get_full_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2]
   end
 
   # To string. Adds a version number if detected
diff --git a/lib/wpscan/wp_options.rb b/lib/wpscan/wp_options.rb
index e48c4196..c68320ff 100644
--- a/lib/wpscan/wp_options.rb
+++ b/lib/wpscan/wp_options.rb
@@ -32,7 +32,7 @@
 # * +type+ - Type: plugins, themes
 class WpOptions
   def self.check_options(options)
-    raise("url must be set")                  unless options[:url] != nil and options[:url].to_s.length > 0
+    raise("base_url must be set")             unless options[:base_url] != nil and options[:base_url].to_s.length > 0
     raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil
     raise("file must be set")                 unless options[:file] != nil and options[:file].length > 0
     raise("vulns_file must be set")           unless options[:vulns_file] != nil and options[:vulns_file].length > 0
diff --git a/lib/wpscan/wp_plugin.rb b/lib/wpscan/wp_plugin.rb
index 0e9799f1..7315771a 100644
--- a/lib/wpscan/wp_plugin.rb
+++ b/lib/wpscan/wp_plugin.rb
@@ -37,6 +37,6 @@ class WpPlugin < WpItem
   end
 
   def error_log_url
-    get_url.merge("error_log").to_s
+    get_full_url.merge("error_log").to_s
   end
 end
diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb
index a1b7f636..8e7ab549 100644
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -104,7 +104,7 @@ class WpTarget
 
   def wp_plugins_dir
     unless @wp_plugins_dir
-      @wp_plugins_dir = "plugins"
+      @wp_plugins_dir = "#{wp_content_dir}/plugins"
     end
     @wp_plugins_dir
   end
diff --git a/lib/wpscan/wp_theme.rb b/lib/wpscan/wp_theme.rb
index 50a1e73a..79a18f53 100644
--- a/lib/wpscan/wp_theme.rb
+++ b/lib/wpscan/wp_theme.rb
@@ -20,7 +20,7 @@ require "#{WPSCAN_LIB_DIR}/vulnerable"
 
 class WpTheme < WpItem
 
-  attr_reader :name, :style_url, :version
+  attr_reader :style_url, :version
 
   def initialize(options = {})
     options[:vulns_file]    = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
@@ -67,7 +67,7 @@ class WpTheme < WpItem
 
       return new(:name            => theme_name,
                  :style_url       => style_url,
-                 :url             => style_url,
+                 :base_url        => style_url,
                  :path            => "",
                  :wp_content_dir  => ""
       )
@@ -87,7 +87,7 @@ class WpTheme < WpItem
 
       return new(:name            => woo_theme_name,
                  :version         => woo_theme_version,
-                 :url             => matches[0],
+                 :base_url        => matches[0],
                  :path            => "",
                  :wp_content_dir  => ""
       )
diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb
index 4f69ecc4..17be618a 100644
--- a/lib/wpscan/wp_version.rb
+++ b/lib/wpscan/wp_version.rb
@@ -38,7 +38,7 @@ class WpVersion < Vulnerable
   # (find_from_meta_generator, find_from_rss_generator etc)
   def self.find(target_uri, wp_content_dir)
     options = {
-        :url            => target_uri,
+        :base_url       => target_uri,
         :wp_content_dir => wp_content_dir
     }
     self.methods.grep(/find_from_/).each do |method_to_call|
@@ -59,14 +59,14 @@ class WpVersion < Vulnerable
   # The meta tag can be removed however it seems,
   # that it is reinstated on upgrade.
   def self.find_from_meta_generator(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
     response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2})
 
     response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1]
   end
 
   def self.find_from_rss_generator(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
     response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2})
 
     response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1]
@@ -92,7 +92,7 @@ class WpVersion < Vulnerable
   #  /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
   #
   def self.find_from_advanced_fingerprinting(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
     # needed for rpsec tests
     version_xml = options[:version_xml] || DATA_DIR + "/wp_versions.xml"
     xml = Nokogiri::XML(File.open(version_xml)) do |config|
@@ -117,18 +117,18 @@ class WpVersion < Vulnerable
   end
 
   def self.find_from_readme(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
     Browser.instance.get(target_uri.merge("readme.html").to_s).body[%r{<br />\sversion #{WpVersion.version_pattern}}i, 1]
   end
 
   # http://code.google.com/p/wpscan/issues/detail?id=109
   def self.find_from_sitemap_generator(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
     Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1]
   end
 
