garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2 from wpscanteam/master

Browse Source 
Update master
This commit is contained in:
Peter van der Laan
2013-11-08 05:36:38 -08:00
parent 942676a493 6ecd538364
commit d7f6389ca8
16 changed files with 1334 additions and 1986 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,5 +1,6 @@
cache/*
coverage
.bundle
.DS_Store
.DS_Store?
*.sublime-*

1
CREDITS
View File

@@ -17,3 +17,4 @@ Callum Pember - Implemented proxy support - callumpember at gmail.com
g0tmi1k - Additional timthumb checks + bug reports.
Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
Paolo Perego - @thesp0nge - Basic authentication
Peter van der Laan - The Vuln Hunter and Code Cleaner

2
Gemfile
View File

@@ -7,7 +7,7 @@ gem "json"
gem "terminal-table"
gem "ruby-progressbar", ">=1.2.0"
group :development, :test do
group :test do
gem "webmock", ">=1.9.3"
gem "simplecov"
gem "rspec", :require => "spec"

8
README
View File

@@ -49,14 +49,14 @@ ryandewhurst at gmail
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
-> Installing on Fedora:
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
-> Installing on Archlinux:
@@ -65,7 +65,7 @@ ryandewhurst at gmail
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
gem install typhoeus
gem install nokogiri
@@ -76,7 +76,7 @@ ryandewhurst at gmail
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
==KNOWN ISSUES==

8
README.md
View File

@@ -48,7 +48,7 @@ Prerequisites:
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
*Installing on Fedora:*
@@ -58,7 +58,7 @@ Prerequisites:
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
*Installing on Archlinux:*
@@ -70,7 +70,7 @@ Prerequisites:
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
```gem install typhoeus```
@@ -84,7 +84,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
#### KNOWN ISSUES

259
data/plugin_vulns.xml
View File

@@ -123,8 +123,7 @@
<title>Crayon Syntax Highlighter - Remote File Inclusion Vulnerability</title>
<references>
<secunia>50804</secunia>
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/
</url>
<url>http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/</url>
</references>
<type>RFI</type>
<fixed_in>1.13</fixed_in>
@@ -197,9 +196,7 @@
<title>FireStorm Professional Real Estate - Multiple SQL Injection</title>
<references>
<secunia>50873</secunia>
<url>
http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/
</url>
<url>http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/</url>
</references>
<type>SQLI</type>
<fixed_in>2.06.03</fixed_in>
@@ -290,8 +287,7 @@
<secunia>50832</secunia>
<url>http://www.securityfocus.com/bid/57133</url>
<url>http://packetstormsecurity.com/files/119329/</url>
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/
</url>
<url>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</url>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
</references>
<type>UNKNOWN</type>
@@ -551,9 +547,7 @@
<title>Asset Manager - upload.php Arbitrary Code Execution</title>
<references>
<osvdb>82653</osvdb>
<url>
http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/
</url>
<url>http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/</url>
<url>http://packetstormsecurity.com/files/113285/</url>
<url>http://xforce.iss.net/xforce/xfdb/80823</url>
</references>
@@ -593,11 +587,12 @@
<plugin name="comment-extra-field">
<vulnerability>
<title>SWF Vulnerable to XSS Bundled in Many WordPress Plugins</title>
<title>Comment Extra Field 1.7 - CSRF / XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122625/</url>
<url>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</url>
</references>
<type>XSS</type>
<type>MULTI</type>
</vulnerability>
</plugin>
@@ -675,7 +670,7 @@
<vulnerability>
<title>powerzoomer - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20253</url>
<url>http://1337day.com/exploit/20253</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -753,7 +748,7 @@
<vulnerability>
<title>wp-3dflick-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20255</url>
<url>http://1337day.com/exploit/20255</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -839,7 +834,7 @@
<vulnerability>
<title>wp-homepage-slideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20260</url>
<url>http://1337day.com/exploit/20260</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -856,7 +851,7 @@
<vulnerability>
<title>wp-image-news-slider - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20259</url>
