Bumps versions

Updates deps
Adds DFs
2021-09-22 18:43:46 +02:00 · 2021-09-22 17:32:27 +02:00 · 2021-09-10 13:06:38 +02:00 · 2021-08-31 09:10:38 +02:00 · 2021-08-30 10:00:28 +00:00 · 2021-08-28 17:17:52 +02:00
1679 changed files with 753514 additions and 10127 deletions
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -0,0 +1,7 @@
+version: "2"
+# https://docs.codeclimate.com/docs/default-analysis-configuration#sample-codeclimateyml
+checks:
+  method-complexity:
+    enabled: true
+    config:
+      threshold: 15
--- a/.dockerignore
+++ b/.dockerignore
@@ -14,3 +14,4 @@ Dockerfile
 *.orig
 bin/wpscan-*
 .wpscan/
+.github/
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,3 +1,14 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.
+
 ### Subject of the issue
 Describe your issue here.

@@ -24,4 +35,4 @@ Things you have tried (where relevant):
 * Update Ruby to the latest version [ ]
 * Ensure you can reach the target site using cURL [ ]
 * Proxied WPScan through a HTTP proxy to view the raw traffic [ ]
-* Ensure you are using a supported Operating System (Linux and macOS) [ ]
+* Ensure you are using a supported Operating System (Linux and macOS) [ ]
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/.github/ISSUE_TEMPLATE/other-issue.md
+++ b/.github/ISSUE_TEMPLATE/other-issue.md
@@ -0,0 +1,10 @@
+---
+name: Other Issue
+about: Create a report which is not a related to a Bug or Feature
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every weekday
+      interval: "daily"
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -0,0 +1,42 @@
+name: Build
+
+on: [push, pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        ruby: [2.5, 2.6, 2.7, 3.0]
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2.3.4
+
+    - name: Set up Ruby ${{ matrix.ruby }}
+      uses: actions/setup-ruby@v1.1.3
+      with:
+        ruby-version: ${{ matrix.ruby }}
+
+    - name: Install GEMs
+      run: |
+        gem install bundler
+        bundle config force_ruby_platform true
+        bundle config path vendor/bundle
+        bundle install --jobs 4 --retry 3
+
+    - name: rubocop
+      run: |
+        bundle exec rubocop
+
+    - name: rspec
+      run: |
+        bundle exec rspec
+
+    - name: Coveralls
+      uses: coverallsapp/github-action@master
+      continue-on-error: true
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,49 @@
+name: Build Docker Images
+
+on:
+  push:
+    branches:
+      - master
+  release:
+    types: [published]
+  schedule:
+    - cron: '0 7 * * *'
+
+jobs:
+  images:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: checkout sources
+        uses: actions/checkout@v2.3.4
+
+      - name: Set tag to latest
+        if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'schedule'
+        run: |
+          echo "DOCKER_TAG=latest" >> $GITHUB_ENV
+
+      - name: Set tag to release name
+        if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags/')
+        run: |
+          echo "DOCKER_TAG=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+
+      - name: Check if DOCKER_TAG is set
+        if: env.DOCKER_TAG == ''
+        run: |
+          echo DOCKER_TAG is not set!
+          exit 1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1.10.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: wpscanteam/wpscan:${{ env.DOCKER_TAG }}
--- a/.github/workflows/gempush.yml
+++ b/.github/workflows/gempush.yml
@@ -0,0 +1,40 @@
+name: Ruby Gem
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    name: Build + Publish
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1.1.3
+      with:
+        ruby-version: 2.6.x
+
+    #- name: Publish to GPR
+    #  run: |
+    #    mkdir -p $HOME/.gem
+    #    touch $HOME/.gem/credentials
+    #    chmod 0600 $HOME/.gem/credentials
+    #    printf -- "---\n:github: Bearer ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+    #    gem build *.gemspec
+    #    gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
+    #  env:
+    #    GEM_HOST_API_KEY: ${{secrets.GITHUB_TOKEN}}
+    #    OWNER: wpscanteam
+
+    - name: Publish to RubyGems
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
--- a/.rspec
+++ b/.rspec
@@ -1,3 +1,2 @@
--color
--fail-fast
--require spec_helper
+--require spec_helper
+--color
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,26 +1,42 @@
+require: rubocop-performance
 AllCops:
-  TargetRubyVersion: 2.3
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 2.5
  Exclude:
  - '*.gemspec'
  - 'vendor/**/*'
-ClassVars:
-  Enabled: false
-LineLength:
+Layout/LineLength:
  Max: 120
-MethodLength:
-  Max: 20
+Lint/ConstantDefinitionInBlock:
+  Enabled: false
+Lint/MissingSuper:
+  Enabled: false
 Lint/UriEscapeUnescape:
  Enabled: false
 Metrics/AbcSize:
-  Max: 25
+  Max: 27
 Metrics/BlockLength:
  Exclude:
  - 'spec/**/*'
 Metrics/ClassLength:
  Max: 150
+  Exclude:
+  - 'app/controllers/enumeration/cli_options.rb'
 Metrics/CyclomaticComplexity:
-  Max: 8
+  Max: 10
+Metrics/MethodLength:
+  Max: 20
+  Exclude:
+  - 'app/controllers/enumeration/cli_options.rb'
+Metrics/PerceivedComplexity:
+  Max: 11
+Style/ClassVars:
+  Enabled: false
 Style/Documentation:
  Enabled: false
 Style/FormatStringToken:
  Enabled: false
+Style/NumericPredicate:
+  Exclude:
+  - 'app/controllers/vuln_api.rb'
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.6.2
+3.0.2
--- a/.simplecov
+++ b/.simplecov
@@ -1,4 +1,19 @@
+# frozen_string_literal: true
+
+if ENV['GITHUB_ACTION']
+  require 'simplecov-lcov'
+
+  SimpleCov::Formatter::LcovFormatter.config do |c|
+    c.single_report_path = 'coverage/lcov.info'
+    c.report_with_single_file = true
+  end
+
+  SimpleCov.formatter = SimpleCov::Formatter::LcovFormatter
+end
+
 SimpleCov.start do
+  enable_coverage :branch # Only supported for Ruby >= 2.5
+
  add_filter '/spec/'
  add_filter 'helper'
-end
+end
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,40 +0,0 @@
-language: ruby
-sudo: false
-cache: bundler
-rvm:
-  - 2.3.0
-  - 2.3.1
-  - 2.3.2
-  - 2.3.3
-  - 2.3.4
-  - 2.3.5
-  - 2.3.6
-  - 2.3.7
-  - 2.3.8
-  - 2.4.1
-  - 2.4.2
-  - 2.4.3
-  - 2.4.4
-  - 2.4.5
-  - 2.5.0
-  - 2.5.1
-  - 2.5.2
-  - 2.5.3
-  - 2.5.4
-  - 2.5.5
-  - 2.6.0
-  - 2.6.1
-  - 2.6.2
-  - ruby-head
-before_install:
-  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
-  - gem update --system
-matrix:
-  allow_failures:
-    - rvm: ruby-head
-script:
-  - bundle exec rubocop
-  - bundle exec rspec
-notifications:
-  email:
-    - team@wpscan.org
--- a/25
+++ b/25
@@ -1,16 +1,16 @@
-FROM ruby:2.6.2-alpine3.9 AS builder
-LABEL maintainer="WPScan Team <team@wpscan.org>"
+FROM ruby:3.0.2-alpine AS builder
+LABEL maintainer="WPScan Team <contact@wpscan.com>"

-ARG BUNDLER_ARGS="--jobs=8 --without test development"
-
-RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+RUN echo "install: --no-document --no-post-install-message\nupdate: --no-document --no-post-install-message" > /etc/gemrc

 COPY . /wpscan

 RUN apk add --no-cache git libcurl ruby-dev libffi-dev make gcc musl-dev zlib-dev procps sqlite-dev && \
-  bundle install --system --clean --no-cache --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \
-  # temp fix for https://github.com/bundler/bundler/issues/6680
-  rm -rf /usr/local/bundle/cache
+  bundle config force_ruby_platform true && \
+  bundle config disable_version_check 'true' && \
+  bundle config without "test development" && \
+  bundle config path.system 'true' && \
+  bundle install --gemfile=/wpscan/Gemfile --jobs=8

 WORKDIR /wpscan
 RUN rake install --trace
@@ -19,20 +19,23 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle


-FROM ruby:2.6.2-alpine3.9
-LABEL maintainer="WPScan Team <team@wpscan.org>"
+FROM ruby:3.0.2-alpine
+LABEL maintainer="WPScan Team <contact@wpscan.com>"
+LABEL org.opencontainers.image.source https://github.com/wpscanteam/wpscan

 RUN adduser -h /wpscan -g WPScan -D wpscan

 COPY --from=builder /usr/local/bundle /usr/local/bundle
+
 RUN chown -R wpscan:wpscan /wpscan

 # runtime dependencies
 RUN apk add --no-cache libcurl procps sqlite-libs

+WORKDIR /wpscan

 USER wpscan
+
 RUN /usr/local/bundle/bin/wpscan --update --verbose

 ENTRYPOINT ["/usr/local/bundle/bin/wpscan"]
-CMD ["--help"]
--- a/2
+++ b/2
@@ -2,3 +2,5 @@

 source 'https://rubygems.org'
 gemspec
+
+# gem 'cms_scanner', branch: 'xxx', git: 'https://github.com/wpscanteam/CMSScanner.git'
--- a/4
+++ b/4
@@ -27,9 +27,7 @@ Example cases which do not require a commercial license, and thus fall under the
 - Using WPScan to test your own systems.
 - Any non-commercial use of WPScan.

-If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
-
-We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.

 Free-use Terms and Conditions;

--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 <p align="center">
-  <a href="https://wpscan.org/">
+  <a href="https://wpscan.com/">
    <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
  </a>
 </p>
@@ -7,17 +7,17 @@
 <h3 align="center">WPScan</h3>

 <p align="center">
-  WordPress Vulnerability Scanner
+  WordPress Security Scanner
  <br>
  <br>
-  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
+  <a href="https://wpscan.com/" title="homepage" target="_blank">WPScan WordPress Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
 </p>

 <p align="center">
  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
-  <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
+  <a href="https://hub.docker.com/r/wpscanteam/wpscan/" target="_blank"><img src="https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg"></a>
+  <a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
-  <a href="https://www.patreon.com/wpscan" target="_blank"><img src="https://img.shields.io/badge/patreon-donate-green.svg"></a>
 </p>

 # INSTALL
@@ -25,13 +25,23 @@
 ## Prerequisites

 - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
- Ruby >= 2.3 - Recommended: latest
+- Ruby >= 2.5 - Recommended: latest
  - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
- Curl >= 7.21  - Recommended: latest
+- Curl >= 7.72  - Recommended: latest
  - The 7.29 has a segfault
+  - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
 - RubyGems      - Recommended: latest
+- Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html

