Bumps version

Update rspec requirement from ~> 3.8.0 to ~> 3.9.0

.rubocop.yml

@@ -4,12 +4,6 @@ AllCops:
   Exclude:
   - '*.gemspec'
   - 'vendor/**/*'
-ClassVars:
-  Enabled: false
-LineLength:
-  Max: 120
-MethodLength:
-  Max: 20
 Lint/UriEscapeUnescape:
   Enabled: false
 Metrics/AbcSize:
@@ -19,9 +13,22 @@ Metrics/BlockLength:
   - 'spec/**/*'
 Metrics/ClassLength:
   Max: 150
+  Exclude:
+  - 'app/controllers/enumeration/cli_options.rb'
 Metrics/CyclomaticComplexity:
   Max: 8
+Metrics/LineLength:
+  Max: 120
+Metrics/MethodLength:
+  Max: 20
+  Exclude:
+  - 'app/controllers/enumeration/cli_options.rb'
+Style/ClassVars:
+  Enabled: false
 Style/Documentation:
   Enabled: false
 Style/FormatStringToken:
   Enabled: false
+Style/NumericPredicate:
+  Exclude:
+  - 'app/controllers/vuln_api.rb'

Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.6.2-alpine3.9 AS builder
+FROM ruby:2.6.3-alpine AS builder
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 
 ARG BUNDLER_ARGS="--jobs=8 --without test development"
@@ -19,7 +19,7 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle
 
 
-FROM ruby:2.6.2-alpine3.9
+FROM ruby:2.6.3-alpine
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 
 RUN adduser -h /wpscan -g WPScan -D wpscan

README.md

@@ -17,7 +17,6 @@
   <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
   <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
   <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
-  <a href="https://www.patreon.com/wpscan" target="_blank"><img src="https://img.shields.io/badge/patreon-donate-green.svg"></a>
 </p>
 
 # INSTALL
@@ -78,41 +77,60 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
 
 # Usage
 
-```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
+```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
+
+If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
 As a result, when using the ```--enumerate``` option, don't forget to set the ```--plugins-detection``` accordingly, as its default is 'passive'.
 
 For more options, open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)
 
 The DB is located at ~/.wpscan/db
 
+## Vulnerability Database
+
+The WPScan CLI tool uses the [WPVulnDB API](https://wpvulndb.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPVulnDB](https://wpvulndb.com/users/sign_up). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPVulnDB](https://wpvulndb.com/).
+
+## Load CLI options from file/s
+
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
 
-- ~/.wpscan/cli_options.json
-- ~/.wpscan/cli_options.yml
-- pwd/.wpscan/cli_options.json
-- pwd/.wpscan/cli_options.yml
+- ~/.wpscan/scan.json
+- ~/.wpscan/scan.yml
+- pwd/.wpscan/scan.json
+- pwd/.wpscan/scan.yml
 
-If those files exist, options from them will be loaded and overridden if found twice.
+If those files exist, options from the `cli_options` key will be loaded and overridden if found twice.
 
 e.g:
 
-~/.wpscan/cli_options.yml:
+~/.wpscan/scan.yml:
 
 ```yml
-proxy: 'http://127.0.0.1:8080'
-verbose: true
+cli_options:
+  proxy: 'http://127.0.0.1:8080'
+  verbose: true
 ```
 
-pwd/.wpscan/cli_options.yml:
+pwd/.wpscan/scan.yml:
 
 ```yml
-proxy: 'socks5://127.0.0.1:9090'
-url: 'http://target.tld'
+cli_options:
+  proxy: 'socks5://127.0.0.1:9090'
+  url: 'http://target.tld'
 ```
 