<url>http://1337day.com/exploit/20259</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -891,7 +886,7 @@
<vulnerability>
<title>wp-levoslideshow - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20250</url>
<url>http://1337day.com/exploit/20250</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -918,7 +913,7 @@
<vulnerability>
<title>wp-powerplaygallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20252</url>
<url>http://1337day.com/exploit/20252</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -935,7 +930,7 @@
<vulnerability>
<title>wp-royal-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20261</url>
<url>http://1337day.com/exploit/20261</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -1021,7 +1016,7 @@
<vulnerability>
<title>Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities</title>
<references>
<url>http://www.securityfocus.com/bid/60079/info</url>
<url>http://www.securityfocus.com/bid/60079</url>
</references>
<type>MULTI</type>
</vulnerability>
@@ -1087,9 +1082,7 @@
<vulnerability>
<title>ABtest - Directory Traversal</title>
<references>
<url>
http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110
</url>
<url>http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110</url>
</references>
<type>UNKNOWN</type>
</vulnerability>
@@ -1811,16 +1804,20 @@
<vulnerability>
<title>WP Easy Gallery &lt;= 1.7 - Cross Site Scripting</title>
<references>
<secunia>49190</secunia>
<url>http://packetstormsecurity.com/files/112687/</url>
</references>
<type>XSS</type>
<fixed_in>2.7.3</fixed_in>
</vulnerability>
<vulnerability>
<title>WP Easy Gallery &lt;= 2.7 - CSRF</title>
<references>
<secunia>49190</secunia>
<url>http://plugins.trac.wordpress.org/changeset?reponame=&amp;old=669527%40wp-easy-gallery&amp;new=669527%40wp-easy-gallery</url>
</references>
<type>CSRF</type>
<fixed_in>2.7.3</fixed_in>
</vulnerability>
</plugin>
@@ -1828,9 +1825,11 @@
<vulnerability>
<title>Subscribe2 &lt;= 8.0 - Cross Site Scripting</title>
<references>
<secunia>49189</secunia>
<url>http://packetstormsecurity.com/files/112688/</url>
</references>
<type>XSS</type>
<fixed_in>8.1</fixed_in>
</vulnerability>
</plugin>
@@ -1838,6 +1837,7 @@
<vulnerability>
<title>Soundcloud Is Gold &lt;= 2.1 - Cross Site Scripting</title>
<references>
<secunia>49188</secunia>
<url>http://packetstormsecurity.com/files/112689/</url>
</references>
<type>XSS</type>
@@ -1920,9 +1920,11 @@
<vulnerability>
<title>Newsletter Manager &lt;= 1.0 - Cross Site Scripting</title>
<references>
<secunia>49183</secunia>
<url>http://packetstormsecurity.com/files/112694/</url>
</references>
<type>XSS</type>
<fixed_in>1.0.2</fixed_in>
</vulnerability>
</plugin>
@@ -2049,11 +2051,13 @@
<plugin name="codestyling-localization">
<vulnerability>
<title>Code Styling Localization &lt;= 1.99.16 - Cross Site Scripting</title>
<title>Code Styling Localization &lt;= 1.99.17 - Cross Site Scripting</title>
<references>
<secunia>49037</secunia>
<url>http://packetstormsecurity.com/files/112709/</url>
</references>
<type>XSS</type>
<fixed_in>1.99.20</fixed_in>
</vulnerability>
</plugin>
@@ -2150,9 +2154,11 @@
<vulnerability>
<title>2-Click-Socialmedia-Buttons &lt;= 0.32.2 - Cross Site Scripting</title>
<references>
<secunia>49181</secunia>
<url>http://packetstormsecurity.com/files/112711/</url>
</references>
<type>XSS</type>
<fixed_in>0.35</fixed_in>
</vulnerability>
</plugin>
@@ -2386,7 +2392,7 @@
<vulnerability>
<title>WP Cycle Playlist - Multiple Vulnerabilities</title>
<references>
<url>http://1337day.com/exploits/17396</url>
<url>http://1337day.com/exploit/17396</url>
</references>
<type>MULTI</type>
</vulnerability>
@@ -2455,7 +2461,7 @@
<vulnerability>
<title>WP-AutoYoutube &lt;= 0.1 - Blind SQL Injection Vulnerability</title>
<references>
<url>http://1337day.com/exploits/17368</url>
<url>http://1337day.com/exploit/17368</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -3015,16 +3021,41 @@
<vulnerability>
<title>Mingle Forum &lt;= 1.0.33 - Cross Site Scripting</title>
<references>
<secunia>49171</secunia>
<url>http://packetstormsecurity.com/files/112696/</url>
</references>
<type>MULTI</type>
<type>XSS</type>
<fixed_in>1.0.33.2</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 - Multiple Parameter SQL Injection</title>
<title>Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS</title>
<references>
<osvdb>90432</osvdb>
<cve>2013-0734</cve>