-### From RubyGems (Recommended)
+### In a Pentesting distribution
+
+When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
+
+### In macOSX via Homebrew
+
+`brew install wpscanteam/tap/wpscan`
+
+### From RubyGems

 ```shell
 gem install wpscan
@@ -39,23 +49,11 @@ gem install wpscan

 On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))

-### From sources (NOT Recommended)
-
-Prerequisites: Git
-
-```shell
-git clone https://github.com/wpscanteam/wpscan
-
-cd wpscan/
-
-bundle install && rake install
-```
-
 # Updating

 You can update the local database by using ```wpscan --update```

-Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
+Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending on how WPScan was (pre)installed

 # Docker

@@ -77,41 +75,77 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1

 # Usage

-```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
+Full user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
+
+```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
+
+If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
 As a result, when using the ```--enumerate``` option, don't forget to set the ```--plugins-detection``` accordingly, as its default is 'passive'.

 For more options, open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)

 The DB is located at ~/.wpscan/db

+## Optional: WordPress Vulnerability Database API
+
+The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
+
+Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
+
+#### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
+
+### How many API requests do you need?
+
+- Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
+- On average, a WordPress website has 22 installed plugins.
+- The Free plan should cover around 50% of all WordPress websites.
+
+## Load CLI options from file/s
+
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):

- ~/.wpscan/cli_options.json
- ~/.wpscan/cli_options.yml
- pwd/.wpscan/cli_options.json
- pwd/.wpscan/cli_options.yml
+- ~/.wpscan/scan.json
+- ~/.wpscan/scan.yml
+- pwd/.wpscan/scan.json
+- pwd/.wpscan/scan.yml

-If those files exist, options from them will be loaded and overridden if found twice.
+If those files exist, options from the `cli_options` key will be loaded and overridden if found twice.

 e.g:

-~/.wpscan/cli_options.yml:
+~/.wpscan/scan.yml:

 ```yml
-proxy: 'http://127.0.0.1:8080'
-verbose: true
+cli_options:
+  proxy: 'http://127.0.0.1:8080'
+  verbose: true
 ```

-pwd/.wpscan/cli_options.yml:
+pwd/.wpscan/scan.yml:

 ```yml
-proxy: 'socks5://127.0.0.1:9090'
-url: 'http://target.tld'
+cli_options:
+  proxy: 'socks5://127.0.0.1:9090'
+  url: 'http://target.tld'
 ```

 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```

-Enumerating usernames
+## Save API Token in a file
+
+The feature mentioned above is useful to keep the API Token in a config file and not have to supply it via the CLI each time. To do so, create the ~/.wpscan/scan.yml file containing the below:
+
+```yml
+cli_options:
+  api_token: YOUR_API_TOKEN
+```
+
+## Load API Token From ENV (since v3.7.10)
+
+The API Token will be automatically loaded from the ENV variable `WPSCAN_API_TOKEN` if present. If the `--api-token` CLI option is also provided, the value from the CLI will be used.
+
+
+## Enumerating usernames

 ```shell
 wpscan --url https://target.tld/ --enumerate u
@@ -158,7 +192,7 @@ Example cases which do not require a commercial license, and thus fall under the
 - Using WPScan to test your own systems.
 - Any non-commercial use of WPScan.

-If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.

 Free-use Terms and Conditions;

--- a/6
+++ b/6
@@ -6,14 +6,18 @@ exec = []

 begin
  require 'rubocop/rake_task'
+
  RuboCop::RakeTask.new
+
  exec << :rubocop
 rescue LoadError
 end

 begin
  require 'rspec/core/rake_task'
-  RSpec::Core::RakeTask.new(:spec)
+
+  RSpec::Core::RakeTask.new(:spec) { |t| t.rspec_opts = %w{--tag ~slow} }
+
  exec << :spec
 rescue LoadError
 end
--- a/app/controllers.rb
+++ b/app/controllers.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true

 require_relative 'controllers/core'
+require_relative 'controllers/vuln_api'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
 require_relative 'controllers/main_theme'
--- a/app/controllers/core.rb
+++ b/app/controllers/core.rb
@@ -8,13 +8,13 @@ module WPScan
      def cli_options
        [OptURL.new(['--url URL', 'The URL of the blog to scan'],
                    required_unless: %i[update help hh version], default_protocol: 'http')] +
-          super.drop(1) + # delete the --url from CMSScanner
+          super.drop(2) + # delete the --url and --force from CMSScanner
          [
            OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                          choices: %w[apache iis nginx],
                          normalize: %i[downcase to_sym],
                          advanced: true),
-            OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
+            OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
            OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
          ]
      end
@@ -27,38 +27,41 @@ module WPScan
      # @return [ Boolean ]
      def update_db_required?
        if local_db.missing_files?
-          raise Error::MissingDatabaseFile if parsed_options[:update] == false
+          raise Error::MissingDatabaseFile if ParsedCli.update == false

          return true
        end

-        return parsed_options[:update] unless parsed_options[:update].nil?
+        return ParsedCli.update unless ParsedCli.update.nil?

        return false unless user_interaction? && local_db.outdated?

        output('@notice', msg: 'It seems like you have not updated the database for some time.')
        print '[?] Do you want to update now? [Y]es [N]o, default: [N]'

-        Readline.readline =~ /^y/i ? true : false
+        /^y/i.match?(Readline.readline)
      end

      def update_db
        output('db_update_started')
-        output('db_update_finished', updated: local_db.update, verbose: parsed_options[:verbose])
+        output('db_update_finished', updated: local_db.update, verbose: ParsedCli.verbose)

-        exit(0) unless parsed_options[:url]
+        exit(0) unless ParsedCli.url
      end

      def before_scan
        @last_update = local_db.last_update

-        maybe_output_banner_help_and_version # From CMS Scanner
+        maybe_output_banner_help_and_version # From CMSScanner

        update_db if update_db_required?
        setup_cache
        check_target_availability
        load_server_module
        check_wordpress_state
+      rescue Error::NotWordPress => e
+        target.maybe_add_cookies
+        raise e unless target.wordpress?(ParsedCli.detection_mode)
      end

      # Raises errors if the target is hosted on wordpress.com or is not running WordPress
@@ -66,14 +69,14 @@ module WPScan
      def check_wordpress_state
        raise Error::WordPressHosted if target.wordpress_hosted?

-        if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
+        if %r{/wp-admin/install.php$}i.match?(Addressable::URI.parse(target.homepage_url).path)

          output('not_fully_configured', url: target.homepage_url)

          exit(WPScan::ExitCode::VULNERABLE)
        end

-        raise Error::NotWordPress unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
+        raise Error::NotWordPress unless target.wordpress?(ParsedCli.detection_mode) || ParsedCli.force
      end

      # Loads the related server module in the target
@@ -85,7 +88,7 @@ module WPScan
        server = target.server || :Apache # Tries to auto detect the server

        # Force a specific server module to be loaded if supplied
-        case parsed_options[:server]
+        case ParsedCli.server
        when :apache
          server = :Apache
        when :iis
--- a/app/controllers/custom_directories.rb
+++ b/app/controllers/custom_directories.rb
@@ -7,18 +7,18 @@ module WPScan
    class CustomDirectories < CMSScanner::Controller::Base
      def cli_options
        [
-          OptString.new(['--wp-content-dir DIR']),
-          OptString.new(['--wp-plugins-dir DIR'])
+          OptString.new(['--wp-content-dir DIR',
+                         'The wp-content directory if custom or not detected, such as "wp-content"']),
+          OptString.new(['--wp-plugins-dir DIR',
+                         'The plugins directory if custom or not detected, such as "wp-content/plugins"'])
        ]
      end

      def before_scan
-        target.content_dir = parsed_options[:wp_content_dir] if parsed_options[:wp_content_dir]
-        target.plugins_dir = parsed_options[:wp_plugins_dir] if parsed_options[:wp_plugins_dir]
+        target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
+        target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir

-        return if target.content_dir
-
-        raise Error::WpContentDirNotDetected
+        raise Error::WpContentDirNotDetected unless target.content_dir
      end
    end
  end
--- a/app/controllers/enumeration.rb
+++ b/app/controllers/enumeration.rb
@@ -7,17 +7,8 @@ module WPScan
  module Controller
    # Enumeration Controller
    class Enumeration < CMSScanner::Controller::Base
-      def before_scan
-        DB::DynamicFinders::Plugin.create_versions_finders
-        DB::DynamicFinders::Theme.create_versions_finders
-
-        # Force the Garbage Collector to run due to the above method being
-        # quite heavy in objects allocation
-        GC.start
-      end
-
      def run
-        enum = parsed_options[:enumerate] || {}
+        enum = ParsedCli.enumerate || {}

        enum_plugins if enum_plugins?(enum)
        enum_themes  if enum_themes?(enum)
--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -11,7 +11,6 @@ module WPScan
      end

      # @return [ Array<OptParseValidator::OptBase> ]
-      # rubocop:disable Metrics/MethodLength
      def cli_enum_choices
        [
          OptMultiChoices.new(
@@ -19,10 +18,10 @@ module WPScan
            choices: {
              vp: OptBoolean.new(['--vulnerable-plugins']),
              ap: OptBoolean.new(['--all-plugins']),
-              p: OptBoolean.new(['--plugins']),
+              p: OptBoolean.new(['--popular-plugins']),
              vt: OptBoolean.new(['--vulnerable-themes']),
              at: OptBoolean.new(['--all-themes']),
-              t: OptBoolean.new(['--themes']),
+              t: OptBoolean.new(['--popular-themes']),
              tt: OptBoolean.new(['--timthumbs']),
              cb: OptBoolean.new(['--config-backups']),
              dbe: OptBoolean.new(['--db-exports']),
@@ -45,7 +44,6 @@ module WPScan
          )
        ]
      end
-      # rubocop:enable Metrics/MethodLength

      # @return [ Array<OptParseValidator::OptBase> ]
      def cli_plugins_opts
@@ -53,7 +51,7 @@ module WPScan
          OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),
          OptChoice.new(
            ['--plugins-detection MODE',
-             'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
+             'Use the supplied mode to enumerate Plugins.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive
          ),
          OptBoolean.new(
@@ -64,9 +62,13 @@ module WPScan
          ),
          OptChoice.new(
            ['--plugins-version-detection MODE',
-             'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
-             'or --plugins-detection modes.'],
+             'Use the supplied mode to check plugins\' versions.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
+          ),
+          OptInteger.new(
+            ['--plugins-threshold THRESHOLD',
+             'Raise an error when the number of detected plugins via known locations reaches the threshold. ' \
+             'Set to 0 to ignore the threshold.'], default: 100, advanced: true
          )
        ]
      end
@@ -91,6 +93,11 @@ module WPScan
             'Use the supplied mode to check themes versions instead of the --detection-mode ' \
             'or --themes-detection modes.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          ),
+          OptInteger.new(
+            ['--themes-threshold THRESHOLD',
+             'Raise an error when the number of detected themes via known locations reaches the threshold. ' \
+             'Set to 0 to ignore the threshold.'], default: 20, advanced: true
          )
        ]
      end
@@ -163,6 +170,12 @@ module WPScan
            ['--users-detection MODE',
             'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          ),
+          OptRegexp.new(
+            [
+              '--exclude-usernames REGEXP_OR_STRING',
+              'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'
+            ], options: Regexp::IGNORECASE
          )
        ]
      end
--- a/app/controllers/enumeration/enum_methods.rb
+++ b/app/controllers/enumeration/enum_methods.rb
@@ -7,13 +7,13 @@ module WPScan
      # @param [ String ] type (plugins or themes)
      # @param [ Symbol ] detection_mode
      #
-      # @return [ String ] The related enumration message depending on the parsed_options and type supplied
+      # @return [ String ] The related enumration message depending on the ParsedCli and type supplied
      def enum_message(type, detection_mode)
        return unless %w[plugins themes].include?(type)

-        details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
+        details = if ParsedCli.enumerate[:"vulnerable_#{type}"]
                    'Vulnerable'
-                  elsif parsed_options[:enumerate][:"all_#{type}"]
+                  elsif ParsedCli.enumerate[:"all_#{type}"]
                    'All'
                  else
                    'Most Popular'
@@ -39,15 +39,15 @@ module WPScan
      #
      # @return [ Hash ]
      def default_opts(type)
-        mode = parsed_options[:"#{type}_detection"] || parsed_options[:detection_mode]
+        mode = ParsedCli.options[:"#{type}_detection"] || ParsedCli.detection_mode