 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
 
-Enumerating usernames
+## Save API Token in a file
+
+The feature mentioned above is useful to keep the API Token in a config file and not have to supply it via the CLI each time. To do so, create the ~/.wpscan/scan.yml file containing the below:
+
+```yml
+cli_options:
+  api_token: YOUR_API_TOKEN
+```
+
+## Enumerating usernames
 
 ```shell
 wpscan --url https://target.tld/ --enumerate u

app/controllers.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'controllers/core'
+require_relative 'controllers/vuln_api'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
 require_relative 'controllers/main_theme'

app/controllers/custom_directories.rb

@@ -18,7 +18,7 @@ module WPScan
         target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
         target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir
 
-        return if target.content_dir(ParsedCli.detection_mode)
+        return if target.content_dir
 
         raise Error::WpContentDirNotDetected
       end

app/controllers/enumeration.rb

@@ -7,15 +7,6 @@ module WPScan
   module Controller
     # Enumeration Controller
     class Enumeration < CMSScanner::Controller::Base
-      def before_scan
-        DB::DynamicFinders::Plugin.create_versions_finders
-        DB::DynamicFinders::Theme.create_versions_finders
-
-        # Force the Garbage Collector to run due to the above method being
-        # quite heavy in objects allocation
-        GC.start
-      end
-
       def run
         enum = ParsedCli.enumerate || {}
 

app/controllers/enumeration/cli_options.rb

@@ -11,7 +11,6 @@ module WPScan
       end
 
       # @return [ Array<OptParseValidator::OptBase> ]
-      # rubocop:disable Metrics/MethodLength
       def cli_enum_choices
         [
           OptMultiChoices.new(
@@ -19,10 +18,10 @@ module WPScan
             choices: {
               vp: OptBoolean.new(['--vulnerable-plugins']),
               ap: OptBoolean.new(['--all-plugins']),
-              p: OptBoolean.new(['--plugins']),
+              p: OptBoolean.new(['--popular-plugins']),
               vt: OptBoolean.new(['--vulnerable-themes']),
               at: OptBoolean.new(['--all-themes']),
-              t: OptBoolean.new(['--themes']),
+              t: OptBoolean.new(['--popular-themes']),
               tt: OptBoolean.new(['--timthumbs']),
               cb: OptBoolean.new(['--config-backups']),
               dbe: OptBoolean.new(['--db-exports']),
@@ -45,7 +44,6 @@ module WPScan
           )
         ]
       end
-      # rubocop:enable Metrics/MethodLength
 
       # @return [ Array<OptParseValidator::OptBase> ]
       def cli_plugins_opts
@@ -67,6 +65,11 @@ module WPScan
              'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
              'or --plugins-detection modes.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
+          ),
+          OptInteger.new(
+            ['--plugins-threshold THRESHOLD',
+             'Raise an error when the number of detected plugins via known locations reaches the threshold. ' \
+             'Set to 0 to ignore the threshold.'], default: 100, advanced: true
           )
         ]
       end
@@ -91,6 +94,11 @@ module WPScan
              'Use the supplied mode to check themes versions instead of the --detection-mode ' \
              'or --themes-detection modes.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          ),
+          OptInteger.new(
+            ['--themes-threshold THRESHOLD',
+             'Raise an error when the number of detected themes via known locations reaches the threshold. ' \
+             'Set to 0 to ignore the threshold.'], default: 20, advanced: true
           )
         ]
       end

app/controllers/enumeration/enum_methods.rb

@@ -56,12 +56,13 @@ module WPScan
       #
       # @return [ Boolean ] Wether or not to enumerate the plugins
       def enum_plugins?(opts)
-        opts[:plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
+        opts[:popular_plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
       end
 
       def enum_plugins
         opts = default_opts('plugins').merge(
           list: plugins_list_from_opts(ParsedCli.options),
+          threshold: ParsedCli.plugins_threshold,
           sort: true
         )
 
@@ -91,7 +92,7 @@ module WPScan
 
         if opts[:enumerate][:all_plugins]
           DB::Plugins.all_slugs
-        elsif opts[:enumerate][:plugins]
+        elsif opts[:enumerate][:popular_plugins]
           DB::Plugins.popular_slugs
         else
           DB::Plugins.vulnerable_slugs
@@ -102,12 +103,13 @@ module WPScan
       #
       # @return [ Boolean ] Wether or not to enumerate the themes
       def enum_themes?(opts)
-        opts[:themes] || opts[:all_themes] || opts[:vulnerable_themes]
+        opts[:popular_themes] || opts[:all_themes] || opts[:vulnerable_themes]
       end
 
       def enum_themes
         opts = default_opts('themes').merge(
           list: themes_list_from_opts(ParsedCli.options),
+          threshold: ParsedCli.themes_threshold,
           sort: true
         )
 
@@ -137,7 +139,7 @@ module WPScan
 
         if opts[:enumerate][:all_themes]
           DB::Themes.all_slugs
-        elsif opts[:enumerate][:themes]
+        elsif opts[:enumerate][:popular_themes]
           DB::Themes.popular_slugs
         else
           DB::Themes.vulnerable_slugs

app/controllers/vuln_api.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Controller
+    # Controller to handle the API token
+    class VulnApi < CMSScanner::Controller::Base
+      def cli_options
+        [
+          OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
+        ]
+      end
+
+      def before_scan
+        return unless ParsedCli.api_token
+
+        DB::VulnApi.token = ParsedCli.api_token
+
+        api_status = DB::VulnApi.status
+
+        raise Error::InvalidApiToken if api_status['error']
+        raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
+        raise api_status['http_error'] if api_status['http_error']
+      end
+
+      def after_scan
+        output('status', status: DB::VulnApi.status, api_requests: WPScan.api_requests)
+      end
+    end
+  end
+end

app/finders/db_exports/known_locations.rb

@@ -20,9 +20,9 @@ module WPScan
 
           enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
             if res.effective_url.end_with?('.zip')
-              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+              next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
             else
-              next unless res.body =~ SQL_PATTERN
+              next unless SQL_PATTERN.match?(res.body)
             end
 
             found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)

app/finders/interesting_findings/duplicator_installer_log.rb

@@ -9,7 +9,7 @@ module WPScan
         def aggressive(_opts = {})
           path = 'installer-log.txt'
 
-          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
+          return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
 
           Model::DuplicatorInstallerLog.new(
             target.url(path),

app/finders/interesting_findings/mu_plugins.rb

@@ -10,7 +10,7 @@ module WPScan
           pattern = %r{#{target.content_dir}/mu\-plugins/}i
 
           target.in_scope_uris(target.homepage_res) do |uri|
-            next unless uri.path =~ pattern
+            next unless uri.path&.match?(pattern)
 
             url = target.url('wp-content/mu-plugins/')
 

app/finders/interesting_findings/upload_sql_dump.rb

@@ -12,7 +12,7 @@ module WPScan
           path = 'wp-content/uploads/dump.sql'
           res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
 
-          return unless res.body =~ SQL_PATTERN
+          return unless SQL_PATTERN.match?(res.body)
 
           Model::UploadSQLDump.new(
             target.url(path),

app/finders/passwords/wp_login.rb

@@ -13,7 +13,7 @@ module WPScan
 
         def valid_credentials?(response)
           response.code == 302 &&
-            response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