-  # Used to check if the version is correct : should be numeric with at least one '.'
+  # Used to check if the version is correct : must contain at least one .
   def self.version_pattern
-    '(.*(?=.)(?=.*\d)(?=.*[.]).*)'
+    '([^\r\n]+[\.][^\r\n]+)'
   end
 end
diff --git a/spec/lib/wpscan/modules/wp_login_protection_spec.rb b/spec/lib/wpscan/modules/wp_login_protection_spec.rb
index d8119549..2349ded2 100644
--- a/spec/lib/wpscan/modules/wp_login_protection_spec.rb
+++ b/spec/lib/wpscan/modules/wp_login_protection_spec.rb
@@ -100,7 +100,7 @@ shared_examples_for "WpLoginProtection" do
 
     it "should return a login-lockdown WpPlugin object" do
       @fixture = @fixtures_dir + "/wp-login-login_lockdown.php"
-      @plugin_expected = WpPlugin.new(:url => @module.url,
+      @plugin_expected = WpPlugin.new(:base_url => @module.url,
                                       :path => "/plugins/login-lockdown/",
                                       :name => "login-lockdown"
       )
@@ -109,7 +109,7 @@ shared_examples_for "WpLoginProtection" do
 
     it "should return a login-lock WpPlugin object" do
       @fixture = @fixtures_dir + "/wp-login-login_lock.php"
-      @plugin_expected = WpPlugin.new(:url => @module.url,
+      @plugin_expected = WpPlugin.new(:base_url => @module.url,
                                       :path => "/plugins/login-lock/",
                                       :name => "login-lock"
       )
diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb
index 9cf6c458..406cd628 100644
--- a/spec/lib/wpscan/modules/wp_plugins_spec.rb
+++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb
@@ -31,7 +31,7 @@ shared_examples_for "WpPlugins" do
     @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
     @module.extend(WpPlugins)
 
-    @options = {:url => @wp_url,
+    @options = {:base_url => @wp_url,
                 :only_vulnerable_ones => false,
                 :show_progress_bar => false,
                 :error_404_hash => Digest::MD5.hexdigest("Error 404!"),
@@ -43,27 +43,27 @@ shared_examples_for "WpPlugins" do
     }
     File.exist?(@plugin_vulns_file).should == true
     File.exist?(@plugins_file).should == true
-    @targets = [WpPlugin.new({:url => "http://example.localhost/",
+    @targets = [WpPlugin.new({:base_url => "http://example.localhost/",
                               :path => "exclude-pages/exclude_pages.php",
                               :wp_content_dir => "wp-content",
                               :name => "exclude-pages"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                               :path => "display-widgets/display-widgets.php",
                               :wp_content_dir => "wp-content",
                               :name => "display-widgets"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                               :path => "media-library",
                               :wp_content_dir => "wp-content",
                               :name => "media-library"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                               :path => "deans",
                               :wp_content_dir => "wp-content",
                               :name => "deans"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                               :path => "formidable/formidable.php",
                               :wp_content_dir => "wp-content",
                               :name => "formidable"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                               :path => "regenerate-thumbnails/readme.txt",
                               :wp_content_dir => "wp-content",
                               :name => "regenerate-thumbnails"})]
@@ -74,7 +74,7 @@ shared_examples_for "WpPlugins" do
 
     it "should return an empty array" do
       stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm'))
-      plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
       plugins.should be_empty
     end
 
@@ -92,12 +92,12 @@ shared_examples_for "WpPlugins" do
       }
       expected_plugins = []
       expected_plugin_names.each do |plugin_name|
-        expected_plugins << WpPlugin.new(:url => @module.url,
+        expected_plugins << WpPlugin.new(:base_url => @module.url,
                                          :path => "/plugins/#{plugin_name}/",
                                          :name => plugin_name)
       end
 
-      plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
       plugins.should_not be_empty
       plugins.length.should == expected_plugins.length
       plugins.sort.should == expected_plugins.sort
@@ -110,7 +110,7 @@ shared_examples_for "WpPlugins" do
       stub_request(:get, @module.uri.to_s).to_return(:status => 200)
       # Point all targets to a 404
       @targets.each do |target|
-        stub_request(:get, target.get_url.to_s).to_return(:status => 404)
+        stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
         # to_s calls readme_url
         stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
       end
@@ -132,9 +132,9 @@ shared_examples_for "WpPlugins" do
       @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm"
       @expected_plugins = @targets.sample(2)
       @expected_plugins.each do |p|
-        stub_request(:get, p.get_url.to_s).to_return(:status => 200)
+        stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
       end
-      new_plugin = WpPlugin.new(:url => "http://example.localhost/",
+      new_plugin = WpPlugin.new(:base_url => "http://example.localhost/",
                                 :path => "/plugins/comment-info-tip/",
                                 :name => "comment-info-tip")
       stub_request(:get, new_plugin.readme_url.to_s).to_return(:status => 200)
@@ -149,7 +149,7 @@ shared_examples_for "WpPlugins" do
         plugin_url.should_not be_nil
         plugin_url.length.should == 1
         @expected_plugins = plugin_url
-        stub_request(:get, plugin_url[0].get_url.to_s).to_return(:status => valid_response_code)
+        stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
       end
     end
   end
diff --git a/spec/lib/wpscan/modules/wp_themes_spec.rb b/spec/lib/wpscan/modules/wp_themes_spec.rb
index e4001657..79072983 100644
--- a/spec/lib/wpscan/modules/wp_themes_spec.rb
+++ b/spec/lib/wpscan/modules/wp_themes_spec.rb
@@ -31,7 +31,7 @@ shared_examples_for "WpThemes" do
     @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
     @module.extend(WpThemes)
 