        {
          mode: mode,
-          exclude_content: parsed_options[:exclude_content_based],
+          exclude_content: ParsedCli.exclude_content_based,
          show_progression: user_interaction?,
          version_detection: {
-            mode: parsed_options[:"#{type}_version_detection"] || mode,
-            confidence_threshold: parsed_options[:"#{type}_version_all"] ? 0 : 100
+            mode: ParsedCli.options[:"#{type}_version_detection"] || mode,
+            confidence_threshold: ParsedCli.options[:"#{type}_version_all"] ? 0 : 100
          }
        }
      end
@@ -56,12 +56,13 @@ module WPScan
      #
      # @return [ Boolean ] Wether or not to enumerate the plugins
      def enum_plugins?(opts)
-        opts[:plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
+        opts[:popular_plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
      end

      def enum_plugins
        opts = default_opts('plugins').merge(
-          list: plugins_list_from_opts(parsed_options),
+          list: plugins_list_from_opts(ParsedCli.options),
+          threshold: ParsedCli.plugins_threshold,
          sort: true
        )

@@ -77,7 +78,7 @@ module WPScan

        plugins.each(&:version)

-        plugins.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_plugins]
+        plugins.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_plugins]

        output('plugins', plugins: plugins)
      end
@@ -91,7 +92,7 @@ module WPScan

        if opts[:enumerate][:all_plugins]
          DB::Plugins.all_slugs
-        elsif opts[:enumerate][:plugins]
+        elsif opts[:enumerate][:popular_plugins]
          DB::Plugins.popular_slugs
        else
          DB::Plugins.vulnerable_slugs
@@ -102,12 +103,13 @@ module WPScan
      #
      # @return [ Boolean ] Wether or not to enumerate the themes
      def enum_themes?(opts)
-        opts[:themes] || opts[:all_themes] || opts[:vulnerable_themes]
+        opts[:popular_themes] || opts[:all_themes] || opts[:vulnerable_themes]
      end

      def enum_themes
        opts = default_opts('themes').merge(
-          list: themes_list_from_opts(parsed_options),
+          list: themes_list_from_opts(ParsedCli.options),
+          threshold: ParsedCli.themes_threshold,
          sort: true
        )

@@ -123,7 +125,7 @@ module WPScan

        themes.each(&:version)

-        themes.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_themes]
+        themes.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_themes]

        output('themes', themes: themes)
      end
@@ -137,7 +139,7 @@ module WPScan

        if opts[:enumerate][:all_themes]
          DB::Themes.all_slugs
-        elsif opts[:enumerate][:themes]
+        elsif opts[:enumerate][:popular_themes]
          DB::Themes.popular_slugs
        else
          DB::Themes.vulnerable_slugs
@@ -145,28 +147,28 @@ module WPScan
      end

      def enum_timthumbs
-        opts = default_opts('timthumbs').merge(list: parsed_options[:timthumbs_list])
+        opts = default_opts('timthumbs').merge(list: ParsedCli.timthumbs_list)

        output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('timthumbs', timthumbs: target.timthumbs(opts))
      end

      def enum_config_backups
-        opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
+        opts = default_opts('config_backups').merge(list: ParsedCli.config_backups_list)

        output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('config_backups', config_backups: target.config_backups(opts))
      end

      def enum_db_exports
-        opts = default_opts('db_exports').merge(list: parsed_options[:db_exports_list])
+        opts = default_opts('db_exports').merge(list: ParsedCli.db_exports_list)

        output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('db_exports', db_exports: target.db_exports(opts))
      end

      def enum_medias
-        opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
+        opts = default_opts('medias').merge(range: ParsedCli.enumerate[:medias])

        if user_interaction?
          output('@info',
@@ -181,13 +183,13 @@ module WPScan
      #
      # @return [ Boolean ] Wether or not to enumerate the users
      def enum_users?(opts)
-        opts[:users] || (parsed_options[:passwords] && !parsed_options[:username] && !parsed_options[:usernames])
+        opts[:users] || (ParsedCli.passwords && !ParsedCli.username && !ParsedCli.usernames)
      end

      def enum_users
        opts = default_opts('users').merge(
          range: enum_users_range,
-          list: parsed_options[:users_list]
+          list: ParsedCli.users_list
        )

        output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
@@ -198,7 +200,7 @@ module WPScan
      # If the --enumerate is used, the default value is handled by the Option
      # However, when using --passwords alone, the default has to be set by the code below
      def enum_users_range
-        parsed_options[:enumerate][:users] || cli_enum_choices[0].choices[:u].validate(nil)
+        ParsedCli.enumerate[:users] || cli_enum_choices[0].choices[:u].validate(nil)
      end
    end
  end
--- a/app/controllers/main_theme.rb
+++ b/app/controllers/main_theme.rb
@@ -18,9 +18,9 @@ module WPScan
        output(
          'theme',
          theme: target.main_theme(
-            mode: parsed_options[:main_theme_detection] || parsed_options[:detection_mode]
+            mode: ParsedCli.main_theme_detection || ParsedCli.detection_mode
          ),
-          verbose: parsed_options[:verbose]
+          verbose: ParsedCli.verbose
        )
      end
    end
--- a/app/controllers/password_attack.rb
+++ b/app/controllers/password_attack.rb
@@ -19,31 +19,37 @@ module WPScan
          OptChoice.new(['--password-attack ATTACK',
                         'Force the supplied attack to be used rather than automatically determining one.'],
                        choices: %w[wp-login xmlrpc xmlrpc-multicall],
-                        normalize: %i[downcase underscore to_sym])
+                        normalize: %i[downcase underscore to_sym]),
+          OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
        ]
      end

-      def run
-        return unless parsed_options[:passwords]
-
-        if user_interaction?
-          output('@info',
-                 msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s")
-        end
-
-        attack_opts = {
+      def attack_opts
+        @attack_opts ||= {
          show_progression: user_interaction?,
-          multicall_max_passwords: parsed_options[:multicall_max_passwords]
+          multicall_max_passwords: ParsedCli.multicall_max_passwords
        }
+      end
+
+      def run
+        return unless ParsedCli.passwords

        begin
          found = []

-          attacker.attack(users, passwords(parsed_options[:passwords]), attack_opts) do |user|
+          if user_interaction?
+            output('@info',
+                   msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s")
+          end
+
+          attacker.attack(users, ParsedCli.passwords, attack_opts) do |user|
            found << user

            attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}")
          end
+        rescue Error::NoLoginInterfaceDetected => e
+          # TODO: Maybe output that in JSON as well.
+          output('@notice', msg: e.to_s) if user_interaction?
        ensure
          output('users', users: found)
        end
@@ -61,54 +67,62 @@ module WPScan

      # @return [ CMSScanner::Finders::Finder ]
      def attacker_from_cli_options
-        return unless parsed_options[:password_attack]
+        return unless ParsedCli.password_attack

-        case parsed_options[:password_attack]
+        case ParsedCli.password_attack
        when :wp_login
-          WPScan::Finders::Passwords::WpLogin.new(target)
+          raise Error::NoLoginInterfaceDetected unless target.login_url
+
+          Finders::Passwords::WpLogin.new(target)
        when :xmlrpc
          raise Error::XMLRPCNotDetected unless xmlrpc

-          WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
+          Finders::Passwords::XMLRPC.new(xmlrpc)
        when :xmlrpc_multicall
          raise Error::XMLRPCNotDetected unless xmlrpc

-          WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+          Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+        end
+      end
+
+      # @return [ Boolean ]
+      def xmlrpc_get_users_blogs_enabled?
+        if xmlrpc&.enabled? &&
+           xmlrpc.available_methods.include?('wp.getUsersBlogs') &&
+           !xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
+                  .run.body.match?(/>\s*405\s*</)
+
+          true
+        else
+          false
        end
      end

      # @return [ CMSScanner::Finders::Finder ]
      def attacker_from_automatic_detection
-        if xmlrpc&.enabled? && xmlrpc.available_methods.include?('wp.getUsersBlogs')
+        if xmlrpc_get_users_blogs_enabled?
          wp_version = target.wp_version

          if wp_version && wp_version < '4.4'
-            WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+            Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
          else
-            WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
+            Finders::Passwords::XMLRPC.new(xmlrpc)
          end
+        elsif target.login_url
+          Finders::Passwords::WpLogin.new(target)
        else
-          WPScan::Finders::Passwords::WpLogin.new(target)
+          raise Error::NoLoginInterfaceDetected
        end
      end

      # @return [ Array<Users> ] The users to brute force
      def users
-        return target.users unless parsed_options[:usernames]
+        return target.users unless ParsedCli.usernames

-        parsed_options[:usernames].reduce([]) do |acc, elem|
+        ParsedCli.usernames.reduce([]) do |acc, elem|
          acc << Model::User.new(elem.chomp)
        end
      end
-
-      # @param [ String ] wordlist_path
-      #
-      # @return [ Array<String> ]
-      def passwords(wordlist_path)
-        @passwords ||= File.open(wordlist_path).reduce([]) do |acc, elem|
-          acc << elem.chomp
-        end
-      end
    end
  end
 end
--- a/app/controllers/vuln_api.rb
+++ b/app/controllers/vuln_api.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Controller
+    # Controller to handle the API token
+    class VulnApi < CMSScanner::Controller::Base
+      ENV_KEY = 'WPSCAN_API_TOKEN'
+
+      def cli_options
+        [
+          OptString.new(
+            ['--api-token TOKEN',
+             'The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile']
+          )
+        ]
+      end
+
+      def before_scan
+        return unless ParsedCli.api_token || ENV.key?(ENV_KEY)
+
+        DB::VulnApi.token = ParsedCli.api_token || ENV[ENV_KEY]
+
+        api_status = DB::VulnApi.status
+
+        raise Error::InvalidApiToken if api_status['status'] == 'forbidden'
+        raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
+        raise api_status['http_error'] if api_status['http_error']
+      end
+
+      def after_scan
+        output('status', status: DB::VulnApi.status, api_requests: WPScan.api_requests)
+      end
+    end
+  end
+end
--- a/app/controllers/wp_version.rb
+++ b/app/controllers/wp_version.rb
@@ -17,15 +17,15 @@ module WPScan
      end

      def before_scan
-        WPScan::DB::DynamicFinders::Wordpress.create_versions_finders
+        DB::DynamicFinders::Wordpress.create_versions_finders
      end

      def run
        output(
          'version',
          version: target.wp_version(
-            mode: parsed_options[:wp_version_detection] || parsed_options[:detection_mode],
-            confidence_threshold: parsed_options[:wp_version_all] ? 0 : 100,
+            mode: ParsedCli.wp_version_detection || ParsedCli.detection_mode,
+            confidence_threshold: ParsedCli.wp_version_all ? 0 : 100,
            show_progression: user_interaction?
          )
        )
--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -4,11 +4,10 @@ module WPScan
  module Finders
    module DbExports
      # DB Exports finder
-      # See https://github.com/wpscanteam/wpscan-v3/issues/62
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator

-        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
+        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze

        # @param [ Hash ] opts
        # @option opts [ String ] :list
@@ -20,9 +19,9 @@ module WPScan

          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
            if res.effective_url.end_with?('.zip')
-              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+              next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
            else
-              next unless res.body =~ SQL_PATTERN
+              next unless SQL_PATTERN.match?(res.body)
            end

            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
@@ -40,18 +39,57 @@ module WPScan
        #
        # @return [ Hash ]
        def potential_urls(opts = {})
-          urls        = {}
-          domain_name = target.uri.host[/(^[\w|-]+)/, 1]
+          urls = {}
+          index = 0

-          File.open(opts[:list]).each_with_index do |path, index|
-            path.gsub!('{domain_name}', domain_name)
+          File.open(opts[:list]).each do |path|
+            path.chomp!