+            [*response.headers['Set-Cookie']]&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
         end
 
         def errored_response?(response)

app/finders/passwords/xml_rpc.rb

@@ -8,7 +8,7 @@ module WPScan
         include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
 
         def login_request(username, password)
-          target.method_call('wp.getUsersBlogs', [username, password])
+          target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
         end
 
         def valid_credentials?(response)

app/finders/passwords/xml_rpc_multicall.rb

@@ -19,7 +19,7 @@ module WPScan
             end
           end
 
-          target.multi_call(methods).run
+          target.multi_call(methods, cache_ttl: 0).run
         end
 
         # @param [ Array<Model::User> ] users

app/finders/plugin_version.rb

@@ -13,25 +13,15 @@ module WPScan
         def initialize(plugin)
           finders << PluginVersion::Readme.new(plugin)
 
-          load_specific_finders(plugin)
+          create_and_load_dynamic_versions_finders(plugin)
         end
 
-        # Load the finders associated with the plugin
+        # Create the dynamic version finders related to the plugin and register them
         #
         # @param [ Model::Plugin ] plugin
-        def load_specific_finders(plugin)
-          module_name = plugin.classify
-
-          return unless Finders::PluginVersion.constants.include?(module_name)
-
-          mod = Finders::PluginVersion.const_get(module_name)
-
-          mod.constants.each do |constant|
-            c = mod.const_get(constant)
-
-            next unless c.is_a?(Class)
-
-            finders << c.new(plugin)
+        def create_and_load_dynamic_versions_finders(plugin)
+          DB::DynamicFinders::Plugin.create_versions_finders(plugin.slug).each do |finder|
+            finders << finder.new(plugin)
           end
         end
       end

app/finders/plugin_version/readme.rb

@@ -11,7 +11,7 @@ module WPScan
 
           # The target(plugin)#readme_url can't be used directly here
           # as if the --detection-mode is passive, it will always return nil
-          Model::WpItem::READMES.each do |file|
+          target.potential_readme_filenames.each do |file|
             res = target.head_and_get(file)
 
             next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?
@@ -52,7 +52,7 @@ module WPScan
 
           number = Regexp.last_match[1]
 
-          number if number =~ /[0-9]+/
+          number if /[0-9]+/.match?(number)
         end
 
         # @param [ String ] body

app/finders/plugins/body_pattern.rb

@@ -15,7 +15,7 @@ module WPScan
         #
         # @return [ Plugin ] The detected plugin in the response, related to the config
         def process_response(opts, response, slug, klass, config)
-          return unless response.body =~ config['pattern']
+          return unless response.body&.match?(config['pattern'])
 
           Model::Plugin.new(
             slug,

app/finders/plugins/comment.rb

@@ -18,7 +18,7 @@ module WPScan
           response.html.xpath(config['xpath'] || '//comment()').each do |node|
             comment = node.text.to_s.strip
 
-            next unless comment =~ config['pattern']
+            next unless comment&.match?(config['pattern'])
 
             return Model::Plugin.new(
               slug,

app/finders/plugins/known_locations.rb

@@ -21,6 +21,8 @@ module WPScan
 
           enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
             found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+
+            raise Error::PluginsThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
           end
 
           found

app/finders/theme_version.rb

@@ -16,25 +16,15 @@ module WPScan
             ThemeVersion::Style.new(theme) <<
             ThemeVersion::WooFrameworkMetaGenerator.new(theme)
 
-          load_specific_finders(theme)
+          create_and_load_dynamic_versions_finders(theme)
         end
 
-        # Load the finders associated with the theme
+        # Create the dynamic version finders related to the theme and register them
         #
         # @param [ Model::Theme ] theme
-        def load_specific_finders(theme)
-          module_name = theme.classify
-
-          return unless Finders::ThemeVersion.constants.include?(module_name)
-
-          mod = Finders::ThemeVersion.const_get(module_name)
-
-          mod.constants.each do |constant|
-            c = mod.const_get(constant)
-
-            next unless c.is_a?(Class)
-
-            finders << c.new(theme)
+        def create_and_load_dynamic_versions_finders(theme)
+          DB::DynamicFinders::Theme.create_versions_finders(theme.slug).each do |finder|
+            finders << finder.new(theme)
           end
         end
       end

app/finders/themes/known_locations.rb

@@ -21,6 +21,8 @@ module WPScan
 
           enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
             found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+
+            raise Error::ThemesThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
           end
 
           found

app/finders/timthumbs/known_locations.rb

@@ -22,7 +22,7 @@ module WPScan
           found = []
 
           enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless res.body =~ /no image specified/i
+            next unless /no image specified/i.match?(res.body)
 
             found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
           end

app/finders/users/author_id_brute_forcing.rb

@@ -97,9 +97,12 @@ module WPScan
         # @return [ String, nil ]
         def display_name_from_body(body)
           page = Nokogiri::HTML.parse(body)
+
           # WP >= 3.0
           page.css('h1.page-title span').each do |node|
-            return node.text.to_s
+            text = node.text.to_s.strip
+
+            return text unless text.empty?
           end
 
           # WP < 3.0

app/finders/users/login_error_messages.rb

@@ -24,7 +24,7 @@ module WPScan
 
             return found if error.empty? # Protection plugin / error disabled
 
-            next unless error =~ /The password you entered for the username|Incorrect Password/i
+            next unless /The password you entered for the username|Incorrect Password/i.match?(error)
 
             found << Model::User.new(username, found_by: found_by, confidence: 100)
           end

app/finders/users/oembed_api.rb

@@ -34,6 +34,8 @@ module WPScan
         def user_details_from_oembed_data(oembed_data)
           return unless oembed_data
 
+          oembed_data = oembed_data.first if oembed_data.is_a?(Array)
+
           if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
             details = [Regexp.last_match[1], 'Author URL', 90]
           elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?

app/finders/wp_items/urls_in_homepage.rb

@@ -15,7 +15,9 @@ module WPScan
           target.in_scope_uris(target.homepage_res) do |uri|
             next unless uri.to_s =~ item_attribute_pattern(type)
 
-            found << Regexp.last_match[1]
+            slug = Regexp.last_match[1]&.strip
+
+            found << slug unless slug&.empty?
           end
 
           uniq ? found.uniq.sort : found.sort
@@ -28,7 +30,7 @@ module WPScan
         def items_from_codes(type, uniq = true)
           found = []
 
-          target.homepage_res.html.css('script,style').each do |tag|
+          target.homepage_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
             code = tag.text.to_s
             next if code.empty?
 
@@ -42,7 +44,7 @@ module WPScan
         #
         # @return [ Regexp ]
         def item_attribute_pattern(type)
-          @item_attribute_pattern ||= %r{\A#{item_url_pattern(type)}([^/]+)/}i
+          @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i
         end
 
         # @param [ String ] type
@@ -59,7 +61,7 @@ module WPScan
           item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir
           item_url = type == 'plugins' ? target.plugins_url : target.content_url
 
-          url = /#{item_url.gsub(/\A(?:http|https)/i, 'https?').gsub('/', '\\\\\?\/')}/i