-    @options = {:url => @wp_url,
+    @options = {:base_url => @wp_url,
                 :only_vulnerable_ones => false,
                 :show_progress_bar => false,
                 :error_404_hash => Digest::MD5.hexdigest("Error 404!"),
@@ -43,55 +43,55 @@ shared_examples_for "WpThemes" do
     }
     File.exist?(@theme_vulns_file).should == true
     File.exist?(@themes_file).should == true
-    @targets = [WpTheme.new({:url => "http://example.localhost/",
+    @targets = [WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zenpro/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zenpro"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zeta-zip/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zeta-zip"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zfirst/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zfirst"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zgrey/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zgrey"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zindi-ii/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zindi-ii"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zindi/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zindi"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zombie-apocalypse/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zombie-apocalypse"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zsofa/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zsofa"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "zwei-seiten/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "zwei-seiten"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "twentyten/404.php",
                              :wp_content_dir => "wp-content",
                              :name => "twentyten"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "shopperpress",
                              :wp_content_dir => "wp-content",
                              :name => "shopperpress"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "wise",
                              :wp_content_dir => "wp-content",
                              :name => "wise"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                              :path => "webfolio",
                              :wp_content_dir => "wp-content",
                              :name => "webfolio"})]
@@ -102,7 +102,7 @@ shared_examples_for "WpThemes" do
 
     it "should return an empty array" do
       stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_theme.htm'))
-      themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
       themes.should be_empty
     end
 
@@ -112,12 +112,12 @@ shared_examples_for "WpThemes" do
       expected_theme_names = %w{ theme1 theme2 theme3 }
       expected_themes = []
       expected_theme_names.each do |theme_name|
-        expected_themes << WpTheme.new(:url => @module.url,
+        expected_themes << WpTheme.new(:base_url => @module.url,
                                        :path => "/themes/#{theme_name}/",
                                        :name => theme_name)
       end
 
-      themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
       themes.should_not be_empty
       themes.length.should == expected_themes.length
       themes.sort.should == expected_themes.sort
@@ -130,7 +130,7 @@ shared_examples_for "WpThemes" do
       stub_request(:get, @module.uri.to_s).to_return(:status => 200)
       # Point all targets to a 404
       @targets.each do |target|
-        stub_request(:get, target.get_url.to_s).to_return(:status => 404)
+        stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
         # to_s calls readme_url
         stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
       end
@@ -152,9 +152,9 @@ shared_examples_for "WpThemes" do
       @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_theme.htm"
       @expected_themes = @targets.sample(2)
       @expected_themes.each do |p|
-        stub_request(:get, p.get_url.to_s).to_return(:status => 200)
+        stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
       end
-      new_theme = WpTheme.new(:url => "http://example.localhost/",
+      new_theme = WpTheme.new(:base_url => "http://example.localhost/",
                               :path => "/themes/custom-twentyten/",
                               :name => "custom-twentyten")
       stub_request(:get, new_theme.readme_url.to_s).to_return(:status => 200)
@@ -169,7 +169,7 @@ shared_examples_for "WpThemes" do
         theme_url.should_not be_nil
         theme_url.length.should == 1
         @expected_themes = theme_url
-        stub_request(:get, theme_url[0].get_url.to_s).to_return(:status => valid_response_code)
+        stub_request(:get, theme_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
       end
     end
   end
diff --git a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb
index e136c802..8c8a849e 100644
--- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb
+++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb
@@ -22,7 +22,7 @@ shared_examples_for "WpTimthumbs" do
     @options = {}
     @url = "http://example.localhost/"
     @theme_name = "bueno"
-    @options[:url] = @url
+    @options[:base_url] = @url
     @options[:wp_content_dir] = "wp-content"
     @options[:name] = @theme_name
     @options[:error_404_hash] = "xx"
@@ -60,7 +60,7 @@ shared_examples_for "WpTimthumbs" do
       targets.length.should > 0
       temp = []
       targets.each do |t|
-        temp << t.get_url.to_s
+        temp << t.get_full_url.to_s
       end
       temp.sort.should === @targets_from_theme.sort
     end
@@ -91,7 +91,7 @@ shared_examples_for "WpTimthumbs" do
       urls = []
       urls_hash = WpEnumerator.generate_items(@options)
       urls_hash.each do |u|
-        url = u.get_url.to_s
+        url = u.get_full_url.to_s
         urls << url
         stub_request(:get, url).to_return(:status => 404)
       end
@@ -106,7 +106,7 @@ shared_examples_for "WpTimthumbs" do
 