-            urls[target.url(path.chomp)] = index
+            if path.include?('{domain_name}')
+              urls[target.url(path.gsub('{domain_name}', domain_name))] = index
+
+              if domain_name != domain_name_with_sub
+                urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
+
+                index += 1
+              end
+            else
+              urls[target.url(path)] = index
+            end
+
+            index += 1
          end

          urls
        end

+        def domain_name
+          @domain_name ||= if Resolv::AddressRegex.match?(target.uri.host)
+                             target.uri.host
+                           else
+                             (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
+                           end
+        end
+
+        def domain_name_with_sub
+          @domain_name_with_sub ||=
+            if Resolv::AddressRegex.match?(target.uri.host)
+              target.uri.host
+            else
+              parsed = PublicSuffix.parse(target.uri.host)
+
+              if parsed.subdomain
+                parsed.subdomain.gsub(".#{parsed.tld}", '')
+              elsif parsed.domain
+                parsed.domain.gsub(".#{parsed.tld}", '')
+              else
+                target.uri.host
+              end
+            end
+        rescue PublicSuffix::DomainNotAllowed
+          @domain_name_with_sub = target.uri.host
+        end
+
        def create_progress_bar(opts = {})
          super(opts.merge(title: ' Checking DB Exports -'))
        end
--- a/app/finders/interesting_findings.rb
+++ b/app/finders/interesting_findings.rb
@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
 require_relative 'interesting_findings/backup_db'
 require_relative 'interesting_findings/mu_plugins'
+require_relative 'interesting_findings/php_disabled'
 require_relative 'interesting_findings/registration'
 require_relative 'interesting_findings/tmm_db_migrate'
 require_relative 'interesting_findings/upload_sql_dump'
@@ -26,7 +27,7 @@ module WPScan
          %w[
            Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
            Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-            UploadSQLDump EmergencyPwdResetScript WPCron
+            UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
          ].each do |f|
            finders << InterestingFindings.const_get(f).new(target)
          end
--- a/app/finders/interesting_findings/backup_db.rb
+++ b/app/finders/interesting_findings/backup_db.rb
@@ -16,8 +16,7 @@ module WPScan
            target.url(path),
            confidence: 70,
            found_by: DIRECT_ACCESS,
-            interesting_entries: target.directory_listing_entries(path),
-            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
+            interesting_entries: target.directory_listing_entries(path)
          )
        end
      end
--- a/app/finders/interesting_findings/debug_log.rb
+++ b/app/finders/interesting_findings/debug_log.rb
@@ -11,11 +11,7 @@ module WPScan

          return unless target.debug_log?(path)

-          Model::DebugLog.new(
-            target.url(path),
-            confidence: 100, found_by: DIRECT_ACCESS,
-            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
-          )
+          Model::DebugLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/duplicator_installer_log.rb
+++ b/app/finders/interesting_findings/duplicator_installer_log.rb
@@ -9,14 +9,9 @@ module WPScan
        def aggressive(_opts = {})
          path = 'installer-log.txt'

-          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
+          return unless /DUPLICATOR(-|\s)?(PRO|LITE)?:? INSTALL-LOG/i.match?(target.head_and_get(path).body)

-          Model::DuplicatorInstallerLog.new(
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
-          )
+          Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/emergency_pwd_reset_script.rb
+++ b/app/finders/interesting_findings/emergency_pwd_reset_script.rb
@@ -14,11 +14,8 @@ module WPScan

          Model::EmergencyPwdResetScript.new(
            target.url(path),
-            confidence: res.body =~ /password/i ? 100 : 40,
-            found_by: DIRECT_ACCESS,
-            references: {
-              url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
-            }
+            confidence: /password/i.match?(res.body) ? 100 : 40,
+            found_by: DIRECT_ACCESS
          )
        end
      end
--- a/app/finders/interesting_findings/full_path_disclosure.rb
+++ b/app/finders/interesting_findings/full_path_disclosure.rb
@@ -16,8 +16,7 @@ module WPScan
            target.url(path),
            confidence: 100,
            found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries,
-            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
+            interesting_entries: fpd_entries
          )
        end
      end
--- a/app/finders/interesting_findings/mu_plugins.rb
+++ b/app/finders/interesting_findings/mu_plugins.rb
@@ -7,20 +7,16 @@ module WPScan
      class MuPlugins < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def passive(_opts = {})
-          pattern = %r{#{target.content_dir}/mu\-plugins/}i
+          pattern = %r{#{target.content_dir}/mu-plugins/}i

-          target.in_scope_urls(target.homepage_res) do |url|
-            next unless Addressable::URI.parse(url).path =~ pattern
+          target.in_scope_uris(target.homepage_res, '(//@href|//@src)[contains(., "mu-plugins")]') do |uri|
+            next unless uri.path&.match?(pattern)

            url = target.url('wp-content/mu-plugins/')

-            return Model::MuPlugins.new(
-              url,
-              confidence: 70,
-              found_by: 'URLs In Homepage (Passive Detection)',
-              to_s: "This site has 'Must Use Plugins': #{url}",
-              references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-            )
+            target.mu_plugins = true
+
+            return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)')
          end
          nil
        end
@@ -33,17 +29,9 @@ module WPScan
          return unless [200, 401, 403].include?(res.code)
          return if target.homepage_or_404?(res)

-          # TODO: add the check for --exclude-content once implemented ?
-
          target.mu_plugins = true

-          Model::MuPlugins.new(
-            url,
-            confidence: 80,
-            found_by: DIRECT_ACCESS,
-            to_s: "This site has 'Must Use Plugins': #{url}",
-            references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-          )
+          Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/multisite.rb
+++ b/app/finders/interesting_findings/multisite.rb
@@ -12,18 +12,12 @@ module WPScan
          location = res.headers_hash['location']

          return unless [200, 302].include?(res.code)
-          return if res.code == 302 && location =~ /wp-login\.php\?action=register/
-          return unless res.code == 200 || res.code == 302 && location =~ /wp-signup\.php/
+          return if res.code == 302 && location&.include?('wp-login.php?action=register')
+          return unless res.code == 200 || (res.code == 302 && location&.include?('wp-signup.php'))

          target.multisite = true

-          Model::Multisite.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: 'This site seems to be a multisite',
-            references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
-          )
+          Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/php_disabled.rb
+++ b/app/finders/interesting_findings/php_disabled.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module InterestingFindings
+      # See https://github.com/wpscanteam/wpscan/issues/1593
+      class PHPDisabled < CMSScanner::Finders::Finder
+        PATTERN = /\$wp_version =/.freeze
+
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path = 'wp-includes/version.php'
+
+          return unless PATTERN.match?(target.head_and_get(path).body)
+
+          Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
+        end
+      end
+    end
+  end
+end
--- a/app/finders/interesting_findings/registration.rb
+++ b/app/finders/interesting_findings/registration.rb
@@ -20,12 +20,7 @@ module WPScan

          target.registration_enabled = true

-          Model::Registration.new(
-            res.effective_url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Registration is enabled: #{res.effective_url}"
-          )
+          Model::Registration.new(res.effective_url, confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/tmm_db_migrate.rb
+++ b/app/finders/interesting_findings/tmm_db_migrate.rb
@@ -13,12 +13,7 @@ module WPScan

          return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i

-          Model::TmmDbMigrate.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { packetstorm: 131_957 }
-          )
+          Model::TmmDbMigrate.new(url, confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/upload_directory_listing.rb
+++ b/app/finders/interesting_findings/upload_directory_listing.rb
@@ -13,12 +13,7 @@ module WPScan

          url = target.url(path)

-          Model::UploadDirectoryListing.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Upload directory has listing enabled: #{url}"
-          )
+          Model::UploadDirectoryListing.new(url, confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/upload_sql_dump.rb
+++ b/app/finders/interesting_findings/upload_sql_dump.rb
@@ -12,13 +12,9 @@ module WPScan
          path = 'wp-content/uploads/dump.sql'
          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })

-          return unless res.body =~ SQL_PATTERN
+          return unless SQL_PATTERN.match?(res.body)

-          Model::UploadSQLDump.new(
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS
-          )
+          Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
--- a/app/finders/interesting_findings/wp_cron.rb
+++ b/app/finders/interesting_findings/wp_cron.rb
@@ -11,17 +11,7 @@ module WPScan

          return unless res.code == 200

-          Model::WPCron.new(
-            wp_cron_url,
-            confidence: 60,
-            found_by: DIRECT_ACCESS,
-            references: {
-              url: [
-                'https://www.iplocation.net/defend-wordpress-from-ddos',
-                'https://github.com/wpscanteam/wpscan/issues/1299'
-              ]
-            }
-          )
+          Model::WPCron.new(wp_cron_url, confidence: 60, found_by: DIRECT_ACCESS)
        end

        def wp_cron_url
--- a/app/finders/main_theme.rb
+++ b/app/finders/main_theme.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true

-require_relative 'main_theme/css_style'
+require_relative 'main_theme/css_style_in_homepage'
+require_relative 'main_theme/css_style_in_404_page'
 require_relative 'main_theme/woo_framework_meta_generator'
 require_relative 'main_theme/urls_in_homepage'
+require_relative 'main_theme/urls_in_404_page'

 module WPScan
  module Finders
@@ -14,9 +16,11 @@ module WPScan
        # @param [ WPScan::Target ] target
        def initialize(target)
          finders <<
-            MainTheme::CssStyle.new(target) <<
+            MainTheme::CssStyleInHomepage.new(target) <<
+            MainTheme::CssStyleIn404Page.new(target) <<
            MainTheme::WooFrameworkMetaGenerator.new(target) <<
-            MainTheme::UrlsInHomepage.new(target)
+            MainTheme::UrlsInHomepage.new(target) <<
+            MainTheme::UrlsIn404Page.new(target)
        end
      end
    end
--- a/app/finders/main_theme/css_style_in_404_page.rb
+++ b/app/finders/main_theme/css_style_in_404_page.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module MainTheme
+      # From the CSS style in the 404 page
+      class CssStyleIn404Page < CssStyleInHomepage
+        def passive(opts = {})
+          passive_from_css_href(target.error_404_res, opts) || passive_from_style_code(target.error_404_res, opts)
+        end
+      end
+    end
+  end
+end
--- a/app/finders/main_theme/css_style_in_homepage.rb
+++ b/app/finders/main_theme/css_style_in_homepage.rb
@@ -3,9 +3,9 @@
 module WPScan
  module Finders
    module MainTheme
-      # From the css style
-      class CssStyle < CMSScanner::Finders::Finder
-        include Finders::WpItems::URLsInHomepage
+      # From the CSS style in the homepage
+      class CssStyleInHomepage < CMSScanner::Finders::Finder
+        include Finders::WpItems::UrlsInPage # To have the item_code_pattern method available here

        def create_theme(slug, style_url, opts)
          Model::Theme.new(
@@ -20,10 +20,10 @@ module WPScan
        end

        def passive_from_css_href(res, opts)
-          target.in_scope_urls(res, '//style/@src|//link/@href') do |url|
-            next unless Addressable::URI.parse(url).path =~ %r{/themes/([^\/]+)/style.css\z}i
+          target.in_scope_uris(res, '//link/@href[contains(., "style.css")]') do |uri|
+            next unless uri.path =~ %r{/themes/([^/]+)/style.css\z}i

-            return create_theme(Regexp.last_match[1], url, opts)
+            return create_theme(Regexp.last_match[1], uri.to_s, opts)
          end
          nil
        end
@@ -33,7 +33,7 @@ module WPScan
            code = tag.text.to_s
            next if code.empty?