+          url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
           item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
 
           type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i

app/models/plugin.rb

@@ -15,9 +15,16 @@ module WPScan
         @uri = Addressable::URI.parse(blog.url(path_from_blog))
       end
 
-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
+      def metadata
+        @metadata ||= db_data.empty? ? DB::Plugin.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
       def db_data
-        @db_data ||= DB::Plugin.db_data(slug)
+        @db_data ||= DB::VulnApi.plugin_data(slug)
       end
 
       # @param [ Hash ] opts
@@ -28,6 +35,11 @@ module WPScan
 
         @version
       end
+
+      # @return [ Array<String> ]
+      def potential_readme_filenames
+        @potential_readme_filenames ||= [*(DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)]
+      end
     end
   end
 end

app/models/theme.rb

@@ -21,9 +21,16 @@ module WPScan
         parse_style
       end
 
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
       # @return [ JSON ]
+      def metadata
+        @metadata ||= db_data.empty? ? DB::Theme.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
       def db_data
-        @db_data ||= DB::Theme.db_data(slug)
+        @db_data ||= DB::VulnApi.theme_data(slug)
       end
 
       # @param [ Hash ] opts
@@ -94,7 +101,7 @@ module WPScan
       #
       # @return [ String ]
       def parse_style_tag(body, tag)
-        value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
+        value = body[/#{Regexp.escape(tag)}:[\t ]*([^\r\n\*]+)/i, 1]
 
         value && !value.strip.empty? ? value.strip : nil
       end

app/models/wp_item.rb

@@ -9,6 +9,7 @@ module WPScan
       include CMSScanner::Target::Platform::PHP
       include CMSScanner::Target::Server::Generic
 
+      # Most common readme filenames, based on checking all public plugins and themes.
       READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
 
       attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
@@ -59,18 +60,18 @@ module WPScan
 
       # @return [ String ]
       def latest_version
-        @latest_version ||= db_data['latest_version'] ? Model::Version.new(db_data['latest_version']) : nil
+        @latest_version ||= metadata['latest_version'] ? Model::Version.new(metadata['latest_version']) : nil
       end
 
       # Not used anywhere ATM
       # @return [ Boolean ]
       def popular?
-        @popular ||= db_data['popular']
+        @popular ||= metadata['popular'] ? true : false
       end
 
       # @return [ String ]
       def last_updated
-        @last_updated ||= db_data['last_updated']
+        @last_updated ||= metadata['last_updated']
       end
 
       # @return [ Boolean ]
@@ -117,7 +118,7 @@ module WPScan
 
         return @readme_url unless @readme_url.nil?
 
-        READMES.each do |path|
+        potential_readme_filenames.each do |path|
           t_url = url(path)
 
           return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
@@ -126,6 +127,10 @@ module WPScan
         @readme_url = false
       end
 
+      def potential_readme_filenames
+        @potential_readme_filenames ||= READMES
+      end
+
       # @param [ String ] path
       # @param [ Hash ] params The request params
       #

app/models/wp_version.rb

@@ -35,9 +35,16 @@ module WPScan
         @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
       end
 
-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
+      def metadata
+        @metadata ||= db_data.empty? ? DB::Version.metadata_at(number) : db_data
+      end
+
+      # @return [ Hash ]
       def db_data
-        @db_data ||= DB::Version.db_data(number)
+        @db_data ||= DB::VulnApi.wordpress_data(number)
       end
 
       # @return [ Array<Vulnerability> ]
@@ -55,12 +62,12 @@ module WPScan
 
       # @return [ String ]
       def release_date
-        @release_date ||= db_data['release_date'] || 'Unknown'
+        @release_date ||= metadata['release_date'] || 'Unknown'
       end
 
       # @return [ String ]
       def status
-        @status ||= db_data['status'] || 'Unknown'
+        @status ||= metadata['status'] || 'Unknown'
       end
     end
   end

app/views/cli/core/banner.erb

@@ -8,7 +8,7 @@ _______________________________________________________________
 
         WordPress Security Scanner by the WPScan Team
                        Version <%= WPScan::VERSION %>
-          Sponsored by Sucuri - https://sucuri.net
+<%= ' ' * ((63 - WPScan::DB::Sponsor.text.length)/2) + WPScan::DB::Sponsor.text %>
       @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
 _______________________________________________________________
 

app/views/cli/vuln_api/status.erb

@@ -0,0 +1,13 @@
+<% unless @status.empty? -%>
+<% if @status['http_error'] -%>
+<%= critical_icon %> WPVulnDB API, <%= @status['http_error'].to_s %>
+<% else -%>
+<%= info_icon %> WPVulnDB API OK
+ | Plan: <%= @status['plan'] %>
+ | Requests Done (during the scan): <%= @api_requests %>
+ | Requests Remaining: <%= @status['requests_remaining'] %>
+<% end -%>
+<% else -%>
+<%= warning_icon %> No WPVulnDB API Token given, as a result vulnerability data has not been output.
+<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
+<% end -%>

app/views/json/core/banner.erb

@@ -7,5 +7,5 @@
     "@erwan_lr",
     "@_FireFart_"
   ],
-  "sponsored_by": "Sucuri - https://sucuri.net"
+  "sponsor": <%= WPScan::DB::Sponsor.text.to_json %>
 },

app/views/json/vuln_api/status.erb

@@ -0,0 +1,13 @@
+"vuln_api": {
+<% unless @status.empty? -%>
+<% if @status['http_error'] -%>
+"http_error": <%= @status['http_error'].to_s.to_json %>
+<% else -%>
+"plan": <%= @status['plan'].to_json %>,
+"requests_done_during_scan": <%= @api_requests.to_json %>,
+"requests_remaining": <%= @status['requests_remaining'].to_json %>
+<% end -%>
+<% else -%>
+"error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up."
+<% end -%>
+},

bin/wpscan

@@ -5,6 +5,7 @@ require 'wpscan'
 
 WPScan::Scan.new do |s|
   s.controllers <<
+    WPScan::Controller::VulnApi.new <<
     WPScan::Controller::CustomDirectories.new <<
     WPScan::Controller::InterestingFindings.new <<
     WPScan::Controller::WpVersion.new <<

bin/wpscan-memprof

@@ -7,6 +7,7 @@ require 'wpscan'
 report = MemoryProfiler.report(top: 15) do
   WPScan::Scan.new do |s|
     s.controllers <<
+      WPScan::Controller::VulnApi.new <<
       WPScan::Controller::CustomDirectories.new <<
       WPScan::Controller::InterestingFindings.new <<
       WPScan::Controller::WpVersion.new <<

bin/wpscan-stackprof

@@ -12,6 +12,7 @@ StackProf.run(mode: :cpu, out: '/tmp/stackprof-cpu.dump', interval: 500) do
   # require_relative 'wpscan' doesn't work
   WPScan::Scan.new do |s|
     s.controllers <<
+      WPScan::Controller::VulnApi.new <<
       WPScan::Controller::CustomDirectories.new <<
       WPScan::Controller::InterestingFindings.new <<
       WPScan::Controller::WpVersion.new <<

lib/wpscan.rb

@@ -13,7 +13,8 @@ require 'uri'
 require 'time'
 require 'readline'
 require 'securerandom'
-
+# Monkey Patches/Fixes/Override
+require 'wpscan/typhoeus/response' # Adds a from_vuln_api? method
 # Custom Libs
 require 'wpscan/helper'
 require 'wpscan/db'
@@ -38,12 +39,28 @@ module WPScan
   APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
   DB_DIR  = Pathname.new(Dir.home).join('.wpscan', 'db')
 
+  Typhoeus.on_complete do |response|
+    next if response.cached? || !response.from_vuln_api?
+
+    self.api_requests += 1
+  end
+
   # Override, otherwise it would be returned as 'wp_scan'
   #
   # @return [ String ]
   def self.app_name
     'wpscan'
   end
+
+  # @return [ Integer ]
+  def self.api_requests
+    @@api_requests ||= 0
+  end
+
+  # @param [ Integer ] value
+  def self.api_requests=(value)
+    @@api_requests = value
+  end
 end
 
 require "#{WPScan::APP_DIR}/app"

lib/wpscan/browser.rb

@@ -7,7 +7,7 @@ module WPScan
 
     # @return [ String ]
     def default_user_agent
-      "WPScan v#{VERSION} (https://wpscan.org/)"