<secunia>52167</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.34</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS</title>
<references>
<osvdb>90433</osvdb>
<cve>2013-0734</cve>
<secunia>52167</secunia>
</references>
<type>XSS</type>
<fixed_in>1.0.34</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection</title>
<references>
<osvdb>90434</osvdb>
<cve>2013-0735</cve>
<secunia>52167</secunia>
</references>
<type>SQLI</type>
<fixed_in>1.0.34</fixed_in>
</vulnerability>
<vulnerability>
<title>Mingle Forum 1.0.35 - Privilege Escalation CSRF</title>
@@ -4567,9 +4598,7 @@
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
<url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
<metasploit>exploits/unix/webapp/php_wordpress_total_cache</metasploit>
</references>
<type>RCE</type>
@@ -4588,13 +4617,11 @@
<plugin name="wp-super-cache">
<vulnerability>
<title>WP-Super-Cache - Remote Code Execution</title>
<title>WP-Super-Cache 1.3 - Remote Code Execution</title>
<references>
<url>http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/</url>
<url>http://wordpress.org/support/topic/pwn3d</url>
<url>
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
</url>
<url>http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html</url>
</references>
<type>RCE</type>
<fixed_in>1.3.1</fixed_in>
@@ -4642,7 +4669,7 @@
<title>ipfeuilledechou - SQL Injection Vulnerability</title>
<references>
<url>http://www.exploit4arab.com/exploits/377</url>
<url>http://1337day.com/exploits/20206</url>
<url>http://1337day.com/exploit/20206</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -4749,7 +4776,7 @@
<title>Developer Formatter - CSRF and XSS Vulnerability</title>
<references>
<url>http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt</url>
<url>http://1337day.com/exploits/20210</url>
<url>http://1337day.com/exploit/20210</url>
<secunia>51912</secunia>
</references>
<type>MULTI</type>
@@ -5277,7 +5304,7 @@
<vulnerability>
<title>wp-explorer-gallery - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20251</url>
<url>http://1337day.com/exploit/20251</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -5287,7 +5314,7 @@
<vulnerability>
<title>accordion - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20254</url>
<url>http://1337day.com/exploit/20254</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -5297,7 +5324,7 @@
<vulnerability>
<title>wp-catpro - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20256</url>
<url>http://1337day.com/exploit/20256</url>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -5350,7 +5377,7 @@
<vulnerability>
<title>p1m media manager - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20270</url>
<url>http://1337day.com/exploit/20270</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -5390,7 +5417,7 @@
<vulnerability>
<title>ForumConverter - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20275</url>
<url>http://1337day.com/exploit/20275</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -5400,7 +5427,7 @@
<vulnerability>
<title>Newsletter - SQL Injection Vulnerability</title>
<references>
<url>http://www.1337day.com/exploit/20287</url>
<url>http://1337day.com/exploit/20287</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -5520,7 +5547,7 @@
<vulnerability>
<title>Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection</title>
<references>
<url>http://1337day.com/exploits/20433</url>
<url>http://1337day.com/exploit/20433</url>
</references>
<type>MULTI</type>
</vulnerability>
@@ -5860,8 +5887,10 @@
<plugin name="terillion-reviews">
<vulnerability>
<title>Terillion Reviews - Cross Site Scripting</title>
<title>Terillion Reviews - Profile Id Field XSS</title>
<references>
<osvdb>91123</osvdb>
<cve>2013-1201</cve>
<url>http://packetstormsecurity.com/files/120730/</url>
</references>
<type>XSS</type>
@@ -5938,8 +5967,7 @@
<title>WP-Banners-Lite - XSS vulnerability</title>
<references>
<url>http://seclists.org/fulldisclosure/2013/Mar/209</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
</url>
<url>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</url>
</references>
<type>XSS</type>
</vulnerability>
@@ -5974,6 +6002,7 @@
<title>chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -5986,6 +6015,7 @@
<exploitdb>24492</exploitdb>
<secunia>37903</secunia>
<cve>2009-4140</cve>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
<fixed_in>0.5</fixed_in>
@@ -5997,6 +6027,7 @@
<title>spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -6007,6 +6038,7 @@