-            next unless code =~ %r{#{item_code_pattern('themes')}\\?/style\.css[^"'\( ]*}i
+            next unless code =~ %r{#{item_code_pattern('themes')}\\?/style\.css[^"'( ]*}i

            return create_theme(Regexp.last_match[1], Regexp.last_match[0].strip, opts)
          end
--- a/app/finders/main_theme/urls_in_404_page.rb
+++ b/app/finders/main_theme/urls_in_404_page.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module MainTheme
+      # URLs In 404 Page Finder
+      class UrlsIn404Page < UrlsInHomepage
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.error_404_res
+        end
+      end
+    end
+  end
+end
--- a/app/finders/main_theme/urls_in_homepage.rb
+++ b/app/finders/main_theme/urls_in_homepage.rb
@@ -5,7 +5,7 @@ module WPScan
    module MainTheme
      # URLs In Homepage Finder
      class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage

        # @param [ Hash ] opts
        #
@@ -13,7 +13,7 @@ module WPScan
        def passive(opts = {})
          found = []

-          slugs = items_from_links('themes', false) + items_from_codes('themes', false)
+          slugs = items_from_links('themes', uniq: false) + items_from_codes('themes', uniq: false)

          slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
@@ -21,6 +21,11 @@ module WPScan

          found
        end
+
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.homepage_res
+        end
      end
    end
  end
--- a/app/finders/main_theme/woo_framework_meta_generator.rb
+++ b/app/finders/main_theme/woo_framework_meta_generator.rb
@@ -10,7 +10,7 @@ module WPScan
        PATTERN           = /#{THEME_PATTERN}\s+#{FRAMEWORK_PATTERN}/i.freeze

        def passive(opts = {})
-          return unless target.homepage_res.body =~ PATTERN
+          return unless target.homepage_res.body =~ PATTERN || target.error_404_res.body =~ PATTERN

          Model::Theme.new(
            Regexp.last_match[1],
--- a/app/finders/passwords/wp_login.rb
+++ b/app/finders/passwords/wp_login.rb
@@ -13,7 +13,7 @@ module WPScan

        def valid_credentials?(response)
          response.code == 302 &&
-            response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
+            Array(response.headers['Set-Cookie'])&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
        end

        def errored_response?(response)
--- a/app/finders/passwords/xml_rpc.rb
+++ b/app/finders/passwords/xml_rpc.rb
@@ -8,15 +8,15 @@ module WPScan
        include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

        def login_request(username, password)
-          target.method_call('wp.getUsersBlogs', [username, password])
+          target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
        end

        def valid_credentials?(response)
-          response.code == 200 && response.body =~ /blogName/
+          response.code == 200 && response.body.include?('blogName')
        end

        def errored_response?(response)
-          response.code != 200 && response.body !~ /login_error/i
+          response.code != 200 && response.body !~ /Incorrect username or password/i
        end
      end
    end
--- a/app/finders/passwords/xml_rpc_multicall.rb
+++ b/app/finders/passwords/xml_rpc_multicall.rb
@@ -19,11 +19,33 @@ module WPScan
            end
          end

-          target.multi_call(methods).run
+          target.multi_call(methods, cache_ttl: 0).run
+        end
+
+        # @param [ IO ] file
+        # @param [ Integer ] passwords_size
+        # @return [ Array<String> ] The passwords from the last checked position in the file until there are
+        #                           passwords_size passwords retrieved
+        def passwords_from_wordlist(file, passwords_size)
+          pwds       = []
+          added_pwds = 0
+
+          return pwds if passwords_size.zero?
+
+          # Make sure that the main code does not call #sysseek or #count etc
+          # otherwise the file descriptor will be set to somwehere else
+          file.each_line(chomp: true) do |line|
+            pwds << line
+            added_pwds += 1
+
+            break if added_pwds == passwords_size
+          end
+
+          pwds
        end

        # @param [ Array<Model::User> ] users
-        # @param [ Array<String> ] passwords
+        # @param [ String ] wordlist_path
        # @param [ Hash ] opts
        # @option opts [ Boolean ] :show_progression
        # @option opts [ Integer ] :multicall_max_passwords
@@ -33,18 +55,22 @@ module WPScan
        # TODO: Make rubocop happy about metrics etc
        #
        # rubocop:disable all
-        def attack(users, passwords, opts = {})
-          wordlist_index         = 0
+        def attack(users, wordlist_path, opts = {})
+          checked_passwords      = 0
+          wordlist               = File.open(wordlist_path)
+          wordlist_size          = wordlist.count
          max_passwords          = opts[:multicall_max_passwords]
          current_passwords_size = passwords_size(max_passwords, users.size)

-          create_progress_bar(total: (passwords.size / current_passwords_size.round(1)).ceil,
+          create_progress_bar(total: (wordlist_size / current_passwords_size.round(1)).ceil,
                              show_progression: opts[:show_progression])

+          wordlist.sysseek(0) # reset the descriptor to the beginning of the file as it changed with #count
+
          loop do
-            current_users     = users.select { |user| user.password.nil? }
-            current_passwords = passwords[wordlist_index, current_passwords_size]
-            wordlist_index   += current_passwords_size
+            current_users      = users.select { |user| user.password.nil? }
+            current_passwords  = passwords_from_wordlist(wordlist, current_passwords_size)
+            checked_passwords += current_passwords_size

            break if current_users.empty? || current_passwords.nil? || current_passwords.empty?

@@ -76,16 +102,19 @@ module WPScan
                break
              end

-              progress_bar.total = progress_bar.progress + ((passwords.size - wordlist_index) / current_passwords_size.round(1)).ceil
+              begin
+                progress_bar.total = progress_bar.progress + ((wordlist_size - checked_passwords) / current_passwords_size.round(1)).ceil
+              rescue ProgressBar::InvalidProgressError
+              end
            end
          end
          # Maybe a progress_bar.stop ?
        end
-        # rubocop:disable all
+        # rubocop:enable all

        def passwords_size(max_passwords, users_size)
          return 1 if max_passwords < users_size
-          return 0 if users_size == 0
+          return 0 if users_size.zero?

          max_passwords / users_size
        end
@@ -94,9 +123,13 @@ module WPScan
        def check_and_output_errors(res)
          progress_bar.log("Incorrect response: #{res.code} / #{res.return_message}") unless res.code == 200

-          progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)') if res.body =~ /parse error. not well formed/i
+          if /parse error. not well formed/i.match?(res.body)
+            progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)')
+          end

-          progress_bar.log('The requested method is not supported') if res.body =~ /requested method [^ ]+ does not exist/i
+          return unless /requested method [^ ]+ does not exist/i.match?(res.body)
+
+          progress_bar.log('The requested method is not supported')
        end
      end
    end
--- a/app/finders/plugin_version.rb
+++ b/app/finders/plugin_version.rb
@@ -13,25 +13,15 @@ module WPScan
        def initialize(plugin)
          finders << PluginVersion::Readme.new(plugin)

-          load_specific_finders(plugin)
+          create_and_load_dynamic_versions_finders(plugin)
        end

-        # Load the finders associated with the plugin
+        # Create the dynamic version finders related to the plugin and register them
        #
        # @param [ Model::Plugin ] plugin
-        def load_specific_finders(plugin)
-          module_name = plugin.classify
-
-          return unless Finders::PluginVersion.constants.include?(module_name)
-
-          mod = Finders::PluginVersion.const_get(module_name)
-
-          mod.constants.each do |constant|
-            c = mod.const_get(constant)
-
-            next unless c.is_a?(Class)
-
-            finders << c.new(plugin)
+        def create_and_load_dynamic_versions_finders(plugin)
+          DB::DynamicFinders::Plugin.create_versions_finders(plugin.slug).each do |finder|
+            finders << finder.new(plugin)
          end
        end
      end
--- a/app/finders/plugin_version/readme.rb
+++ b/app/finders/plugin_version/readme.rb
@@ -11,7 +11,7 @@ module WPScan

          # The target(plugin)#readme_url can't be used directly here
          # as if the --detection-mode is passive, it will always return nil
-          Model::WpItem::READMES.each do |file|
+          target.potential_readme_filenames.each do |file|
            res = target.head_and_get(file)

            next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?
@@ -48,18 +48,18 @@ module WPScan
        #
        # @return [ String, nil ] The version number detected from the stable tag
        def from_stable_tag(body)
-          return unless body =~ /\b(?:stable tag|version):\s*(?!trunk)([0-9a-z\.-]+)/i
+          return unless body =~ /\b(?:stable tag|version):\s*(?!trunk)([0-9a-z.-]+)/i

          number = Regexp.last_match[1]

-          number if number =~ /[0-9]+/
+          number if /[0-9]+/.match?(number)
        end

        # @param [ String ] body
        #
        # @return [ String, nil ] The best version number detected from the changelog section
        def from_changelog_section(body)
-          extracted_versions = body.scan(%r{[=]+\s+(?:v(?:ersion)?\s*)?([0-9\.-]+)[ \ta-z0-9\(\)\.\-\/]*[=]+}i)
+          extracted_versions = body.scan(%r{=+\s+(?:v(?:ersion)?\s*)?([0-9.-]+)[ \ta-z0-9().\-/]*=+}i)

          return if extracted_versions.nil? || extracted_versions.empty?

@@ -68,11 +68,9 @@ module WPScan
          extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }

          sorted = extracted_versions.sort do |x, y|
-            begin
-              Gem::Version.new(x) <=> Gem::Version.new(y)
-            rescue StandardError
-              0
-            end
+            Gem::Version.new(x) <=> Gem::Version.new(y)
+          rescue StandardError
+            0
          end

          sorted.last
--- a/app/finders/plugins.rb
+++ b/app/finders/plugins.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true

 require_relative 'plugins/urls_in_homepage'
+require_relative 'plugins/urls_in_404_page'
 require_relative 'plugins/known_locations'
 # From the DynamicFinders
 require_relative 'plugins/comment'
@@ -22,6 +23,7 @@ module WPScan
        def initialize(target)
          finders <<
            Plugins::UrlsInHomepage.new(target) <<
+            Plugins::UrlsIn404Page.new(target) <<
            Plugins::HeaderPattern.new(target) <<
            Plugins::Comment.new(target) <<
            Plugins::Xpath.new(target) <<
--- a/app/finders/plugins/body_pattern.rb
+++ b/app/finders/plugins/body_pattern.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'BodyPattern'
-      class BodyPattern < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class BodyPattern < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30

        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -15,7 +15,7 @@ module WPScan
        #
        # @return [ Plugin ] The detected plugin in the response, related to the config
        def process_response(opts, response, slug, klass, config)
-          return unless response.body =~ config['pattern']
+          return unless response.body&.match?(config['pattern'])

          Model::Plugin.new(
            slug,
--- a/app/finders/plugins/comment.rb
+++ b/app/finders/plugins/comment.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'Comment'
-      class Comment < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class Comment < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30

        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -18,7 +18,7 @@ module WPScan
          response.html.xpath(config['xpath'] || '//comment()').each do |node|
            comment = node.text.to_s.strip

-            next unless comment =~ config['pattern']
+            next unless comment&.match?(config['pattern'])

            return Model::Plugin.new(
              slug,
--- a/app/finders/plugins/config_parser.rb
+++ b/app/finders/plugins/config_parser.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'ConfigParser'
-      class ConfigParser < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class ConfigParser < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 40