+      @default_user_agent ||= "WPScan v#{VERSION} (https://wpscan.org/)"
     end
   end
 end

lib/wpscan/db.rb

@@ -7,9 +7,12 @@ require_relative 'db/plugins'
 require_relative 'db/themes'
 require_relative 'db/plugin'
 require_relative 'db/theme'
+require_relative 'db/sponsor'
 require_relative 'db/wp_version'
 require_relative 'db/fingerprints'
 
+require_relative 'db/vuln_api'
+
 require_relative 'db/dynamic_finders/base'
 require_relative 'db/dynamic_finders/plugin'
 require_relative 'db/dynamic_finders/theme'

lib/wpscan/db/dynamic_finders/base.rb

@@ -5,18 +5,19 @@ module WPScan
     module DynamicFinders
       class Base
         # @return [ String ]
-        def self.db_file
-          @db_file ||= DB_DIR.join('dynamic_finders.yml').to_s
+        def self.df_file
+          @df_file ||= DB_DIR.join('dynamic_finders.yml').to_s
         end
 
         # @return [ Hash ]
-        def self.db_data
-          # true allows aliases to be loaded
-          @db_data ||= YAML.safe_load(File.read(db_file), [Regexp], [], true)
+        def self.all_df_data
+          @all_df_data ||= YAML.safe_load(File.read(df_file), [Regexp])
         end
 
         # @return [ Array<Symbol> ]
         def self.allowed_classes
+          # The Readme is not put in there as it's not a Real DF, but rather using the DF system
+          # to get the list of potential filenames for a given slug
           @allowed_classes ||= %i[Comment Xpath HeaderPattern BodyPattern JavascriptVar QueryParameter ConfigParser]
         end
 

lib/wpscan/db/dynamic_finders/plugin.rb

@@ -5,8 +5,8 @@ module WPScan
     module DynamicFinders
       class Plugin < Base
         # @return [ Hash ]
-        def self.db_data
-          @db_data ||= super['plugins'] || {}
+        def self.df_data
+          @df_data ||= all_df_data['plugins'] || {}
         end
 
         def self.version_finder_module
@@ -21,7 +21,7 @@ module WPScan
 
           return configs unless allowed_classes.include?(finder_class)
 
-          db_data.each do |slug, finders|
+          df_data.each do |slug, finders|
             # Quite sure better can be done with some kind of logic statement in the select
             fs = if aggressive
                    finders.reject { |_f, c| c['path'].nil? }
@@ -48,7 +48,7 @@ module WPScan
 
           @versions_finders_configs = {}
 
-          db_data.each do |slug, finders|
+          df_data.each do |slug, finders|
             finders.each do |finder_name, config|
               next unless config.key?('version')
 
@@ -73,23 +73,33 @@ module WPScan
           version_finder_module.const_get(constant_name)
         end
 
-        def self.create_versions_finders
-          versions_finders_configs.each do |slug, finders|
-            mod = maybe_create_module(slug)
+        # Create the dynamic finders related to the given slug, and return the created classes
+        #
+        # @param [ String ] slug
+        #
+        # @return [ Array<Class> ] The created classes
+        def self.create_versions_finders(slug)
+          created = []
+          mod     = maybe_create_module(slug)
 
-            finders.each do |finder_class, config|
-              klass = config['class'] || finder_class
+          versions_finders_configs[slug]&.each do |finder_class, config|
+            klass = config['class'] || finder_class
 
-              # Instead of raising exceptions, skip unallowed/already defined finders
-              # So that, when new DF configs are put in the .yml
-              # users with old version of WPScan will still be able to scan blogs
-              # when updating the DB but not the tool
-              next if mod.constants.include?(finder_class.to_sym) ||
-                      !allowed_classes.include?(klass.to_sym)
+            # Instead of raising exceptions, skip unallowed/already defined finders
+            # So that, when new DF configs are put in the .yml
+            # users with old version of WPScan will still be able to scan blogs
+            # when updating the DB but not the tool
 
-              version_finder_super_class(klass).create_child_class(mod, finder_class.to_sym, config)
-            end
+            next unless allowed_classes.include?(klass.to_sym)
+
+            created << if mod.constants.include?(finder_class.to_sym)
+                         mod.const_get(finder_class.to_sym)
+                       else
+                         version_finder_super_class(klass).create_child_class(mod, finder_class.to_sym, config)
+                       end
           end
+
+          created
         end
 
         # The idea here would be to check if the class exist in

lib/wpscan/db/dynamic_finders/theme.rb

@@ -5,8 +5,8 @@ module WPScan
     module DynamicFinders
       class Theme < Plugin
         # @return [ Hash ]
-        def self.db_data
-          @db_data ||= super['themes'] || {}
+        def self.df_data
+          @df_data ||= all_df_data['themes'] || {}
         end
 
         def self.version_finder_module

lib/wpscan/db/dynamic_finders/wordpress.rb

@@ -5,8 +5,8 @@ module WPScan
     module DynamicFinders
       class Wordpress < Base
         # @return [ Hash ]
-        def self.db_data
-          @db_data ||= super['wordpress'] || {}
+        def self.df_data
+          @df_data ||= all_df_data['wordpress'] || {}
         end
 
         # @return [ Constant ]
@@ -30,9 +30,9 @@ module WPScan
           return configs unless allowed_classes.include?(finder_class)
 
           finders = if aggressive
-                      db_data.reject { |_f, c| c['path'].nil? }
+                      df_data.reject { |_f, c| c['path'].nil? }
                     else
-                      db_data.select { |_f, c| c['path'].nil? }
+                      df_data.select { |_f, c| c['path'].nil? }
                     end
 
           finders.each do |finder_name, config|
@@ -48,7 +48,7 @@ module WPScan
 
         # @return [ Hash ]
         def self.versions_finders_configs
-          @versions_finders_configs ||= db_data.select { |_finder_name, config| config.key?('version') }
+          @versions_finders_configs ||= df_data.select { |_finder_name, config| config.key?('version') }
         end
 
         def self.create_versions_finders

lib/wpscan/db/plugin.rb

@@ -4,9 +4,9 @@ module WPScan
   module DB
     # Plugin DB
     class Plugin < WpItem
-      # @return [ String ]
-      def self.db_file
-        @db_file ||= DB_DIR.join('plugins.json').to_s
+      # @return [ Hash ]
+      def self.metadata
+        @metadata ||= super['plugins'] || {}
       end
     end
   end

lib/wpscan/db/plugins.rb

@@ -5,8 +5,8 @@ module WPScan
     # WP Plugins
     class Plugins < WpItems
       # @return [ JSON ]
-      def self.db
-        Plugin.db
+      def self.metadata
+        Plugin.metadata
       end
     end
   end

lib/wpscan/db/sponsor.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module WPScan
+  module DB
+    class Sponsor
+      # @return [ Hash ]
+      def self.text
+        @text ||= file_path.exist? ? File.read(file_path).chomp : ''
+      end
+
+      def self.file_path
+        @file_path ||= DB_DIR.join('sponsor.txt')
+      end
+    end
+  end
+end

lib/wpscan/db/theme.rb

@@ -4,9 +4,9 @@ module WPScan
   module DB
     # Theme DB
     class Theme < WpItem
-      # @return [ String ]
-      def self.db_file
-        @db_file ||= DB_DIR.join('themes.json').to_s
+      # @return [ Hash ]
+      def self.metadata
+        @metadata ||= super['themes'] || {}
       end
     end
   end

lib/wpscan/db/themes.rb

@@ -5,8 +5,8 @@ module WPScan
     # WP Themes
     class Themes < WpItems
       # @return [ JSON ]
-      def self.db
-        Theme.db
+      def self.metadata
+        Theme.metadata
       end
     end
   end

lib/wpscan/db/updater.rb

@@ -7,12 +7,15 @@ module WPScan
     class Updater
       # /!\ Might want to also update the Enumeration#cli_options when some filenames are changed here
       FILES = %w[
-        plugins.json themes.json wordpresses.json
+        metadata.json wp_fingerprints.json
         timthumbs-v3.txt config_backups.txt db_exports.txt