       temp = []
       timthumbs.each do |t|
-        temp << t.get_url.to_s
+        temp << t.get_full_url.to_s
       end
       temp.sort.should === expected.sort
       @module.has_timthumbs?(nil).should be_true
diff --git a/spec/lib/wpscan/wp_item_spec.rb b/spec/lib/wpscan/wp_item_spec.rb
index 89dac96f..fa8ad2af 100644
--- a/spec/lib/wpscan/wp_item_spec.rb
+++ b/spec/lib/wpscan/wp_item_spec.rb
@@ -19,82 +19,141 @@
 require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 
 describe WpPlugin do
-  before :each do
-    @instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
-                           :path => "test/asdf.php",
-                           :vulns_file => "XXX.xml",
-                           :name => "test",
-                           :vulns_xpath => "XX",
-                           :type => "plugins"
-    )
-  end
-
   describe "#initialize" do
     it "should create a correct instance" do
-      @instance.wp_content_dir.should == "wp-content"
-      @instance.url.should == "http://sub.example.com/path/to/wordpress/"
-      @instance.path.should == "test/asdf.php"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.wp_content_dir.should == "wp-content"
+      instance.base_url.should == "http://sub.example.com/path/to/wordpress/"
+      instance.path.should == "test/asdf.php"
     end
   end
 
-  describe "#get_url" do
+  describe "#get_full_url" do
     it "should return the correct url" do
-      @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php"
     end
 
     it "should return the correct url (custom wp_content_dir)" do
-      @instance.wp_content_dir = "custom"
-      @instance.type = "plugins"
-      @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "custom"
+      )
+      instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
     end
 
     it "should trim / and add missing / before concatenating url" do
-      @instance.wp_content_dir = "/custom/"
-      @instance.url = "http://sub.example.com/path/to/wordpress"
-      @instance.path = "test/asdf.php"
-      @instance.type = "plugins"
-      @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "/custom/"
+      )
+      instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
     end
   end
 
   describe "#get_url_without_filename" do
     it "should return the correct url" do
-      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
     end
 
     it "should return the correct url (custom wp_content_dir)" do
-      @instance.wp_content_dir = "custom"
-      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "custom"
+      )
+      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
     end
 
     it "should trim / and add missing / before concatenating url" do
-      @instance.wp_content_dir = "/custom/"
-      @instance.url = "http://sub.example.com/path/to/wordpress"
-      @instance.path = "test/asdf.php"
-      @instance.type = "plugins"
-      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "/custom/"
+      )
+      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
     end
 
     it "should not remove the last foldername" do
-      @instance.path = "test/"
-      @instance.type = "plugins"
-      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
     end
 
     it "should return the correct url (https)" do
-      @instance.url = "https://sub.example.com/path/to/wordpress/"
-      @instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
+      instance = WpItem.new(:base_url => "https://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
     end
 
     it "should add the last slash if it's not present" do
-      @instance.path = "test-one"
-      @instance.type = "plugins"
-      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test-one",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
     end
   end
 
   describe "#version" do
     let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
+
+    before :each do
+      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                             :path => "test/asdf.php",
+                             :vulns_file => "XXX.xml",
+                             :name => "test",
+                             :vulns_xpath => "XX",
+                             :type => "plugins"
+      )
+    end
+
     it "should return a version number" do
       stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
       @instance.version.should == "1.2.4.3.2.1"
@@ -120,6 +179,16 @@ describe WpPlugin do
   end
 
   describe "#directory_listing?" do
+    before :each do
+      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                             :path => "test/asdf.php",
+                             :vulns_file => "XXX.xml",
+                             :name => "test",
+                             :vulns_xpath => "XX",
+                             :type => "plugins"
+      )
+    end
+
     it "should return true" do
       stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200,
                                                                             :body => "<html><head><title>Index of asdf</title></head></html>")
@@ -140,36 +209,74 @@ describe WpPlugin do
 
   describe "#extract_name_from_url" do
     it "should extract the correct name" do
-      @instance.extract_name_from_url.should == "test"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.extract_name_from_url.should == "test"
     end
 
     it "should extract the correct name (custom wp_content_dir)" do
-      @instance.wp_content_dir = "custom"
-      @instance.extract_name_from_url.should == "test"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "custom"
+      )
+      instance.extract_name_from_url.should == "test"
     end
 
     it "should extract the correct name" do
-      @instance.wp_content_dir = "/custom/"
-      @instance.url = "http://sub.example.com/path/to/wordpress"
-      @instance.path = "test2/asdf.php"
-      @instance.type = "plugins"
-      @instance.extract_name_from_url.should == "test2"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test2/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "/custom/"
+      )
+      instance.extract_name_from_url.should == "test2"
     end
 