        # @param [ Hash ] opts The options from the #passive, #aggressive methods
--- a/app/finders/plugins/header_pattern.rb
+++ b/app/finders/plugins/header_pattern.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'HeaderPattern'
-      class HeaderPattern < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class HeaderPattern < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30

        # @param [ Hash ] opts
--- a/app/finders/plugins/javascript_var.rb
+++ b/app/finders/plugins/javascript_var.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'JavascriptVar'
-      class JavascriptVar < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class JavascriptVar < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 60

        # @param [ Hash ] opts The options from the #passive, #aggressive methods
--- a/app/finders/plugins/known_locations.rb
+++ b/app/finders/plugins/known_locations.rb
@@ -9,7 +9,7 @@ module WPScan

        # @return [ Array<Integer> ]
        def valid_response_codes
-          @valid_response_codes ||= [200, 401, 403, 301, 500].freeze
+          @valid_response_codes ||= [200, 401, 403, 500].freeze
        end

        # @param [ Hash ] opts
@@ -19,8 +19,14 @@ module WPScan
        def aggressive(opts = {})
          found = []

-          enumerate(target_urls(opts), opts.merge(check_full_response: [200, 401, 403, 500])) do |_res, slug|
-            found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, slug|
+            finding_opts = opts.merge(found_by: found_by,
+                                      confidence: 80,
+                                      interesting_entries: ["#{res.effective_url}, status: #{res.code}"])
+
+            found << Model::Plugin.new(slug, target, finding_opts)
+
+            raise Error::PluginsThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
          end

          found
--- a/app/finders/plugins/query_parameter.rb
+++ b/app/finders/plugins/query_parameter.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'QueryParameter'
-      class QueryParameter < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class QueryParameter < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 10

        def passive(_opts = {})
--- a/app/finders/plugins/urls_in_404_page.rb
+++ b/app/finders/plugins/urls_in_404_page.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Plugins
+      # URLs In 404 Page Finder
+      # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
+      class UrlsIn404Page < UrlsInHomepage
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.error_404_res
+        end
+      end
+    end
+  end
+end
--- a/app/finders/plugins/urls_in_homepage.rb
+++ b/app/finders/plugins/urls_in_homepage.rb
@@ -4,10 +4,9 @@ module WPScan
  module Finders
    module Plugins
      # URLs In Homepage Finder
-      # Typically, the items detected from URLs like
-      # /wp-content/plugins/<slug>/
+      # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
      class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage

        # @param [ Hash ] opts
        #
@@ -21,6 +20,11 @@ module WPScan

          found
        end
+
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.homepage_res
+        end
      end
    end
  end
--- a/app/finders/plugins/xpath.rb
+++ b/app/finders/plugins/xpath.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'Xpath'
-      class Xpath < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class Xpath < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 40

        # @param [ Hash ] opts The options from the #passive, #aggressive methods
--- a/app/finders/theme_version.rb
+++ b/app/finders/theme_version.rb
@@ -16,25 +16,15 @@ module WPScan
            ThemeVersion::Style.new(theme) <<
            ThemeVersion::WooFrameworkMetaGenerator.new(theme)

-          load_specific_finders(theme)
+          create_and_load_dynamic_versions_finders(theme)
        end

-        # Load the finders associated with the theme
+        # Create the dynamic version finders related to the theme and register them
        #
        # @param [ Model::Theme ] theme
-        def load_specific_finders(theme)
-          module_name = theme.classify
-
-          return unless Finders::ThemeVersion.constants.include?(module_name)
-
-          mod = Finders::ThemeVersion.const_get(module_name)
-
-          mod.constants.each do |constant|
-            c = mod.const_get(constant)
-
-            next unless c.is_a?(Class)
-
-            finders << c.new(theme)
+        def create_and_load_dynamic_versions_finders(theme)
+          DB::DynamicFinders::Theme.create_versions_finders(theme.slug).each do |finder|
+            finders << finder.new(theme)
          end
        end
      end
--- a/app/finders/theme_version/style.rb
+++ b/app/finders/theme_version/style.rb
@@ -30,7 +30,7 @@ module WPScan

        # @return [ Version ]
        def style_version
-          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z\.-]+)/i
+          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z.-]+)/i

          Model::Version.new(
            Regexp.last_match[1],
--- a/app/finders/themes.rb
+++ b/app/finders/themes.rb
@@ -1,12 +1,13 @@
 # frozen_string_literal: true

 require_relative 'themes/urls_in_homepage'
+require_relative 'themes/urls_in_404_page'
 require_relative 'themes/known_locations'

 module WPScan
  module Finders
    module Themes
-      # themes Finder
+      # Themes Finder
      class Base
        include CMSScanner::Finders::SameTypeFinder

@@ -14,6 +15,7 @@ module WPScan
        def initialize(target)
          finders <<
            Themes::UrlsInHomepage.new(target) <<
+            Themes::UrlsIn404Page.new(target) <<
            Themes::KnownLocations.new(target)
        end
      end
--- a/app/finders/themes/known_locations.rb
+++ b/app/finders/themes/known_locations.rb
@@ -9,7 +9,7 @@ module WPScan

        # @return [ Array<Integer> ]
        def valid_response_codes
-          @valid_response_codes ||= [200, 401, 403, 301, 500].freeze
+          @valid_response_codes ||= [200, 401, 403, 500].freeze
        end

        # @param [ Hash ] opts
@@ -19,8 +19,14 @@ module WPScan
        def aggressive(opts = {})
          found = []

-          enumerate(target_urls(opts), opts.merge(check_full_response: [200, 401, 403, 500])) do |_res, slug|
-            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, slug|
+            finding_opts = opts.merge(found_by: found_by,
+                                      confidence: 80,
+                                      interesting_entries: ["#{res.effective_url}, status: #{res.code}"])
+
+            found << Model::Theme.new(slug, target, finding_opts)
+
+            raise Error::ThemesThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
          end

          found
--- a/app/finders/themes/urls_in_404_page.rb
+++ b/app/finders/themes/urls_in_404_page.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Themes
+      # URLs In 04 Page Finder
+      class UrlsIn404Page < UrlsInHomepage
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.error_404_res
+        end
+      end
+    end
+  end
+end
--- a/app/finders/themes/urls_in_homepage.rb
+++ b/app/finders/themes/urls_in_homepage.rb
@@ -5,7 +5,7 @@ module WPScan
    module Themes
      # URLs In Homepage Finder
      class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage

        # @param [ Hash ] opts
        #
@@ -19,6 +19,11 @@ module WPScan

          found
        end
+
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.homepage_res
+        end
      end
    end
  end
--- a/app/finders/timthumbs/known_locations.rb
+++ b/app/finders/timthumbs/known_locations.rb
@@ -22,7 +22,7 @@ module WPScan
          found = []

          enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless res.body =~ /no image specified/i
+            next unless /no image specified/i.match?(res.body)

            found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
          end
--- a/app/finders/users.rb
+++ b/app/finders/users.rb
@@ -6,10 +6,21 @@ require_relative 'users/oembed_api'
 require_relative 'users/rss_generator'
 require_relative 'users/author_id_brute_forcing'
 require_relative 'users/login_error_messages'
-require_relative 'users/yoast_seo_author_sitemap.rb'
+require_relative 'users/author_sitemap'
+require_relative 'users/yoast_seo_author_sitemap'

 module WPScan
  module Finders
+    # Specific Finders container to filter the usernames found
+    # and remove the ones matching ParsedCli.exclude_username if supplied
+    class UsersFinders < SameTypeFinders
+      def filter_findings
+        findings.delete_if { |user| ParsedCli.exclude_usernames.match?(user.username) } if ParsedCli.exclude_usernames
+
+        findings
+      end
+    end
+
    module Users
      # Users Finder
      class Base
@@ -22,10 +33,15 @@ module WPScan
            Users::WpJsonApi.new(target) <<
            Users::OembedApi.new(target) <<
            Users::RSSGenerator.new(target) <<
+            Users::AuthorSitemap.new(target) <<
            Users::YoastSeoAuthorSitemap.new(target) <<
            Users::AuthorIdBruteForcing.new(target) <<
            Users::LoginErrorMessages.new(target)
        end
+
+        def finders
+          @finders ||= Finders::UsersFinders.new
+        end
      end
    end
  end
--- a/app/finders/users/author_id_brute_forcing.rb
+++ b/app/finders/users/author_id_brute_forcing.rb
@@ -7,6 +7,11 @@ module WPScan
      class AuthorIdBruteForcing < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator

+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [200, 301, 302]
+        end
+
        # @param [ Hash ] opts
        # @option opts [ Range ] :range Mandatory
        #
@@ -15,7 +20,7 @@ module WPScan
          found = []
          found_by_msg = 'Author Id Brute Forcing - %s (Aggressive Detection)'

-          enumerate(target_urls(opts), opts) do |res, id|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, id|
            username, found_by, confidence = potential_username(res)

            next unless username
@@ -49,7 +54,7 @@ module WPScan
          super(opts.merge(title: ' Brute Forcing Author IDs -'))
        end

-        def request_params
+        def full_request_params
          { followlocation: true }
        end

@@ -66,11 +71,13 @@ module WPScan
          return username, 'Display Name', 50 if username
        end

-        # @param [ String ] url
+        # @param [ String, Addressable::URI ] uri
        #
        # @return [ String, nil ]
-        def username_from_author_url(url)
-          url[%r{/author/([^/\b]+)/?}i, 1]
+        def username_from_author_url(uri)
+          uri = Addressable::URI.parse(uri) unless uri.is_a?(Addressable::URI)
+
+          uri.path[%r{/author/([^/\b]+)/?}i, 1]
        end

        # @param [ Typhoeus::Response ] res
@@ -78,12 +85,12 @@ module WPScan
        # @return [ String, nil ] The username found
        def username_from_response(res)
          # Permalink enabled
-          target.in_scope_urls(res, '//link/@href|//a/@href') do |url|
-            username = username_from_author_url(url)
+          target.in_scope_uris(res, '//@href[contains(., "author/")]') do |uri|
+            username = username_from_author_url(uri)
            return username if username
          end

-          # No permalink
+          # No permalink, TODO Maybe use xpath to extract the classes ?
          res.body[/<body class="archive author author-([^\s]+)[ "]/i, 1]
        end

@@ -92,9 +99,12 @@ module WPScan
        # @return [ String, nil ]
        def display_name_from_body(body)
          page = Nokogiri::HTML.parse(body)
+
          # WP >= 3.0
          page.css('h1.page-title span').each do |node|
-            return node.text.to_s
+            text = node.text.to_s.strip
+
+            return text unless text.empty?
          end

          # WP < 3.0
--- a/app/finders/users/author_posts.rb
+++ b/app/finders/users/author_posts.rb
@@ -45,12 +45,10 @@ module WPScan
        def potential_usernames(res)
          usernames = []