-        dynamic_finders.yml wp_fingerprints.json LICENSE
+        dynamic_finders.yml LICENSE sponsor.txt
       ].freeze
 
-      OLD_FILES = %w[wordpress.db user-agents.txt dynamic_finders_01.yml].freeze
+      OLD_FILES = %w[
+        wordpress.db user-agents.txt dynamic_finders_01.yml
+        wordpresses.json plugins.json themes.json
+      ].freeze
 
       attr_reader :repo_directory
 
@@ -64,11 +67,12 @@ module WPScan
       # @return [ Hash ] The params for Typhoeus::Request
       # @note Those params can't be overriden by CLI options
       def request_params
-        {
+        @request_params ||= {
           timeout: 600,
           connecttimeout: 300,
           accept_encoding: 'gzip, deflate',
-          cache_ttl: 0
+          cache_ttl: 0,
+          headers: { 'User-Agent' => Browser.instance.default_user_agent, 'Referer' => nil }
         }
       end
 

lib/wpscan/db/vuln_api.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module WPScan
+  module DB
+    # WPVulnDB API
+    class VulnApi
+      NON_ERROR_CODES = [200, 401].freeze
+
+      class << self
+        attr_accessor :token
+      end
+
+      # @return [ Addressable::URI ]
+      def self.uri
+        @uri ||= Addressable::URI.parse('https://wpvulndb.com/api/v3/')
+      end
+
+      # @param [ String ] path
+      # @param [ Hash ] params
+      #
+      # @return [ Hash ]
+      def self.get(path, params = {})
+        return {} unless token
+
+        res = Browser.get(uri.join(path), params.merge(request_params))
+
+        return {} if res.code == 404 # This is for API inconsistencies when dots in path
+        return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
+
+        raise Error::HTTP, res
+      rescue Error::HTTP => e
+        retries ||= 0
+
+        if (retries += 1) <= 3
+          sleep(1)
+          retry
+        end
+
+        { 'http_error' => e }
+      end
+
+      # @return [ Hash ]
+      def self.plugin_data(slug)
+        get("plugins/#{slug}")&.dig(slug) || {}
+      end
+
+      # @return [ Hash ]
+      def self.theme_data(slug)
+        get("themes/#{slug}")&.dig(slug) || {}
+      end
+
+      # @return [ Hash ]
+      def self.wordpress_data(version_number)
+        get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {}
+      end
+
+      # @return [ Hash ]
+      def self.status
+        json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0)
+
+        json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1
+
+        json
+      end
+
+      # @return [ Hash ]
+      def self.request_params
+        {
+          headers: {
+            'Host' => uri.host, # Reset in case user provided a --vhost for the target
+            'Referer' => nil, # Removes referer set by the cmsscanner to the target url
+            'User-Agent' => Browser.instance.default_user_agent,
+            'Authorization' => "Token token=#{token}"
+          }
+        }
+      end
+    end
+  end
+end

lib/wpscan/db/wp_item.rb

@@ -6,14 +6,19 @@ module WPScan
     class WpItem
       # @param [ String ] identifier The plugin/theme slug or version number
       #
-      # @return [ Hash ] The JSON data from the DB associated to the identifier
-      def self.db_data(identifier)
-        db[identifier] || {}
+      # @return [ Hash ] The JSON data from the metadata associated to the identifier
+      def self.metadata_at(identifier)
+        metadata[identifier] || {}
       end
 
       # @return [ JSON ]
-      def self.db
-        @db ||= read_json_file(db_file)
+      def self.metadata
+        @metadata ||= read_json_file(metadata_file)
+      end
+
+      # @return [ String ]
+      def self.metadata_file
+        @metadata_file ||= DB_DIR.join('metadata.json').to_s
       end
     end
   end

lib/wpscan/db/wp_items.rb

@@ -6,17 +6,17 @@ module WPScan
     class WpItems
       # @return [ Array<String> ] The slug of all items
       def self.all_slugs
-        db.keys
+        metadata.keys
       end
 
       # @return [ Array<String> ] The slug of all popular items
       def self.popular_slugs
-        db.select { |_key, item| item['popular'] == true }.keys
+        metadata.select { |_key, item| item['popular'] == true }.keys
       end
 
       # @return [ Array<String> ] The slug of all vulnerable items
       def self.vulnerable_slugs
-        db.reject { |_key, item| item['vulnerabilities'].empty? }.keys
+        metadata.select { |_key, item| item['vulnerabilities'] == true }.keys
       end
     end
   end

lib/wpscan/db/wp_version.rb

@@ -4,9 +4,9 @@ module WPScan
   module DB
     # WP Version
     class Version < WpItem
-      # @return [ String ]
-      def self.db_file
-        @db_file ||= DB_DIR.join('wordpresses.json').to_s
+      # @return [ Hash ]
+      def self.metadata
+        @metadata ||= super['wordpress'] || {}
       end
     end
   end

lib/wpscan/errors.rb

@@ -9,7 +9,9 @@ module WPScan
   end
 end
 
+require_relative 'errors/enumeration'
 require_relative 'errors/http'
 require_relative 'errors/update'
+require_relative 'errors/vuln_api'
 require_relative 'errors/wordpress'
 require_relative 'errors/xmlrpc'

lib/wpscan/errors/enumeration.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Error
+    class PluginsThresholdReached < Standard
+      def to_s
+        "The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
+        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+        'option to ignore the bad responses.'
+      end
+    end
+
+    class ThemesThresholdReached < Standard
+      def to_s
+        "The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
+        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+        'option to ignore the bad responses.'
+      end
+    end
+  end
+end

lib/wpscan/errors/vuln_api.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Error
+    # Error raised when the token given via --api-token is invalid
+    class InvalidApiToken < Standard
+      def to_s
+        'The API token provided is invalid'
+      end
+    end
+
+    # Error raised when the number of API requests has been reached
+    # currently not implemented on the API side
+    class ApiLimitReached < Standard
+      def to_s
+        'Your API limit has been reached'
+      end
+    end
+  end
+end

lib/wpscan/finders/dynamic_finder/version/body_pattern.rb

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module DynamicFinder
       module Version
-        # Version finder using Body Pattern method. Tipically used when the response is not
+        # Version finder using Body Pattern method. Typically used when the response is not
         # an HTML doc and Xpath can't be used
         class BodyPattern < Finders::DynamicFinder::Version::Finder
           # @return [ Hash ]
@@ -16,7 +16,7 @@ module WPScan
           # @param [ Hash ] opts
           # @return [ Version ]
           def find(response, _opts = {})
-            return unless response.body =~ self.class::PATTERN
+            return unless response.code != 404 && response.body =~ self.class::PATTERN
 
             create_version(
               Regexp.last_match[:v],

lib/wpscan/helper.rb

@@ -6,13 +6,15 @@ rescue StandardError => e
   raise "JSON parsing error in #{file} #{e}"
 end
 
-# @return [ Symbol ]
+# Sanitize and classify a slug
 # @note As a class can not start with a digit or underscore, a D_ is
-# put as a prefix in such case. Ugly but well :x
-# Not only used to classify slugs though, but Dynamic Finder names as well
+#       put as a prefix in such case. Ugly but well :x
+#       Not only used to classify slugs though, but Dynamic Finder names as well
+#
+# @return [ Symbol ]
 def classify_slug(slug)
-  classified = slug.to_s.tr('-', '_').camelize.to_s
-  classified = "D_#{classified}" if classified[0] =~ /\d/
+  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
+  classified = "D_#{classified}" if /\d/.match?(classified[0])
 
   classified.to_sym
 end

lib/wpscan/target/platform/wordpress.rb

@@ -11,7 +11,9 @@ module WPScan
       module WordPress
         include CMSScanner::Target::Platform::PHP
 
-        WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i.freeze