     it "should extract the correct plugin name" do
-      @instance.path = "testplugin/"
-      @instance.type = "plugins"
-      @instance.extract_name_from_url.should == "testplugin"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "testplugin/",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.extract_name_from_url.should == "testplugin"
     end
 
     it "should extract the correct theme name" do
-      @instance.path = "testtheme/"
-      @instance.type = "plugins"
-      @instance.extract_name_from_url.should == "testtheme"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "testtheme/",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "themes"
+      )
+      instance.extract_name_from_url.should == "testtheme"
     end
   end
 
   describe "#to_s" do
+    before :each do
+      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                             :path => "test/asdf.php",
+                             :vulns_file => "XXX.xml",
+                             :name => "test",
+                             :vulns_xpath => "XX",
+                             :type => "plugins"
+      )
+    end
+
     it "should return the name including a version number" do
       stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
       @instance.to_s.should == "test v1.2.4.3.2.1"
@@ -182,8 +289,18 @@ describe WpPlugin do
   end
 
   describe "#==" do
+    before :each do
+      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                             :path => "test/asdf.php",
+                             :vulns_file => "XXX.xml",
+                             :name => "test",
+                             :vulns_xpath => "XX",
+                             :type => "plugins"
+      )
+    end
+
     it "should return false" do
-      instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "newname/asdf.php",
                              :type => "plugins",
                              :vulns_file => "XXX.xml",
@@ -193,7 +310,7 @@ describe WpPlugin do
     end
 
     it "should return true" do
-      instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "test/asdf.php",
                              :type => "plugins",
                              :vulns_file => "XXX.xml",
@@ -204,38 +321,25 @@ describe WpPlugin do
   end
 
   describe "#get_sub_folder" do
-    it "should return plugins" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+    it "should return themes" do
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                         :path => "test/asdf.php",
                         :vulns_file => "XXX.xml",
                         :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                         :name => "test",
                         :vulns_xpath => "XX",
-                        :type => "plugins"
+                        :type => "themes"
       )
-      item.get_sub_folder.should == "plugins"
-    end
-
-    it "should return custom-plugins" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
-                        :path => "test/asdf.php",
-                        :vulns_file => "XXX.xml",
-                        :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "custom-plugins",
-                        :name => "test",
-                        :vulns_xpath => "XX",
-                        :type => "plugins"
-      )
-      item.get_sub_folder.should == "custom-plugins"
+      item.get_sub_folder.should == "themes"
     end
 
     it "should return themes" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                         :path => "test/asdf.php",
                         :vulns_file => "XXX.xml",
                         :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                         :name => "test",
                         :vulns_xpath => "XX",
                         :type => "themes"
@@ -244,11 +348,11 @@ describe WpPlugin do
     end
 
     it "should return nil" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                         :path => "test/asdf.php",
                         :vulns_file => "XXX.xml",
                         :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                         :name => "test",
                         :vulns_xpath => "XX",
                         :type => "timthumbs"
@@ -257,11 +361,11 @@ describe WpPlugin do
     end
 
     it "should raise an exception" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                         :path => "test/asdf.php",
                         :vulns_file => "XXX.xml",
                         :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                         :name => "test",
                         :vulns_xpath => "XX",
                         :type => "type"
@@ -272,55 +376,111 @@ describe WpPlugin do
 
   describe "#readme_url" do
     it "should return the corrent plugin readme url" do
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt"
     end
 
     it "should return the corrent plugin readme url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
-      @instance.type = "plugins"
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "custom"
+      )
+      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt"
     end
 
     it "should return the corrent theme readme url" do
-      @instance.path = "test/asdf.php"
-      @instance.type = "themes"
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "themes"
+      )
+      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt"
     end
 
     it "should return the corrent theme readme url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
-      @instance.path = "test/asdf.php"
-      @instance.type = "themes"
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "themes",
+                            :wp_content_dir => "custom"
+      )
+      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt"
     end
   end
 
   describe "#changelog_url" do
     it "should return the corrent plugin changelog url" do
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins"
+      )
+      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt"
     end
 
     it "should return the corrent plugin changelog url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
-      @instance.type = "plugins"
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "plugins",
+                            :wp_content_dir => "custom"
+      )
+      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt"
     end
 
     it "should return the corrent theme changelog url" do
-      @instance.path = "test/asdf.php"
-      @instance.type = "themes"
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "themes"
+      )
+      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt"
     end
 
     it "should return the corrent theme changelog url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
-      @instance.path = "test/asdf.php"
-      @instance.type = "themes"
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                            :path => "test/asdf.php",
+                            :vulns_file => "XXX.xml",
+                            :name => "test",
+                            :vulns_xpath => "XX",
+                            :type => "themes",
+                            :wp_content_dir => "custom"
+      )
+      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt"
     end
   end
 