<title>php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -6017,6 +6049,7 @@
<title>seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -6027,6 +6060,7 @@
<title>wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>24492</exploitdb>
<metasploit>exploit/unix/webapp/open_flash_chart_upload_exec</metasploit>
</references>
<type>UPLOAD</type>
</vulnerability>
@@ -6282,8 +6316,10 @@
<plugin name="related-posts-by-zemanta">
<vulnerability>
<title>Related Posts by Zemanta - Cross-Site Request Forgery Vulnerability</title>
<title>Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93364</osvdb>
<cve>2013-3477</cve>
<secunia>53321</secunia>
</references>
<type>CSRF</type>
@@ -6293,19 +6329,22 @@
<plugin name="wordpress-23-related-posts-plugin">
<vulnerability>
<title>WordPress Related Posts - Cross-Site Request Forgery Vulnerability</title>
<title>WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93362</osvdb>
<cve>2013-3476</cve>
<secunia>53279</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.6.2</fixed_in>
<fixed_in>2.7.2</fixed_in>
</vulnerability>
</plugin>
<plugin name="related-posts">
<vulnerability>
<title>Related Posts - Cross-Site Request Forgery Vulnerability</title>
<title>Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability</title>
<references>
<osvdb>93363</osvdb>
<secunia>53122</secunia>
</references>
<type>CSRF</type>
@@ -6418,12 +6457,14 @@
<plugin name="funcaptcha">
<vulnerability>
<title>FunCaptcha - CSRF</title>
<title>FunCaptcha 0.3.2- Setting Manipulation CSRF</title>
<references>
<osvdb>92272</osvdb>
<secunia>53021</secunia>
<url>http://wordpress.org/extend/plugins/funcaptcha/changelog/</url>
</references>
<type>UNKNOWN</type>
<fixed_in>0.33</fixed_in>
<type>CSRF</type>
<fixed_in>0.3.3</fixed_in>
</vulnerability>
</plugin>
@@ -6679,6 +6720,7 @@
<vulnerability>
<title>Xorbin Digital Flash Clock 1.0 - Flash-based XSS</title>
<references>
<url>http://packetstormsecurity.com/files/122223/</url>
<url>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</url>
<cve>2013-4693</cve>
</references>
@@ -6756,6 +6798,7 @@
<references>
<osvdb>95557</osvdb>
<exploitdb>26804</exploitdb>
<url>http://packetstormsecurity.com/files/122396/</url>
</references>
<type>RFI</type>
</vulnerability>
@@ -7080,7 +7123,7 @@
<plugin name="lbg_zoominoutslider">
<vulnerability>
<title>LBG Zoominoutslider - XSS Vulnerability</title>
<title>LBG Zoominoutslider - add_banner.php name Parameter Stored XSS</title>
<references>
<osvdb>97887</osvdb>
<secunia>54983</secunia>
@@ -7088,6 +7131,32 @@
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS</title>
<references>
<osvdb>99339</osvdb>
<url>http://packetstormsecurity.com/files/123914/</url>
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS</title>
<references>
<osvdb>99340</osvdb>
<url>http://packetstormsecurity.com/files/123914/</url>
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
</references>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure</title>
<references>
<osvdb>99341</osvdb>
<url>http://seclists.org/fulldisclosure/2013/Nov/30</url>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="woopra">
@@ -7206,8 +7275,10 @@
<vulnerability>
<title>Booking Calendar 4.1.4 - CSRF Vulnerability</title>
<references>
<exploitdb>27399</exploitdb>
<osvdb>96088</osvdb>
<exploitdb>27399</exploitdb>
<secunia>54461</secunia>
<url>http://packetstormsecurity.com/files/122691/</url>
<url>http://wpbookingcalendar.com/</url>
</references>
<type>CSRF</type>
@@ -7233,10 +7304,12 @@
<references>
<osvdb>98279</osvdb>
<exploitdb>28808</exploitdb>
<secunia>55172</secunia>
<url>http://packetstormsecurity.com/files/123549/</url>
<url>http://quick-plugins.com/quick-contact-form/</url>
</references>
<type>XSS</type>
<fixed_in>6.1</fixed_in>
</vulnerability>
</plugin>
@@ -7531,6 +7604,7 @@
<osvdb>98668</osvdb>
<secunia>55296</secunia>
<exploitdb>28970</exploitdb>
<url>http://packetstormsecurity.com/files/123597/</url>
<url>http://www.securityfocus.com/bid/63021</url>
</references>
<type>XSS</type>
@@ -7569,6 +7643,7 @@
<title>Feed - news_dt.php nid Parameter SQL Injection</title>
<references>
<osvdb>94804</osvdb>
<url>http://packetstormsecurity.com/files/122260/</url>
</references>
<type>SQLI</type>
</vulnerability>
@@ -7725,6 +7800,7 @@
<osvdb>98831</osvdb>
<cve>2013-6281</cve>
<secunia>55396</secunia>
<url>http://packetstormsecurity.com/files/123699/</url>
<url>http://www.securityfocus.com/bid/63256</url>