+        WORDPRESS_PATTERN      = %r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i.freeze
+        WP_JSON_OEMBED_PATTERN = %r{/wp\-json/oembed/}i.freeze
+        WP_ADMIN_AJAX_PATTERN  = %r{\\?/wp\-admin\\?/admin\-ajax\.php}i.freeze
 
         # These methods are used in the associated interesting_findings finders
         # to keep the boolean state of the finding rather than re-check the whole thing again
@@ -23,27 +25,33 @@ module WPScan
         # @param [ Symbol ] detection_mode
         #
         # @return [ Boolean ]
+        # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
         def wordpress?(detection_mode)
           in_scope_uris(homepage_res) do |uri|
-            return true if uri.path.match(WORDPRESS_PATTERN)
+            return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
           end
 
-          homepage_res.html.css('meta[name="generator"]').each do |node|
-            return true if node['content'] =~ /wordpress/i
+          return true if homepage_res.html.css('meta[name="generator"]').any? do |node|
+            /wordpress/i.match?(node['content'])
           end
 
           return true unless comments_from_page(/wordpress/i, homepage_res).empty?
 
+          return true if homepage_res.html.xpath('//script[not(@src)]').any? do |node|
+            WP_ADMIN_AJAX_PATTERN.match?(node.text)
+          end
+
           if %i[mixed aggressive].include?(detection_mode)
             %w[wp-admin/install.php wp-login.php].each do |path|
-              in_scope_uris(Browser.get_and_follow_location(url(path))).each do |uri|
-                return true if uri.path.match(WORDPRESS_PATTERN)
+              return true if in_scope_uris(Browser.get_and_follow_location(url(path))).any? do |uri|
+                WORDPRESS_PATTERN.match?(uri.path)
               end
             end
           end
 
           false
         end
+        # rubocop:enable Metrics/AbcSize, Metrics/PerceivedComplexity
 
         COOKIE_PATTERNS = {
           'vjs' => /createCookie\('vjs','(?<c_value>\d+)',\d+\);/i
@@ -82,7 +90,7 @@ module WPScan
         def wordpress_hosted?
           return true if /\.wordpress\.com$/i.match?(uri.host)
 
-          unless content_dir(:passive)
+          unless content_dir
             pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
 
             uris_from_page(homepage_res) do |uri|
@@ -109,6 +117,7 @@ module WPScan
           Browser.instance.forge_request(
             login_url,
             method: :post,
+            cache_ttl: 0,
             body: { log: username, pwd: password }
           )
         end

lib/wpscan/target/platform/wordpress/custom_directories.rb

@@ -13,12 +13,11 @@ module WPScan
           @plugins_dir = dir.chomp('/')
         end
 
-        # @param [ Symbol ] detection_mode
         # @return [ String ] The wp-content directory
-        def content_dir(detection_mode = :mixed)
+        def content_dir
           unless @content_dir
             # scope_url_pattern is from CMSScanner::Target
-            pattern = %r{#{scope_url_pattern}([\w\s\-/]+)\\?/(?:themes|plugins|uploads|cache)\\?/}i
+            pattern = %r{#{scope_url_pattern}([\w\s\-/]+?)\\?/(?:themes|plugins|uploads|cache)\\?/}i
 
             in_scope_uris(homepage_res) do |uri|
               return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
@@ -29,9 +28,7 @@ module WPScan
               return @content_dir = match[1]
             end
 
-            unless detection_mode == :passive
-              return @content_dir = 'wp-content' if default_content_dir_exists?
-            end
+            return @content_dir = 'wp-content' if default_content_dir_exists?
           end
 
           @content_dir
@@ -99,20 +96,19 @@ module WPScan
 
         # @return [ String, False ] String of the sub_dir found, false otherwise
         # @note: nil can not be returned here, otherwise if there is no sub_dir
-        #        the check would be done each time
+        #        the check would be done each time, which would make enumeration of
+        #        long list of items very slow to generate
         def sub_dir
-          unless @sub_dir
-            # url_pattern is from CMSScanner::Target
-            pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
+          return @sub_dir unless @sub_dir.nil?
 
-            in_scope_uris(homepage_res) do |uri|
-              return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
-            end
+          # url_pattern is from CMSScanner::Target
+          pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
 
-            @sub_dir = false
+          in_scope_uris(homepage_res) do |uri|
+            return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
           end
 
-          @sub_dir
+          @sub_dir = false
         end
 
         # Override of the WebSite#url to consider the custom WP directories

lib/wpscan/typhoeus/response.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Typhoeus
+  # Custom Response class
+  class Response
+    # @note: Ignores requests done to the /status endpoint of the API
+    #
+    # @return [ Boolean ]
+    def from_vuln_api?
+      effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) && !effective_url.include?('/status')
+    end
+  end
+end

lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.5.5'
+  VERSION = '3.7.3'
 end

spec/app/controllers/core_spec.rb

@@ -166,6 +166,7 @@ describe WPScan::Controller::Core do
         before do
           expect(core).to receive(:load_server_module)
           expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
+          expect(core.target).to receive(:wordpress_hosted?).and_return(false)
         end
 
         it 'calls the formatter when started and finished to update the db' do
@@ -174,56 +175,6 @@ describe WPScan::Controller::Core do
       end
     end
 
-    context 'when a redirect occurs' do
-      before do
-        stub_request(:any, target_url)
-
-        expect(core.target).to receive(:homepage_res)
-          .at_least(1)
-          .and_return(Typhoeus::Response.new(effective_url: redirection, body: ''))
-      end
-
-      context 'to the wp-admin/install.php' do
-        let(:redirection) { "#{target_url}wp-admin/install.php" }
-
-        it 'calls the formatter with the correct parameters and exit' do
-          expect(core.formatter).to receive(:output)
-            .with('not_fully_configured', hash_including(url: redirection), 'core').ordered
-
-          # TODO: Would be cool to be able to test the exit code
-          expect { core.before_scan }.to raise_error(SystemExit)
-        end
-      end
-
-      context 'to something else' do
-        let(:redirection) { 'http://g.com/' }
-
-        it 'raises an error' do
-          expect { core.before_scan }.to raise_error(CMSScanner::Error::HTTPRedirect)
-        end
-      end
-
-      context 'to another path with the wp-admin/install.php in the query' do
-        let(:redirection) { "#{target_url}index.php?a=/wp-admin/install.php" }
-
-        context 'when wordpress' do
-          it 'does not raise an error' do
-            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
-
-            expect { core.before_scan }.to_not raise_error
-          end
-        end
-
-        context 'when not wordpress' do
-          it 'raises an error' do
-            expect(core.target).to receive(:wordpress?).twice.with(:mixed).and_return(false)
-
-            expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
-          end
-        end
-      end
-    end
-
     context 'when hosted on wordpress.com' do
       let(:target_url) { 'http://ex.wordpress.com' }
 
@@ -234,52 +185,106 @@ describe WPScan::Controller::Core do
       end
     end
 
-    context 'when wordpress' do
-      before do
-        expect(core).to receive(:load_server_module)
-        expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
-      end
+    context 'when not hosted on wordpress.com' do
+      before { allow(core.target).to receive(:wordpress_hosted?).and_return(false) }
 
-      it 'does not raise any error' do