   describe "#has_readme?" do
+    before :each do
+      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                             :path => "test/asdf.php",
+                             :vulns_file => "XXX.xml",
+                             :name => "test",
+                             :vulns_xpath => "XX",
+                             :type => "plugins"
+      )
+    end
+
     it "should return true" do
       stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200)
       @instance.has_readme?.should == true
@@ -333,6 +493,16 @@ describe WpPlugin do
   end
 
   describe "#has_changelog?" do
+    before :each do
+      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
+                             :path => "test/asdf.php",
+                             :vulns_file => "XXX.xml",
+                             :name => "test",
+                             :vulns_xpath => "XX",
+                             :type => "plugins"
+      )
+    end
+
     it "should return true" do
       stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 200)
       @instance.has_changelog?.should == true
diff --git a/spec/lib/wpscan/wp_options_spec.rb b/spec/lib/wpscan/wp_options_spec.rb
index 7ddddacd..0e5a18b9 100644
--- a/spec/lib/wpscan/wp_options_spec.rb
+++ b/spec/lib/wpscan/wp_options_spec.rb
@@ -22,7 +22,7 @@ describe WpOptions do
   describe "#check_options" do
     before :each do
       @options = {}
-      @options[:url] = "url"
+      @options[:base_url] = "url"
       @options[:only_vulnerable_ones] = false
       @options[:file] = "file"
       @options[:vulns_file] = "vulns_file"
@@ -40,14 +40,14 @@ describe WpOptions do
       expect { WpOptions.check_options(@options) }.to raise_error(RuntimeError, @message)
     end
 
-    it "should raise an exception (url empty)" do
-      @options[:url] = ""
-      @message = "url must be set"
+    it "should raise an exception (base_url empty)" do
+      @options[:base_url] = ""
+      @message = "base_url must be set"
     end
 
-    it "should raise an exception (url nil)" do
-      @options[:url] = nil
-      @message = "url must be set"
+    it "should raise an exception (base_url nil)" do
+      @options[:base_url] = nil
+      @message = "base_url must be set"
     end
 
     it "should raise an exception (only_vulnerable_ones nil)" do
diff --git a/spec/lib/wpscan/wp_plugin_spec.rb b/spec/lib/wpscan/wp_plugin_spec.rb
index 7ca5deee..28c1a536 100644
--- a/spec/lib/wpscan/wp_plugin_spec.rb
+++ b/spec/lib/wpscan/wp_plugin_spec.rb
@@ -21,29 +21,29 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 describe WpPlugin do
   describe "#initialize" do
     it "should not raise an exception" do
-      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
+      expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
     end
 
     it "should not raise an exception (wp_content_dir not set)" do
-      expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
+      expect { WpPlugin.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
     end
 
-    it "should raise an exception (url not set)" do
+    it "should raise an exception (base_url not set)" do
       expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
     end
 
     it "should raise an exception (path not set)" do
-      expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
+      expect { WpPlugin.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
     end
 
     it "should raise an exception (name not set)" do
-      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
+      expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
     end
   end
 
   describe "#error_log_url" do
     it "should return a correct url" do
-      temp = WpPlugin.new(:url => "http://wordpress.com",
+      temp = WpPlugin.new(:base_url => "http://wordpress.com",
                           :path => "test/asdf.php")
       temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log"
     end
@@ -51,7 +51,7 @@ describe WpPlugin do
 
   describe "#error_log?" do
     before :each do
-      @temp = WpPlugin.new(:url => "http://wordpress.com",
+      @temp = WpPlugin.new(:base_url => "http://wordpress.com",
                            :path => "test/asdf.php")
     end
 
diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb
index 39a5c988..c1563538 100644
--- a/spec/lib/wpscan/wp_target_spec.rb
+++ b/spec/lib/wpscan/wp_target_spec.rb
@@ -27,7 +27,7 @@ describe WpTarget do
       :config_file    => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
       :cache_timeout  => 0,
       :wp_content_dir => "wp-content",
-      :wp_plugins_dir => "plugins"
+      :wp_plugins_dir => "wp-content/plugins"
     }
     @wp_target = WpTarget.new("http://example.localhost/", @options)
   end
@@ -153,20 +153,25 @@ describe WpTarget do
 
   describe "#wp_plugins_dir" do
     after :each do
-      @wp_target.stub(:wp_content_dir => @stub_value) if @stub_value
+      @wp_target.stub(:wp_plugins_dir => @stub_value) if @stub_value
 