</references>
<type>XSS</type>
@@ -7765,10 +7841,11 @@
<plugin name="gallery-bank">
<vulnerability>
<title>Gallery Bank 2.0.19 - Multiple Unspecified XSS</title>
<title>Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS</title>
<references>
<osvdb>99045</osvdb>
<secunia>55443</secunia>
<url>http://packetstormsecurity.com/files/123924/</url>
<url>http://www.securityfocus.com/bid/63382</url>
</references>
<type>XSS</type>
@@ -7784,6 +7861,17 @@
<type>UNKNOWN</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
<vulnerability>
<title>Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS</title>
<references>
<osvdb>99345</osvdb>
<secunia>55443</secunia>
<url>http://www.securityfocus.com/bid/63385</url>
<url>http://seclists.org/fulldisclosure/2013/Nov/38</url>
</references>
<type>XSS</type>
<fixed_in>2.0.20</fixed_in>
</vulnerability>
</plugin>
<plugin name="rockhoist-ratings">
@@ -7798,4 +7886,61 @@
</vulnerability>
</plugin>
<plugin name="wordpress-checkout">
<vulnerability>
<title>Checkout Plugin - File Upload Remote Code Execution</title>
<references>
<osvdb>99225</osvdb>
<url>http://packetstormsecurity.com/files/123866/</url>
</references>
<type>RCE</type>
</vulnerability>
</plugin>
<plugin name="mobilechief-mobile-site-creator">
<vulnerability>
<title>MobileChief - jQuery Validation Cross-Site Scripting Vulnerability</title>
<references>
<secunia>55501</secunia>
<url>http://packetstormsecurity.com/files/123809/</url>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="timeline">
<vulnerability>
<title>Facebook Survey Pro - timeline/index.php id Parameter SQL Injection</title>
<references>
<secunia>87817</secunia>
<exploitdb>22853</exploitdb>
<url>http://packetstormsecurity.com/files/118238/</url>
<url>http://www.securityfocus.com/bid/56595</url>
<url>http://xforce.iss.net/xforce/xfdb/80141</url>
</references>
<type>SQLI</type>
</vulnerability>
</plugin>
<plugin name="live-comment-preview">
<vulnerability>
<title>Live Comment Preview 2.0.2 - Comment Field Preview XSS</title>
<references>
<osvdb>92944</osvdb>
</references>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="polldaddy">
<vulnerability>
<title>Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability</title>
<references>
<secunia>55464</secunia>
</references>
<type>CSRF</type>
<fixed_in>2.0.21</fixed_in>
</vulnerability>
</plugin>
</vulnerabilities>

564
data/plugins.txt
View File

File diff suppressed because it is too large Load Diff

562
data/plugins_full.txt
View File

File diff suppressed because it is too large Load Diff

117
data/theme_vulns.xml
View File

@@ -1827,6 +1827,7 @@
<osvdb>98927</osvdb>
<exploitdb>29068</exploitdb>
<url>http://www.securityfocus.com/bid/63306</url>
<url>http://1337day.com/exploit/21442</url>
<url>http://themeforest.net/item/area53-a-responsive-html5-wordpress-theme/2538737</url>
</references>
<type>RCE</type>
@@ -1880,7 +1881,9 @@
<title>Curvo - wp-content/themes/curvo/functions/upload-handler.php File Upload CSRF</title>
<references>
<osvdb>99043</osvdb>
<exploitdb>29211</exploitdb>
<url>http://packetstormsecurity.com/files/123799/</url>
<url>http://packetstormsecurity.com/files/123820/</url>
</references>
<type>CSRF</type>
</vulnerability>
@@ -1897,4 +1900,118 @@
</vulnerability>
</theme>
<theme name="saico">
<vulnerability>
<title>Saico - Arbitrary File Upload Vulnerability</title>
<references>
<exploitdb>29150</exploitdb>
<url>http://1337day.com/exploit/21440</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="ThisWay">
<vulnerability>
<title>ThisWay - remote shell upload vulnerability</title>
<references>
<url>http://packetstormsecurity.com/files/123895/</url>
</references>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="ThinkResponsive">
<vulnerability>
<title>Think Responsive 1.0 - Arbitrary shell upload vulnerability</title>
<references>
<exploitdb>29332</exploitdb>
<url>http://packetstormsecurity.com/files/123880/</url>
</references>
<type>RCE</type>
</vulnerability>
</theme>
<theme name="anthology">
<vulnerability>
<title>Anthology - Remote File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21460</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="amoveo">
<vulnerability>
<title>Amoveo - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21451</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="switchblade">
<vulnerability>
<title>Switchblade 1.3 - Arbitrary File Upload Vulnerability</title>
<references>
<osvdb>88918</osvdb>
