Adds YT references and CVSS to output

app/models/timthumb.rb

@@ -40,9 +40,9 @@ module WPScan
       def rce_132_vuln
         Vulnerability.new(
           'Timthumb <= 1.32 Remote Code Execution',
-          { exploitdb: ['17602'] },
-          'RCE',
-          '1.33'
+          references: { exploitdb: ['17602'] },
+          type: 'RCE',
+          fixed_in: '1.33'
         )
       end
 
@@ -50,12 +50,12 @@ module WPScan
       def rce_webshot_vuln
         Vulnerability.new(
           'Timthumb <= 2.8.13 WebShot Remote Code Execution',
-          {
+          references: {
             url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
             cve: '2014-4663'
           },
-          'RCE',
-          '2.8.14'
+          type: 'RCE',
+          fixed_in: '2.8.14'
         )
       end
 

app/views/cli/vulnerability.erb

@@ -1,4 +1,7 @@
  | <%= critical_icon %> Title: <%= @v.title %>
+<% if @v.cvss -%>
+ |     CVSS: <%= @v.cvss[:score] %> (<%= @v.cvss[:vector] %>)
+<% end -%>
 <% if @v.fixed_in -%>
  |     Fixed in: <%= @v.fixed_in %>
 <% end -%>

app/views/json/finding.erb

@@ -19,6 +19,9 @@
   <% vulns.each_with_index do |v, index| -%>
   {
     "title": <%= v.title.to_json %>,
+    <% if v.cvss -%>
+    "cvss": <%= v.cvss.to_json %>,
+    <% end -%>
     "fixed_in": <%= v.fixed_in.to_json %>,
     "references": <%= v.references.to_json %>
   }<% unless index == last_index -%>,<% end -%>

lib/wpscan/references.rb

@@ -2,9 +2,7 @@
 
 module WPScan
   # References module (which should be included along with the CMSScanner::References)
-  # to allow the use of the wpvulndb and youtube references.
-  # Notes: The youtube references are not handled the same way all the others, especialy in the JSON output
-  #        as we output the full URL and not just the ID. Hence the override of the references= method
+  # to allow the use of the wpvulndb reference.
   module References
     extend ActiveSupport::Concern
 
@@ -12,27 +10,12 @@ module WPScan
     module ClassMethods
       # @return [ Array<Symbol> ]
       def references_keys
-        @references_keys ||= super << :wpvulndb << :youtube
-      end
-    end
-
-    # @param [ Hash ] refs
-    def references=(refs)
-      @references = {}
-
-      self.class.references_keys.each do |key|
-        next unless refs.key?(key)
-
-        @references[key] = if key == :youtube
-                             [*refs[:youtube]].map { |id| youtube_url(id) }
-                           else
-                             [*refs[key]].map(&:to_s)
-                           end
+        @references_keys ||= super << :wpvulndb
       end
     end
 
     def references_urls
-      wpvulndb_urls + super + youtube_urls
+      wpvulndb_urls + super
     end
 
     def wpvulndb_ids
@@ -46,13 +29,5 @@ module WPScan
     def wpvulndb_url(id)
       "https://wpvulndb.com/vulnerabilities/#{id}"
     end
-
-    def youtube_urls
-      references[:youtube] || []
-    end
-
-    def youtube_url(id)
-      "https://www.youtube.com/watch?v=#{id}"
-    end
   end
 end

lib/wpscan/vulnerability.rb

@@ -16,11 +16,14 @@ module WPScan
         end
       end
 
+      cvss = { score: json_data['cvss_risk_score'], vector: json_data['cvss_vector'] } if json_data['cvss_risk_score']
+
       new(
         json_data['title'],
-        references,
-        json_data['vuln_type'],
-        json_data['fixed_in']
+        references: references,
+        type: json_data['vuln_type'],
+        fixed_in: json_data['fixed_in'],
+        cvss: cvss
       )
     end
   end

spec/app/models/plugin_spec.rb

@@ -202,11 +202,11 @@ describe WPScan::Model::Plugin do
           [
             WPScan::Vulnerability.new(
               'First Vuln <= 6.3.10 - LFI',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
             ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
           ]
         end
 

spec/app/models/theme_spec.rb

@@ -224,11 +224,11 @@ describe WPScan::Model::Theme do
           [
             WPScan::Vulnerability.new(
               'First Vuln',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
             ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
           ]
         end
 

spec/app/models/wp_version_spec.rb

@@ -55,31 +55,15 @@ describe WPScan::Model::WpVersion do
         expect(version).to be_vulnerable
       end
 
-      let(:all_vulns) do
-        [
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 1',
-            { wpvulndb: '1' },
-            'SQLI'
-          ),
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 2',
-            { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
-            nil,
-            '3.8.2'
-          )
-        ]
-      end
-
       context 'when a signle vuln' do
-        let(:number) { '3.8.1' }
+        let(:number) { '3.8' }
         let(:db_data) { vuln_api_data_for('wordpresses/38') }
 
         it 'returns the expected result' do
           @expected = [WPScan::Vulnerability.new(
             'WP 3.8 - Vuln 1',
-            { url: %w[url-4], wpvulndb: '3' },
-            'AUTHBYPASS'
+            references: { url: %w[url-4], wpvulndb: '3' },
+            type: 'AUTHBYPASS'
           )]
         end
       end
@@ -92,14 +76,14 @@ describe WPScan::Model::WpVersion do
           @expected = [
             WPScan::Vulnerability.new(
               'WP 3.8.1 - Vuln 1',
-              { wpvulndb: '1' },
-              'SQLI'
+              references: { wpvulndb: '1' },
+              type: 'SQLI',
+              cvss: { score: '5.4', vector: 'VECTOR' }
             ),
             WPScan::Vulnerability.new(
               'WP 3.8.1 - Vuln 2',
-              { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
-              nil,
-              '3.8.2'
+              references: { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
+              fixed_in: '3.8.2'
             )
           ]
         end

spec/fixtures/db/vuln_api/wordpresses/381.json

@@ -9,7 +9,9 @@
       "id" : 1,
       "vuln_type" : "SQLI",
       "published_date" : null,
-      "fixed_in" : null
+      "fixed_in" : null,
+      "cvss_risk_score": "5.4",
+      "cvss_vector": "VECTOR"
      },
      {
       "references" : {

spec/lib/vulnerability_spec.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 describe WPScan::Vulnerability do
-  subject(:vuln)   { described_class.new(title, references) }
+  subject(:vuln)   { described_class.new(title, references: references) }
   let(:title)      { 'Test Vuln' }
   let(:references) { {} }
 

spec/output/wp_version/with_vulns.cli_no_colour

@@ -4,6 +4,7 @@
  | [!] 2 vulnerabilities identified:
  |
  | [!] Title: WP 3.8.1 - Vuln 1
+ |     CVSS: 5.4 (VECTOR)
  |     Reference: https://wpvulndb.com/vulnerabilities/1
  |
  | [!] Title: WP 3.8.1 - Vuln 2

spec/output/wp_version/with_vulns.json

@@ -14,6 +14,10 @@
     "vulnerabilities": [
       {
         "title": "WP 3.8.1 - Vuln 1",
+        "cvss": {
+          "score": "5.4",
+          "vector": "VECTOR"
+        },
         "fixed_in": null,
         "references": {
           "wpvulndb": [