       @wp_target.wp_plugins_dir.should === @expected
     end
 
     it "should return the string set in the initialize method" do
-      @wp_target = WpTarget.new("http://example.localhost/", :wp_plugins_dir => "custom-plugins")
+      @wp_target = WpTarget.new("http://example.localhost/", :wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins")
       @expected  = "custom-plugins"
     end
 
     it "should return 'plugins'" do
-      @stub_value = "wp-content"
+      @stub_value = "plugins"
       @expected   = "plugins"
     end
+
+    it "should return 'wp-content/plugins'" do
+      @stub_value = nil
+      @expected   = "wp-content/plugins"
+    end
   end
 
   describe "#debug_log_url" do
diff --git a/spec/lib/wpscan/wp_theme_spec.rb b/spec/lib/wpscan/wp_theme_spec.rb
index 8aac5e43..336d8e15 100644
--- a/spec/lib/wpscan/wp_theme_spec.rb
+++ b/spec/lib/wpscan/wp_theme_spec.rb
@@ -30,23 +30,23 @@ describe WpTheme do
 
   describe "#initialize" do
     it "should not raise an exception" do
-      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
+      expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
     end
 
     it "should not raise an exception (wp_content_dir not set)" do
-      expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
+      expect { WpTheme.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
     end
 
-    it "should raise an exception (url not set)" do
+    it "should raise an exception (base_url not set)" do
       expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
     end
 
     it "should raise an exception (path not set)" do
-      expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
+      expect { WpTheme.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
     end
 
     it "should raise an exception (name not set)" do
-      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
+      expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
     end
   end
 
@@ -102,12 +102,12 @@ describe WpTheme do
 
     it "should return a WpTheme object with .name 'Editorial' and .version '1.3.5'" do
       @fixture = fixtures_dir + "/editorial-1.3.5.html"
-      @expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :url => "", :path => "", :wp_content_dir => "")
+      @expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :base_url => "", :path => "", :wp_content_dir => "")
     end
 
     it "should return a WpTheme object with .name 'Merchant'" do
       @fixture = fixtures_dir + "/merchant-no-version.html"
-      @expected_theme = WpTheme.new(:name => "Merchant", :url => "", :path => "", :wp_content_dir => "")
+      @expected_theme = WpTheme.new(:name => "Merchant", :base_url => "", :path => "", :wp_content_dir => "")
     end
   end
 
@@ -151,7 +151,7 @@ describe WpTheme do
       if @fixture
         stub_request_to_fixture(:url => theme_style_url, :fixture => @fixture)
 
-        wp_theme = WpTheme.new(:name => 'spec-theme', :style_url => theme_style_url, :url => "", :path => "", :wp_content_dir => "")
+        wp_theme = WpTheme.new(:name => "spec-theme", :style_url => theme_style_url, :base_url => "", :path => "", :wp_content_dir => "")
 
         wp_theme.version.should === @expected
       end
@@ -163,7 +163,7 @@ describe WpTheme do
     end
 
     it "should return nil if the style_url is nil" do
-      WpTheme.new(:name => "hello-world", :url => "", :path => "", :wp_content_dir => "").version.should be_nil
+      WpTheme.new(:name => "hello-world", :base_url => "", :path => "", :wp_content_dir => "").version.should be_nil
     end
 
     it "should return 1.3" do
@@ -179,12 +179,12 @@ describe WpTheme do
 
   describe "#===" do
     it "should return false (name not equal)" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/name/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "1.0"
       )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                               :path => "themes/newname/asdf.php",
                               :vulns_file => "XXX.xml",
                               :version => "1.0"
@@ -193,12 +193,12 @@ describe WpTheme do
     end
 
     it "should return false (version not equal)" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/name/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "1.0"
       )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                               :path => "themes/name/asdf.php",
                               :vulns_file => "XXX.xml",
                               :version => "2.0"
@@ -207,12 +207,12 @@ describe WpTheme do
     end
 
     it "should return false (version and name not equal)" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/name/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "1.0"
       )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                               :path => "themes/newname/asdf.php",
                               :vulns_file => "XXX.xml",
                               :version => "2.0"
@@ -221,12 +221,12 @@ describe WpTheme do
     end
 
     it "should return true" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/test/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "1.0"
       )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                               :path => "themes/test/asdf.php",
                               :vulns_file => "XXX.xml",
                               :version => "1.0"
diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb
index 1a8ab437..f6cc32d5 100644
--- a/spec/lib/wpscan/wp_version_spec.rb
+++ b/spec/lib/wpscan/wp_version_spec.rb
@@ -31,7 +31,7 @@ describe WpVersion do
     after :each do
       stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
 
-      WpVersion.find_from_meta_generator(:url => @target_uri.to_s).should === @expected
+      WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected
     end
 
     it "should return nil if the meta-generator is not found" do
@@ -57,7 +57,7 @@ describe WpVersion do
       @status_code ||= 200
       stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture)
 