-          target.in_scope_urls(res, '//a/@href') do |url, node|
-            uri = Addressable::URI.parse(url)
-
+          target.in_scope_uris(res, '//a/@href[contains(., "author")]') do |uri, node|
            if uri.path =~ %r{/author/([^/\b]+)/?\z}i
              usernames << [Regexp.last_match[1], 'Author Pattern', 100]
-            elsif uri.query =~ /author=[0-9]+/
+            elsif /author=[0-9]+/.match?(uri.query)
              usernames << [node.text.to_s.strip, 'Display Name', 30]
            end
          end
--- a/app/finders/users/author_sitemap.rb
+++ b/app/finders/users/author_sitemap.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Users
+      # Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains
+      # the usernames of accounts who made a post
+      class AuthorSitemap < CMSScanner::Finders::Finder
+        # @param [ Hash ] opts
+        #
+        # @return [ Array<User> ]
+        def aggressive(_opts = {})
+          found = []
+
+          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
+            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
+
+            next unless username && !username.strip.empty?
+
+            found << Model::User.new(username,
+                                     found_by: found_by,
+                                     confidence: 100,
+                                     interesting_entries: [sitemap_url])
+          end
+
+          found
+        end
+
+        # @return [ String ] The URL of the sitemap
+        def sitemap_url
+          @sitemap_url ||= target.url('wp-sitemap-users-1.xml')
+        end
+      end
+    end
+  end
+end
--- a/app/finders/users/login_error_messages.rb
+++ b/app/finders/users/login_error_messages.rb
@@ -24,7 +24,7 @@ module WPScan

            return found if error.empty? # Protection plugin / error disabled

-            next unless error =~ /The password you entered for the username|Incorrect Password/i
+            next unless /The password you entered for the username|Incorrect Password/i.match?(error)

            found << Model::User.new(username, found_by: found_by, confidence: 100)
          end
@@ -37,7 +37,7 @@ module WPScan
          # usernames from the potential Users found
          unames = opts[:found].map(&:username)

-          [*opts[:list]].each { |uname| unames << uname.chomp }
+          Array(opts[:list]).each { |uname| unames << uname.chomp }

          unames.uniq
        end
--- a/app/finders/users/oembed_api.rb
+++ b/app/finders/users/oembed_api.rb
@@ -34,6 +34,8 @@ module WPScan
        def user_details_from_oembed_data(oembed_data)
          return unless oembed_data

+          oembed_data = oembed_data.first if oembed_data.is_a?(Array)
+
          if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
            details = [Regexp.last_match[1], 'Author URL', 90]
          elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?
--- a/app/finders/users/rss_generator.rb
+++ b/app/finders/users/rss_generator.rb
@@ -6,14 +6,14 @@ module WPScan
      # Users disclosed from the dc:creator field in the RSS
      # The names disclosed are display names, however depending on the configuration of the blog,
      # they can be the same than usernames
-      class RSSGenerator < WPScan::Finders::WpVersion::RSSGenerator
+      class RSSGenerator < Finders::WpVersion::RSSGenerator
        def process_urls(urls, _opts = {})
          found = []

          urls.each do |url|
            res = Browser.get_and_follow_location(url)

-            next unless res.code == 200 && res.body =~ /<dc\:creator>/i
+            next unless res.code == 200 && res.body =~ /<dc:creator>/i

            potential_usernames = []

--- a/app/finders/users/wp_json_api.rb
+++ b/app/finders/users/wp_json_api.rb
@@ -21,7 +21,7 @@ module WPScan
          loop do
            current_page += 1

-            res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
+            res = Browser.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })

            total_pages ||= res.headers['X-WP-TotalPages'].to_i

@@ -57,9 +57,7 @@ module WPScan
        def api_url
          return @api_url if @api_url

-          target.in_scope_urls(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |url, _tag|
-            uri = Addressable::URI.parse(url.strip)
-
+          target.in_scope_uris(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |uri|
            return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
          end

--- a/app/finders/users/yoast_seo_author_sitemap.rb
+++ b/app/finders/users/yoast_seo_author_sitemap.rb
@@ -5,27 +5,7 @@ module WPScan
    module Users
      # The YOAST SEO plugin has an author-sitemap.xml which can leak usernames
      # See https://github.com/wpscanteam/wpscan/issues/1228
-      class YoastSeoAuthorSitemap < CMSScanner::Finders::Finder
-        # @param [ Hash ] opts
-        #
-        # @return [ Array<User> ]
-        def aggressive(_opts = {})
-          found = []
-
-          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
-            username = user_tag.text.to_s[%r{/author/([^\/]+)/}, 1]
-
-            next unless username && !username.strip.empty?
-
-            found << Model::User.new(username,
-                                     found_by: found_by,
-                                     confidence: 100,
-                                     interesting_entries: [sitemap_url])
-          end
-
-          found
-        end
-
+      class YoastSeoAuthorSitemap < AuthorSitemap
        # @return [ String ] The URL of the author-sitemap
        def sitemap_url
          @sitemap_url ||= target.url('author-sitemap.xml')
--- a/app/finders/wp_items.rb
+++ b/app/finders/wp_items.rb
@@ -1,3 +1,3 @@
 # frozen_string_literal: true

-require_relative 'wp_items/urls_in_homepage'
+require_relative 'wp_items/urls_in_page'
--- a/app/finders/wp_items/urls_in_homepage.rb
+++ b/app/finders/wp_items/urls_in_homepage.rb
@@ -4,18 +4,24 @@ module WPScan
  module Finders
    module WpItems
      # URLs In Homepage Module to use in plugins & themes finders
-      module URLsInHomepage
+      module UrlsInPage
        # @param [ String ] type plugins / themes
        # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
        #
-        # @return [Array<String> ] The plugins/themes detected in the href, src attributes of the homepage
-        def items_from_links(type, uniq = true)
+        # @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page
+        def items_from_links(type, uniq: true)
          found = []
+          xpath = format(
+            '(//@href|//@src|//@data-src)[contains(., "%s")]',
+            type == 'plugins' ? target.plugins_dir : target.content_dir
+          )

-          target.in_scope_urls(target.homepage_res) do |url|
-            next unless url =~ item_attribute_pattern(type)
+          target.in_scope_uris(page_res, xpath) do |uri|
+            next unless uri.to_s =~ item_attribute_pattern(type)

-            found << Regexp.last_match[1]
+            slug = Regexp.last_match[1]&.strip
+
+            found << slug unless slug&.empty?
          end

          uniq ? found.uniq.sort : found.sort
@@ -25,10 +31,10 @@ module WPScan
        # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
        #
        # @return [Array<String> ] The plugins/themes detected in the javascript/style of the homepage
-        def items_from_codes(type, uniq = true)
+        def items_from_codes(type, uniq: true)
          found = []

-          target.homepage_res.html.css('script,style').each do |tag|
+          page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
            code = tag.text.to_s
            next if code.empty?

@@ -42,14 +48,14 @@ module WPScan
        #
        # @return [ Regexp ]
        def item_attribute_pattern(type)
-          @item_attribute_pattern ||= %r{\A#{item_url_pattern(type)}([^/]+)/}i
+          @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i
        end

        # @param [ String ] type
        #
        # @return [ Regexp ]
        def item_code_pattern(type)
-          @item_code_pattern ||= %r{["'\( ]#{item_url_pattern(type)}([^\\\/\)"']+)}i
+          @item_code_pattern ||= %r{["'( ]#{item_url_pattern(type)}([^\\/)"']+)}i
        end

        # @param [ String ] type
@@ -59,10 +65,10 @@ module WPScan
          item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir
          item_url = type == 'plugins' ? target.plugins_url : target.content_url

-          url = /#{item_url.gsub(/\A(?:http|https)/i, 'https?').gsub('/', '\\\\\?\/')}/i
-          item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
+          url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
+          item_dir = %r{(?:#{url}|\\?/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i

-          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i
+          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?/}i
        end
      end
    end
--- a/app/finders/wp_version.rb
+++ b/app/finders/wp_version.rb
@@ -10,7 +10,7 @@ module WPScan
  module Finders
    # Specific Finders container to filter the version detected
    # and remove the one with low confidence to avoid false
-    # positive when there is not enought information to accurately
+    # positive when there is not enough information to accurately
    # determine it.
    class WpVersionFinders < UniqueFinders
      def filter_findings
@@ -28,7 +28,7 @@ module WPScan
        # @param [ WPScan::Target ] target
        def initialize(target)
          (%w[RSSGenerator AtomGenerator RDFGenerator] +
-           WPScan::DB::DynamicFinders::Wordpress.versions_finders_configs.keys +
+           DB::DynamicFinders::Wordpress.versions_finders_configs.keys +
           %w[Readme UniqueFingerprinting]
          ).each do |finder_name|
            finders << WpVersion.const_get(finder_name.to_sym).new(target)
--- a/app/finders/wp_version/rdf_generator.rb
+++ b/app/finders/wp_version/rdf_generator.rb
@@ -28,7 +28,7 @@ module WPScan
        end

        def passive_urls_xpath
-          '//a[contains(@href, "rdf")]/@href'
+          '//a[contains(@href, "/rdf")]/@href'
        end

        def aggressive_urls(_opts = {})
--- a/app/models/interesting_finding.rb
+++ b/app/models/interesting_finding.rb
@@ -7,46 +7,144 @@ module WPScan
      include References
    end

-    #
-    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
-    #
    class BackupDB < InterestingFinding
+      def to_s
+        @to_s ||= "A backup directory has been found: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://github.com/wpscanteam/wpscan/issues/422'] }
+      end
    end

    class DebugLog < InterestingFinding
+      def to_s
+        @to_s ||= "Debug Log found: #{url}"
+      end
+
+      # @ return [ Hash ]
+      def references
+        @references ||= { url: ['https://codex.wordpress.org/Debugging_in_WordPress'] }
+      end
    end

    class DuplicatorInstallerLog < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.exploit-db.com/ghdb/3981/'] }
+      end
    end

    class EmergencyPwdResetScript < InterestingFinding
+      def references
+        @references ||= {
+          url: ['https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script']
+        }
+      end
    end

    class FullPathDisclosure < InterestingFinding
+      def to_s
+        @to_s ||= "Full Path Disclosure found: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.owasp.org/index.php/Full_Path_Disclosure'] }
+      end
    end

    class MuPlugins < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "This site has 'Must Use Plugins': #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Must_Use_Plugins'] }
+      end
    end

    class Multisite < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'This site seems to be a multisite'
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Glossary#Multisite'] }
+      end
    end

    class Readme < InterestingFinding
+      def to_s
+        @to_s ||= "WordPress readme found: #{url}"
+      end
    end

    class Registration < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Registration is enabled: #{url}"
+      end
    end

    class TmmDbMigrate < InterestingFinding
+      def to_s
+        @to_s ||= "ThemeMakers migration file found: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { packetstorm: [131_957] }
+      end
    end

    class UploadDirectoryListing < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Upload directory has listing enabled: #{url}"
+      end
    end

    class UploadSQLDump < InterestingFinding
+      def to_s
+        @to_s ||= "SQL Dump found: #{url}"
+      end
    end

    class WPCron < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "The external WP-Cron seems to be enabled: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= {
+          url: [
+            'https://www.iplocation.net/defend-wordpress-from-ddos',
+            'https://github.com/wpscanteam/wpscan/issues/1299'
+          ]
+        }
+      end
+    end
+
+    class PHPDisabled < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'PHP seems to be disabled'
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= {
+          url: ['https://github.com/wpscanteam/wpscan/issues/1593']
+        }
+      end
    end
  end
 end
--- a/app/models/plugin.rb
+++ b/app/models/plugin.rb
@@ -15,9 +15,16 @@ module WPScan
        @uri = Addressable::URI.parse(blog.url(path_from_blog))
      end

-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
+      def metadata
+        @metadata ||= db_data.empty? ? DB::Plugin.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
      def db_data
-        @db_data ||= DB::Plugin.db_data(slug)
+        @db_data ||= DB::VulnApi.plugin_data(slug)
      end

      # @param [ Hash ] opts
@@ -28,6 +35,11 @@ module WPScan

        @version
      end
+
+      # @return [ Array<String> ]
+      def potential_readme_filenames
+        @potential_readme_filenames ||= Array((DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super))
+      end
    end
  end
 end
--- a/app/models/theme.rb
+++ b/app/models/theme.rb
@@ -21,9 +21,16 @@ module WPScan
        parse_style
      end