<exploitdb>29330</exploitdb>
<url>http://1337day.com/exploit/21457</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="magnitudo">
<vulnerability>
<title>Magnitudo - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21457</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="ghost">
<vulnerability>
<title>Ghost - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21416</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="RightNow">
<vulnerability>
<title>Right Now - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21420</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="ColdFusion">
<vulnerability>
<title>Cold Fusion - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21431</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
<theme name="chameleon">
<vulnerability>
<title>Chameleon - Arbitrary File Upload Vulnerability</title>
<references>
<url>http://1337day.com/exploit/21449</url>
</references>
<type>UPLOAD</type>
</vulnerability>
</theme>
</vulnerabilities>

1667
data/themes.txt
View File

File diff suppressed because it is too large Load Diff

100
data/themes_full.txt
View File

@@ -24,6 +24,7 @@
2010-translucence-parent
2010-weaver
2012-xtended
2013-black-and-white
2013-blue
22nd-july
25th-week
@@ -33,11 +34,13 @@
30-basics
31three
3366
350-media
360theme
3col-rdmban-lr
3col-rdmban-rr
3colours
3d-realty
3star-theme
42k
42walls
4colourslover
@@ -58,6 +61,7 @@
8press
8q
8some
8squares
8templates_city_green
8templates_city_orange
8templates_city_pink
@@ -208,6 +212,7 @@ alba
albinomouse
albizia
alce
aldehyde
aldus
alex-and-anthonys-halloween
alex-crunch-lite
@@ -247,6 +252,7 @@ alowa
alpen
alpen3col
alpha
alpha-source
alphastrap
alphatr
alpine
@@ -291,7 +297,9 @@ anacronico-uri-httpanacroniconet63netblog
anakin-mobile
analytical-lite
anand
anarcho-notepad
anatomy-lite
anchor
andclean
andoru
andrea
@@ -528,8 +536,10 @@ bandana
bandtheme
bangasd
bangkok1
banten-it
baobab
barbara
barber
barcelona
barclays
bare
@@ -567,6 +577,7 @@ baw-black-and-white
baza-noclegowa
bba
bbcc-theme
bbpress-and-canvas-fix-canvas-child-theme
bbpress-twenty-ten
bbtemplate-1
bbtemplate-2
@@ -580,6 +591,7 @@ beach-evening
beach-holiday
beach-holidays
beach-vacation
bearded
bearded-llama
beardsley
beautiful-decay
@@ -666,6 +678,7 @@ biznez-lite
bizstudio-lite
biztheme
bizvektor
bizvektor-global-edition
bizway
bizway-responsive
bizz-trip
@@ -762,8 +775,10 @@ blacky-right-sidebar
blackypress
blackzebra
blagz-blog-magazine-theme
blain
blank
blank-page
blank-theme
blankpress
blankslate
blas-blogger
@@ -1013,6 +1028,7 @@ boathouse2
bobs-law-blog
bodhi
bodrum-theme
bodyhealth
bogeygolfer
boil-bauble
boilerplate
@@ -1133,6 +1149,7 @@ buddypress-x-facebook
buddytheme
bude-rocks-theme
budzmodo
bueno
bufa
bugbudge
build
@@ -1166,6 +1183,7 @@ business-vision
business-woman-top
business_blog
businessfirst
businessgrow
businessidea
businessman-pro
businesspress
@@ -1176,6 +1194,7 @@ businessxpand_multicol
businessxpand_tentacle
businessxpand_twieme
businessxpand_viewer_v2
busiprof
butcher-block
butter-scotch
buttercream
@@ -1203,8 +1222,10 @@ cakifo
call-power
callas
calleiro
callisto
calotropis
cameo
camille-vencert
cammino
canddblog
candid
@@ -1290,6 +1311,7 @@ change-it
changeable
chaostheory
chaoticsoul
chapparal-business-template
charactertheme
charcoal
charcoal-v1
@@ -1322,6 +1344,7 @@ chiron
chloe
chocolate
chocolate-lite
chocolate-shoppe
chocolate-theme-pedro-amigo-mio
chocotheme
chooko-lite
@@ -1344,7 +1367,9 @@ chun
chuncss
chunk
chunky
church
circles
cirkle
cirque
cisco
citizen-journal
@@ -1380,6 +1405,7 @@ clean-and-clear
clean-and-plain
clean-and-red
clean-and-simple
clean-black
clean-blue
clean-blue-vision
clean-dirt
@@ -1497,9 +1523,11 @@ codescheme_blue
codicolorz
codium
codium-extend
codium-grid
cody
cody-theme
coffee
coffee-break-theme
coffee-cup
coffee-desk
coffee-lite
@@ -1677,6 +1705,7 @@ creative-mag
creative-simplicity
creativemag
crimson
crimson-lite
crimsonsky
cris
crisp
@@ -1729,6 +1758,7 @@ custom-theme
customclean
customfolio
customizr
customizr123
cute-bubbles
cute-frames
cute-theme
@@ -1747,6 +1777,7 @@ cyanus-theme
cyberchimps
cyberchimps-free
cyclo
cycnus
cypee-red
d-basic
d-simpel
@@ -1878,8 +1909,10 @@ delicate-theme
delicato
delice
delight
delighted
deliverance-gray-blog
dellistore
dellow
delphi
demar
demiloo
@@ -1894,6 +1927,7 @@ depescatore-theme
depo-masthead
depo-square
depo-square-revisited
deposito
derker
desaindigital
descartes
@@ -1922,6 +1956,7 @@ deuterium