-      WpVersion.find_from_rss_generator(:url => @target_uri).should === @expected
+      WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected
     end
 
     it "should return nil on a 404" do
@@ -92,7 +92,7 @@ describe WpVersion do
       stub_request(:get, @target_uri.merge("sitemap.xml").to_s).
           to_return(:status => 200, :body => @body)
 
-      WpVersion.find_from_sitemap_generator(:url => @target_uri).should === @expected
+      WpVersion.find_from_sitemap_generator(:base_url => @target_uri).should === @expected
     end
 
     it "should return nil if the generator is not found" do
@@ -118,7 +118,7 @@ describe WpVersion do
       @status_code ||= 200
       stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture)
 
-      WpVersion.find_from_readme(:url => @target_uri).should === @expected
+      WpVersion.find_from_readme(:base_url => @target_uri).should === @expected
     end
 
     it "should return nil on a 404" do
@@ -145,7 +145,7 @@ describe WpVersion do
       stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
                               :status => 200,
                               :fixture => "#{fixtures_dir}/3.2.1.js")
-      version = WpVersion.find_from_advanced_fingerprinting(:url => @target_uri,
+      version = WpVersion.find_from_advanced_fingerprinting(:base_url => @target_uri,
                                                             :wp_content_dir => "wp-content",
                                                             :version_xml => "#{fixtures_dir}/wp_versions.xml")
       version.should == "3.2.1"
diff --git a/spec/lib/wpscan/wp_vulnerability_spec.rb b/spec/lib/wpscan/wp_vulnerability_spec.rb
index 470eee46..14cd1c49 100644
--- a/spec/lib/wpscan/wp_vulnerability_spec.rb
+++ b/spec/lib/wpscan/wp_vulnerability_spec.rb
@@ -4,7 +4,7 @@ describe "#vulnerabilities" do
   let(:location_url) { "http://example.localhost/" }
   let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/vulnerabilities" }
   let(:vulns_file) { fixtures_dir + "/plugin_vulns.xml" }
-  let(:wp_plugin) { WpPlugin.new(:url => location_url,
+  let(:wp_plugin) { WpPlugin.new(:base_url => location_url,
                                  :name => "spec-plugin",
                                  :path => "plugins/spec-plugin/",
                                  :vulns_file => vulns_file)
@@ -12,7 +12,7 @@ describe "#vulnerabilities" do
 
 
   it "should return an empty array when no vulnerabilities are found" do
-    WpPlugin.new(:url => "http://example.localhost/",
+    WpPlugin.new(:base_url => "http://example.localhost/",
                  :name => "no-vulns",
                  :path => "plugins/no-vulns/",
                  :vulns_file => vulns_file).vulnerabilities.should be_empty
diff --git a/wpscan.rb b/wpscan.rb
index 45a9394f..6ebebfcb 100755
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -154,14 +154,14 @@ begin
     puts
     puts green("[+]") + " Enumerating plugins from passive detection ... "
 
-    plugins = wp_target.plugins_from_passive_detection(:url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir)
+    plugins = wp_target.plugins_from_passive_detection(:base_url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir)
     unless plugins.empty?
       puts "#{plugins.size} found :"
 
       plugins.each do |plugin|
         puts
         puts " | Name: #{plugin.name}"
-        puts " | Location: #{plugin.get_url}"
+        puts " | Location: #{plugin.get_full_url}"
 
         plugin.vulnerabilities.each do |vulnerability|
           puts " |"
@@ -181,7 +181,7 @@ begin
     puts
 
     options = {}
-    options[:url]                   = wp_target.uri
+    options[:base_url]              = wp_target.uri
     options[:only_vulnerable_ones]  = wpscan_options.enumerate_only_vulnerable_plugins || false
     options[:show_progress_bar]     = true
     options[:wp_content_dir]        = wp_target.wp_content_dir
@@ -236,7 +236,7 @@ begin
     puts
 
     options = {}
-    options[:url]                   = wp_target.uri
+    options[:base_url]              = wp_target.uri
     options[:only_vulnerable_ones]  = wpscan_options.enumerate_only_vulnerable_themes || false
     options[:show_progress_bar]     = true
     options[:wp_content_dir]        = wp_target.wp_content_dir
@@ -282,7 +282,7 @@ begin
     puts
 
     options = {}
-    options[:url]               = wp_target.uri
+    options[:base_url]          = wp_target.uri
     options[:show_progress_bar] = true
     options[:wp_content_dir]    = wp_target.wp_content_dir
     options[:error_404_hash]    = wp_target.error_404_hash
@@ -296,7 +296,7 @@ begin
       puts
 
       timthumbs.each do |t|
-        puts " | " + red("[!]") + " #{t.get_url.to_s}"
+        puts " | " + red("[!]") + " #{t.get_full_url.to_s}"
       end
       puts
       puts red(" * Reference: http://www.exploit-db.com/exploits/17602/")