+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
      # @return [ JSON ]
+      def metadata
+        @metadata ||= db_data.empty? ? DB::Theme.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
      def db_data
-        @db_data ||= DB::Theme.db_data(slug)
+        @db_data ||= DB::VulnApi.theme_data(slug)
      end

      # @param [ Hash ] opts
@@ -38,7 +45,7 @@ module WPScan
      # @return [ Theme ]
      def parent_theme
        return unless template
-        return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
+        return unless style_body =~ /^@import\surl\(["']?([^"')]+)["']?\);\s*$/i

        opts = detection_opts.merge(
          style_url: url(Regexp.last_match[1]),
@@ -94,7 +101,7 @@ module WPScan
      #
      # @return [ String ]
      def parse_style_tag(body, tag)
-        value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
+        value = body[/\b#{Regexp.escape(tag)}:[\t ]*([^\r\n*]+)/, 1]

        value && !value.strip.empty? ? value.strip : nil
      end
--- a/app/models/timthumb.rb
+++ b/app/models/timthumb.rb
@@ -30,7 +30,7 @@ module WPScan
      def vulnerabilities
        vulns = []

-        vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
+        vulns << rce_webshot_vuln if version == false || (version > '1.35' && version < '2.8.14' && webshot_enabled?)
        vulns << rce_132_vuln if version == false || version < '1.33'

        vulns
@@ -40,9 +40,9 @@ module WPScan
      def rce_132_vuln
        Vulnerability.new(
          'Timthumb <= 1.32 Remote Code Execution',
-          { exploitdb: ['17602'] },
-          'RCE',
-          '1.33'
+          references: { exploitdb: ['17602'] },
+          type: 'RCE',
+          fixed_in: '1.33'
        )
      end

@@ -50,12 +50,12 @@ module WPScan
      def rce_webshot_vuln
        Vulnerability.new(
          'Timthumb <= 2.8.13 WebShot Remote Code Execution',
-          {
+          references: {
            url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
            cve: '2014-4663'
          },
-          'RCE',
-          '2.8.14'
+          type: 'RCE',
+          fixed_in: '2.8.14'
        )
      end

@@ -63,7 +63,7 @@ module WPScan
      def webshot_enabled?
        res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })

-        res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
+        !/WEBSHOT_ENABLED == true/.match?(res.body)
      end

      # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -9,11 +9,12 @@ module WPScan
      include CMSScanner::Target::Platform::PHP
      include CMSScanner::Target::Server::Generic

+      # Most common readme filenames, based on checking all public plugins and themes.
      READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze

      attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data

-      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, :head_or_get_params, to: :blog
+      delegate :homepage_res, :error_404_res, :xpath_pattern_from_page, :in_scope_uris, :head_or_get_params, to: :blog

      # @param [ String ] slug The plugin/theme slug
      # @param [ Target ] blog The targeted blog
@@ -22,7 +23,7 @@ module WPScan
      # @option opts [ Hash ]   :version_detection The options to use when looking for the version
      # @option opts [ String ] :url The URL of the item
      def initialize(slug, blog, opts = {})
-        @slug  = URI.decode(slug)
+        @slug  = Addressable::URI.unencode(slug)
        @blog  = blog
        @uri   = Addressable::URI.parse(opts[:url]) if opts[:url]

@@ -38,7 +39,7 @@ module WPScan

        @vulnerabilities = []

-        [*db_data['vulnerabilities']].each do |json_vuln|
+        Array(db_data['vulnerabilities']).each do |json_vuln|
          vulnerability = Vulnerability.load_from_json(json_vuln)
          @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
        end
@@ -52,25 +53,27 @@ module WPScan
      #
      # @return [ Boolean ]
      def vulnerable_to?(vuln)
-        return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
+        return false if version && vuln&.introduced_in && version < vuln.introduced_in
+
+        return true unless version && vuln&.fixed_in && !vuln.fixed_in.empty?

        version < vuln.fixed_in
      end

      # @return [ String ]
      def latest_version
-        @latest_version ||= db_data['latest_version'] ? Model::Version.new(db_data['latest_version']) : nil
+        @latest_version ||= metadata['latest_version'] ? Model::Version.new(metadata['latest_version']) : nil
      end

      # Not used anywhere ATM
      # @return [ Boolean ]
      def popular?
-        @popular ||= db_data['popular']
+        @popular ||= metadata['popular'] ? true : false
      end

      # @return [ String ]
      def last_updated
-        @last_updated ||= db_data['last_updated']
+        @last_updated ||= metadata['last_updated']
      end

      # @return [ Boolean ]
@@ -82,11 +85,6 @@ module WPScan
                      end
      end

-      # URI.encode is preferered over Addressable::URI.encode as it will encode
-      # leading # character:
-      # URI.encode('#t#') => %23t%23
-      # Addressable::URI.encode('#t#') => #t%23
-      #
      # @param [ String ] path Optional path to merge with the uri
      #
      # @return [ String ]
@@ -94,7 +92,7 @@ module WPScan
        return unless @uri
        return @uri.to_s unless path

-        @uri.join(URI.encode(path)).to_s
+        @uri.join(Addressable::URI.encode(path)).to_s
      end

      # @return [ Boolean ]
@@ -117,7 +115,7 @@ module WPScan

        return @readme_url unless @readme_url.nil?

-        READMES.each do |path|
+        potential_readme_filenames.each do |path|
          t_url = url(path)

          return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
@@ -126,6 +124,10 @@ module WPScan
        @readme_url = false
      end

+      def potential_readme_filenames
+        @potential_readme_filenames ||= READMES
+      end
+
      # @param [ String ] path
      # @param [ Hash ] params The request params
      #
@@ -160,8 +162,8 @@ module WPScan
      #
      # @return [ Typhoeus::Response ]
      def head_and_get(path, codes = [200], params = {})
-        final_path = +@path_from_blog
-        final_path << URI.encode(path) unless path.nil?
+        final_path = @path_from_blog.dup # @path_from_blog is set in the plugin/theme
+        final_path << path unless path.nil?

        blog.head_and_get(final_path, codes, params)
      end
--- a/app/models/wp_version.rb
+++ b/app/models/wp_version.rb
@@ -35,9 +35,16 @@ module WPScan
        @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
      end

-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
+      def metadata
+        @metadata ||= db_data.empty? ? DB::Version.metadata_at(number) : db_data
+      end
+
+      # @return [ Hash ]
      def db_data
-        @db_data ||= DB::Version.db_data(number)
+        @db_data ||= DB::VulnApi.wordpress_data(number)
      end

      # @return [ Array<Vulnerability> ]
@@ -46,7 +53,7 @@ module WPScan

        @vulnerabilities = []

-        [*db_data['vulnerabilities']].each do |json_vuln|
+        Array(db_data['vulnerabilities']).each do |json_vuln|
          @vulnerabilities << Vulnerability.load_from_json(json_vuln)
        end

@@ -55,12 +62,12 @@ module WPScan

      # @return [ String ]
      def release_date
-        @release_date ||= db_data['release_date'] || 'Unknown'
+        @release_date ||= metadata['release_date'] || 'Unknown'
      end

      # @return [ String ]
      def status
-        @status ||= db_data['status'] || 'Unknown'
+        @status ||= metadata['status'] || 'Unknown'
      end
    end
  end
--- a/app/models/xml_rpc.rb
+++ b/app/models/xml_rpc.rb
@@ -8,7 +8,7 @@ module WPScan

      # @return [ Hash ]
      def references
-        {
+        @references ||= {
          url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
          metasploit: [
            'auxiliary/scanner/http/wordpress_ghost_scanner',
--- a/app/views/cli/core/banner.erb
+++ b/app/views/cli/core/banner.erb
@@ -1,14 +1,14 @@
 _______________________________________________________________
-        __          _______   _____
-        \ \        / /  __ \ / ____|
-         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
-          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
-           \  /\  /  | |     ____) | (__| (_| | | | |
-            \/  \/   |_|    |_____/ \___|\__,_|_| |_|
+         __          _______   _____
+         \ \        / /  __ \ / ____|
+          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
+           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+            \  /\  /  | |     ____) | (__| (_| | | | |
+             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

-        WordPress Security Scanner by the WPScan Team
-                       Version <%= WPScan::VERSION %>
-          Sponsored by Sucuri - https://sucuri.net
-      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
+         WordPress Security Scanner by the WPScan Team
+                         Version <%= WPScan::VERSION %>
+<%= ' ' * ((63 - WPScan::DB::Sponsor.text.length)/2) + WPScan::DB::Sponsor.text %>
+       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
 _______________________________________________________________

--- a/app/views/cli/enumeration/config_backups.erb
+++ b/app/views/cli/enumeration/config_backups.erb
@@ -5,7 +5,7 @@
 <%= notice_icon %> Config Backup(s) Identified:
 <% @config_backups.each do |config_backup| -%>

-<%= info_icon %> <%= config_backup %>
+<%= critical_icon %> <%= config_backup %>
 <%= render('@finding', item: config_backup) -%>
 <% end -%>
 <% end %>
--- a/app/views/cli/enumeration/db_exports.erb
+++ b/app/views/cli/enumeration/db_exports.erb
@@ -5,7 +5,7 @@
 <%= notice_icon %> Db Export(s) Identified:
 <% @db_exports.each do |db_export| -%>

-<%= info_icon %> <%= db_export %>
+<%= critical_icon %> <%= db_export %>
 <%= render('@finding', item: db_export) -%>
 <% end -%>
 <% end %>
--- a/app/views/cli/finding.erb
+++ b/app/views/cli/finding.erb
@@ -1,4 +1,4 @@
- | Detected By: <%= @item.found_by %>
+ | Found By: <%= @item.found_by %>
 <% @item.interesting_entries.each do |entry| -%>
 |  - <%= entry %>
 <% end -%>
--- a/app/views/cli/password_attack/users.erb
+++ b/app/views/cli/password_attack/users.erb
@@ -2,7 +2,7 @@
 <% if @users.empty? -%>
 <%= notice_icon %> No Valid Passwords Found.
 <% else -%>
-<%= notice_icon %> Valid Combinations Found:
+<%= critical_icon %> Valid Combinations Found:
 <% @users.each do |user| -%>
 | Username: <%= user.username %>, Password: <%= user.password %>
 <% end -%>
--- a/app/views/cli/vuln_api/status.erb
+++ b/app/views/cli/vuln_api/status.erb
@@ -0,0 +1,13 @@
+<% unless @status.empty? -%>
+<% if @status['http_error'] -%>
+<%= critical_icon %> WPScan DB API, <%= @status['http_error'].to_s %>
+<% else -%>
+<%= info_icon %> WPScan DB API OK
+ | Plan: <%= @status['plan'] %>
+ | Requests Done (during the scan): <%= @api_requests %>
+ | Requests Remaining: <%= @status['requests_remaining'] %>
+<% end -%>
+<% else -%>
+<%= warning_icon %> No WPScan API Token given, as a result vulnerability data has not been output.
+<%= warning_icon %> You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
+<% end -%>
--- a/app/views/cli/vulnerability.erb
+++ b/app/views/cli/vulnerability.erb
@@ -1,4 +1,7 @@
 | <%= critical_icon %> Title: <%= @v.title %>
+<% if @v.cvss -%>
+ |     CVSS: <%= @v.cvss[:score] %> (<%= @v.cvss[:vector] %>)
+<% end -%>
 <% if @v.fixed_in -%>
 |     Fixed in: <%= @v.fixed_in %>
 <% end -%>
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .6.2
 .0.2