deux-milles-douze
devart
devart123
devdmbootstrap3
developer
devita
devolution
@@ -2036,6 +2071,7 @@ dramatica
drawlin
dream-in-infrared
dream-sky
dreambank
dreamline
dreamnix
dreamplace
@@ -2111,6 +2147,7 @@ eco-world
eco_house
ecogreen
ecologist
ecommerce
economist
ecowp
ectopudding
@@ -2246,6 +2283,7 @@ evening-shade
evening-sun
eventide
ever-after
ever-green
ever-watchful
everg33n
evilpuzzle
@@ -2401,6 +2439,7 @@ fitzgerald
fivecast
fiver
fixed-blix
fixy
flashcast
flashy
flat-portfolio
@@ -2530,9 +2569,11 @@ fresh
fresh-blog
fresh-blu
fresh-editorial
fresh-free
fresh-ideas
fresh-ink-magazine
fresh-lime
fresh-lite
fresh-magazine
fresh-mint-delight
fresh-style
@@ -2638,6 +2679,7 @@ geospehre
geosphere
german-newspaper
gerro-post-lime
get-masum
get-some
getaway-graphics
getfreewallpapers
@@ -2823,6 +2865,7 @@ greenmag
greenmag_extend
greenotation
greenpaddy
greenpage
greenpoint-milanda
greensplash-2-classic
greensplash-classic
@@ -2914,6 +2957,7 @@ hanami
hanamoto
hananews
hanging
hannari
happily-ever-after
happy-cork-board
happy-cyclope
@@ -3046,6 +3090,7 @@ huan
huaqian
hue-clash-in-harmony
hued
hueman
hum
human3rror
humanities
@@ -3225,6 +3270,7 @@ internet-center-3-columns
internet-music
internet-music-3-columns
internet-sharing
inthedistance
intrepid
intrepidity
introvert
@@ -3467,6 +3513,7 @@ kolkata-knight-riders-goldenblack-theme
kolorful
kolorful-wordpress-theme
kom2-theme
komachi
kombinat-eins
kombinat-zwo
konax-for-buddypress
@@ -3514,6 +3561,7 @@ lakeside
lalala
laloo
lambda
lamya
landline
landscape
landscape-gallery
@@ -3650,6 +3698,7 @@ listthis
liteblue
liten
litepress
litesta
litethoughts
littera-theme
little
@@ -3752,6 +3801,7 @@ madmens-blog
mag
magatheme
magatheme-html5
magazine
magazine-basic
magazine-drome
magazine-pro
@@ -3860,6 +3910,7 @@ mbresets-lite
mc-responsive
mc-twitterbootstrap
mcg-theme
mckinley
me3
mead
meadowland
@@ -3904,6 +3955,7 @@ merry-christmas
mes-vacances-french
mesocolumn
mess-desk-v2
messenger
metamarfosa
metamorph_blue
metamorph_dao
@@ -4055,6 +4107,7 @@ mmorpg-games
mnml
mnmlblog
mnmltheme
mobile
mobile-minimalist
mobilephonecomparision
mobilescope
@@ -4068,6 +4121,7 @@ modern-blue
modern-blue-dark
modern-blue-style
modern-clix
modern-estate
modern-furniture
modern-girl
modern-green
@@ -4075,6 +4129,7 @@ modern-green-theme
modern-minimalist
modern-multipurpose
modern-notepad
modern-real-estate
modern-remix
modern-style
modern-theme
@@ -4128,6 +4183,7 @@ moony
more-or-less
morning-coffee
morning-mai-like
morphic
mortaroo
mortgage
mortgages
@@ -4140,6 +4196,7 @@ moulin-whoosh
mountain
mountain-biking-sports-pro-theme
mountain-climbing
mountain-creek
mountain-dawn
mouse-it
mouseover-blue
@@ -4342,6 +4399,7 @@ neutra
neutral
neutral-mono-labver
neutralis
neutro
neverballium
new-arabic-theme
new-balance-of-blue
@@ -4400,6 +4458,8 @@ nice_wee_theme
nicecol
nicely-done
nicey
nichiboard
nictitate-free
nifty
night
night-circles
@@ -4493,6 +4553,7 @@ office
officefolders
offset-writing
oh
ohands
okidoki
old-book
old-japan
@@ -4513,6 +4574,7 @@ omega
omega-child
omegab
omegag
omegatheme
omegax
omicron
omni-theme-clone
@@ -4523,11 +4585,13 @@ one
one-day-at-a-time
one-fine-day
one-night-in-paris
one-page
one-page-parallax
one-pager
one-simplemagazine
one-winged-angel
onec
onecolumn
onel
onenews-basic
onepress-framework
@@ -4545,6 +4609,7 @@ ontaheen
onyx
ooble
open-blue-sky
open-pages
open-sourcerer
openair
openark-blog
@@ -4653,6 +4718,7 @@ p2-pro
p2-red
p2lysa
p2v1
p3
paakbook-buddypress-buddypack
pabooktlx
pachyderm
@@ -4945,6 +5011,7 @@ premium-orange
premium-photoblog
premium-photoblog-uriwwwgoogleca
premium-violet
premium-wp-blog
prequel
present
press3
@@ -4994,6 +5061,7 @@ projectcthroo
prologic
prologue
promag
promax
pronto
property-theme
propress
@@ -5026,6 +5094,7 @@ pupul
pupulsky
pure
pure-cloud
pure-color
pure-ii
pure-line
pure-sky
@@ -5156,6 +5225,7 @@ red-christmas
red-city
red-corner
red-couch
red-dead-redemption
red-delicious
red-diva
red-dodge
@@ -5238,6 +5308,7 @@ reposter
required
reruns
resimit-colors
respare
respect
respon
response
@@ -5310,6 +5381,7 @@ riverside
rizwan
rizwan-137
road-fighter
robbertooo78
robia
robo-basic
rock-solid
@@ -5489,6 +5561,7 @@ semrawang
senar1st-ten
sense-and-sensibility-bp
sensei
sensilla
sensitive
sensitivesayan
seo-basics
@@ -5504,6 +5577,7 @@ sepia
serena
serendib
serene
serene-elegant-free
serenity
serenity-orange
serious-blogger
@@ -5563,11 +5637,13 @@ shoestrap
shoot-it
shop
shop-front
shopping
shortcoded
showcase
showkaase
showy
shprink-one
shpsmedia
shreddyblog
shsummer
shufflemix
@@ -5623,6 +5699,7 @@ simple-catch
simple-china
simple-chrome
simple-circle
simple-classic
simple-community
simple-dark-theme
simple-dia
@@ -5761,6 +5838,7 @@ simplymajestic
simplypink
simpo
simpsons-donut
simvance
sing-song
singlebot
singsong
@@ -6075,7 +6153,9 @@ strikeball-counterstrike
striker
strikkemakeriet
stripay
striped
striped-blog
striped-by-donmik
stripedblog
stripefolio
stripes
@@ -6104,6 +6184,7 @@ stylish
stylish-blue
stylish-deco
stylish-home-deco
stylize
stylized-piano-black
subar-rum
sublime
@@ -6117,6 +6198,7 @@ subtly-stripe-ed
sucha
suevafree
suffusion
suits
sukelius-magazine
summ
summer
@@ -6242,6 +6324,7 @@ tdtasko
tdvoice
teak
teal
teamraxy
teamspirit
teamwork
teatrale
@@ -6361,6 +6444,7 @@ the-maleo
the-marketing-theme
the-mighty-moo
the-minimalist
the-newswire
the-next-lvl
the-nice-one
the-night-watch
@@ -6368,6 +6452,7 @@ the-other-blog-lite-red
the-pinata
the-power-of-the-water
the-premium-magazine-wordpress-theme
the-professional
the-real-blank-page
the-real-blank-theme
the-rust
@@ -6469,6 +6554,7 @@ timecafe-free-theme-1
timecrunch
timeless
timeline
timeturner
timmmmmmmmmm
timtamland
tinland
@@ -6548,6 +6634,7 @@ travel-blogger-new-yorker
travel-blogger-passport
travel-blogger-streets
travel-club
travel-in-italy
travel-in-love
travel-inspired
travel-is-my-life
@@ -6592,6 +6679,7 @@ trueblood
trulyminimal
trvl
tsokolate
tswplain
ttblog
ttblog-theme
ttnews
@@ -6756,6 +6844,7 @@ up-front
update-tucson
updown-cloud
upstart-blogger-modicus
uptown
urban
urban-grunge
urban-life
@@ -6839,6 +6928,7 @@ vinoluka
vintage
vintage-camera
vintage-shire
vintage-stamps-theme
vintage-wall
vintage1-camera1
violet-fashion-theme
@@ -6974,6 +7064,7 @@ westkitnet
wetlog
wfclarity
what-so-proudly-we-hail
whatnew
wheat
wheat-lite
whiskey-air
@@ -7146,6 +7237,7 @@ wp-awesome
wp-bats-theme
wp-bedrock
wp-blogcrash
wp-blogthirteen
wp-bootstrap
wp-boxes
wp-brown
@@ -7164,6 +7256,7 @@ wp-eden
wp-faster
wp-feedly
wp-fitness-fitness-theme
wp-flatthirteen
wp-forums
wp-foundation
wp-framework
@@ -7171,6 +7264,8 @@ wp-freelance-pro
wp-full-site
wp-hot-cook
wp-inspirat
wp-jurist
wp-knowledge-base
wp-knowledge-base-theme
wp-liteflex
wp-marketingstrap
@@ -7192,7 +7287,9 @@ wp-portaltheme
wp-premium-orange
wp-real-estate-theme
wp-red-post-news-elegant
wp-rootstrap
wp-sanda
wp-simple
wp-soul
wp-sponge-bob
wp-strap
@@ -7269,6 +7366,7 @@ writers-desk
writers-quill
writhem-blog
writing-desk
writr
written
writter
wrock-metro
@@ -7364,6 +7462,7 @@ your-existence
youth
yui-grid-css
yukti
yume
yuniho
yway
zack-990
@@ -7388,6 +7487,7 @@ zeeflow
zeefocus
zeelinear
zeemagazine
zeeminty
zeenews
zeenewspro
zeenoble

1
data/wp_vulns.xml
View File

@@ -34,6 +34,7 @@
<osvdb>97212</osvdb>
<cve>2013-4339</cve>
<secunia>54803</secunia>
<url>http://packetstormsecurity.com/files/123589/</url>
<url>http://core.trac.wordpress.org/changeset/25323</url>
</references>
<type>UNKNOWN</type>

4
lib/common/common_helper.rb
View File

@@ -39,10 +39,6 @@ $LOAD_PATH.unshift(LIB_DIR)
$LOAD_PATH.unshift(WPSCAN_LIB_DIR)
$LOAD_PATH.unshift(MODELS_LIB_DIR)
def kali_linux?
%x{uname -a}.match(/linux kali/i) ? true : false
end
require 'environment'
# TODO : add an exclude pattern ?

2
lib/common/models/wp_version/output.rb
View File

@@ -10,7 +10,7 @@ class WpVersion < WpItem
unless vulnerabilities.empty?
puts
puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number:"
puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number:"
vulnerabilities.output
end

2
lib/environment.rb
View File

@@ -13,7 +13,7 @@ Encoding.default_external = Encoding::UTF_8
begin
# Standard libs
require 'bundler/setup' unless kali_linux?
require 'bundler/setup'
require 'getoptlong'
require 'optparse' # Will replace getoptlong
require 'uri'

4
lib/wpstools/plugins/list_generator/list_generator_plugin.rb
View File

@@ -9,7 +9,7 @@ class ListGeneratorPlugin < Plugin
['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'],
['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)'],
['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
@@ -29,7 +29,7 @@ class ListGeneratorPlugin < Plugin
end
if options.has_key?(:generate_theme_list) || generate_all
most_popular('theme', options[:generate_theme_list] || 150)
most_popular('theme', options[:generate_theme_list] || 20)
end
if options[:generate_full_theme_list] || generate_all