-        expect { core.before_scan }.to_not raise_error
-      end
-    end
+      context 'when a redirect occurs' do
+        before do
+          stub_request(:any, target_url)
 
-    context 'when not wordpress' do
-      before do
-        expect(core).to receive(:load_server_module)
-      end
+          expect(core.target).to receive(:homepage_res)
+            .at_least(1)
+            .and_return(Typhoeus::Response.new(effective_url: redirection, body: ''))
+        end
 
-      context 'when no --force' do
-        before { expect(core.target).to receive(:maybe_add_cookies) }
+        context 'to the wp-admin/install.php' do
+          let(:redirection) { "#{target_url}wp-admin/install.php" }
 
-        context 'when no cookies added or still not wordpress after being added' do
-          it 'raises an error' do
-            expect(core.target).to receive(:wordpress?).twice.with(:mixed).and_return(false)
+          it 'calls the formatter with the correct parameters and exit' do
+            expect(core.formatter).to receive(:output)
+              .with('not_fully_configured', hash_including(url: redirection), 'core').ordered
 
-            expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
+            # TODO: Would be cool to be able to test the exit code
+            expect { core.before_scan }.to raise_error(SystemExit)
           end
         end
 
-        context 'when the added cookies solved it' do
-          it 'does not raise an error' do
-            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false).ordered
-            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true).ordered
+        context 'to something else' do
+          let(:redirection) { 'http://g.com/' }
+
+          it 'raises an error' do
+            expect { core.before_scan }.to raise_error(CMSScanner::Error::HTTPRedirect)
+          end
+        end
+
+        context 'to another path with the wp-admin/install.php in the query' do
+          let(:redirection) { "#{target_url}index.php?a=/wp-admin/install.php" }
+
+          context 'when wordpress' do
+            it 'does not raise an error' do
+              expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
+
+              expect { core.before_scan }.to_not raise_error
+            end
+          end
+
+          context 'when not wordpress' do
+            it 'raises an error' do
+              expect(core.target).to receive(:wordpress?).twice.with(:mixed).and_return(false)
+
+              expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
+            end
+          end
+        end
+      end
+
+      context 'when wordpress' do
+        before do
+          expect(core).to receive(:load_server_module)
+          expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
+        end
+
+        it 'does not raise any error' do
+          expect { core.before_scan }.to_not raise_error
+        end
+      end
+
+      context 'when not wordpress' do
+        before do
+          expect(core).to receive(:load_server_module)
+        end
+
+        context 'when no --force' do
+          before { expect(core.target).to receive(:maybe_add_cookies) }
+
+          context 'when no cookies added or still not wordpress after being added' do
+            it 'raises an error' do
+              expect(core.target).to receive(:wordpress?).twice.with(:mixed).and_return(false)
+
+              expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
+            end
+          end
+
+          context 'when the added cookies solved it' do
+            it 'does not raise an error' do
+              expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false).ordered
+              expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true).ordered
+
+              expect { core.before_scan }.to_not raise_error
+            end
+          end
+        end
+
+        context 'when --force' do
+          let(:cli_args) { "#{super()} --force" }
+
+          it 'does not raise any error' do
+            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
 
             expect { core.before_scan }.to_not raise_error
           end
         end
       end
-
-      context 'when --force' do
-        let(:cli_args) { "#{super()} --force" }
-
-        it 'does not raise any error' do
-          expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
-
-          expect { core.before_scan }.to_not raise_error
-        end
-      end
     end
   end
 end

spec/app/controllers/custom_directories_spec.rb

@@ -20,7 +20,7 @@ describe WPScan::Controller::CustomDirectories do
 
   describe '#before_scan' do
     context 'when the content_dir is not found and not supplied' do
-      before { expect(controller.target).to receive(:content_dir).with(:mixed) }
+      before { expect(controller.target).to receive(:content_dir).and_return(nil) }
 
       it 'raises an exception' do
         expect { controller.before_scan }.to raise_error(WPScan::Error::WpContentDirNotDetected)

spec/app/controllers/enumeration_spec.rb

@@ -70,8 +70,8 @@ describe WPScan::Controller::Enumeration do
     it 'contains the correct options' do
       expect(controller.cli_options.map(&:to_sym)).to eql(
         %i[enumerate exclude_content_based
-           plugins_list plugins_detection plugins_version_all plugins_version_detection
-           themes_list themes_detection themes_version_all themes_version_detection
+           plugins_list plugins_detection plugins_version_all plugins_version_detection plugins_threshold
+           themes_list themes_detection themes_version_all themes_version_detection themes_threshold
            timthumbs_list timthumbs_detection
            config_backups_list config_backups_detection
            db_exports_list db_exports_detection
@@ -102,15 +102,6 @@ describe WPScan::Controller::Enumeration do
     end
   end
 
-  describe '#before_scan' do
-    it 'creates the Dynamic Finders' do
-      expect(WPScan::DB::DynamicFinders::Plugin).to receive(:create_versions_finders)
-      expect(WPScan::DB::DynamicFinders::Theme).to receive(:create_versions_finders)
-
-      controller.before_scan
-    end
-  end
-
   describe '#run' do
     context 'when no :enumerate' do
       before do

spec/app/controllers/vuln_api_spec.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+describe WPScan::Controller::VulnApi do
+  subject(:controller) { described_class.new }
+  let(:target_url)     { 'http://ex.lo/' }
+  let(:cli_args)       { "--url #{target_url}" }
+
+  before do
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
+  end
+
+  describe '#cli_options' do
+    its(:cli_options) { should_not be_empty }
+    its(:cli_options) { should be_a Array }
+
+    it 'contains to correct options' do
+      expect(controller.cli_options.map(&:to_sym)).to eq %i[api_token]
+    end
+  end
+
+  describe '#before_scan' do
+    context 'when no --api-token provided' do
+      its(:before_scan) { should be nil }
+    end
+
+    context 'when --api-token given' do
+      let(:cli_args) { "#{super()} --api-token token" }
+
+      context 'when the token is invalid' do
+        before { expect(WPScan::DB::VulnApi).to receive(:status).and_return('error' => 'HTTP Token: Access denied.') }
+
+        it 'raise an InvalidApiToken error' do
+          expect { controller.before_scan }.to raise_error(WPScan::Error::InvalidApiToken)
+        end
+      end
+
+      context 'when the token is valid' do
+        context 'when the limit has been reached' do
+          before do
+            expect(WPScan::DB::VulnApi)
+              .to receive(:status)
+              .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 0)
+          end
+
+          it 'raises an ApiLimitReached error' do
+            expect { controller.before_scan }.to raise_error(WPScan::Error::ApiLimitReached)
+          end
+        end
+
+        context 'when a HTTP error, like a timeout' do
+          before do
+            expect(WPScan::DB::VulnApi)
+              .to receive(:status)
+              .and_return(
+                'http_error' => WPScan::Error::HTTP.new(
+                  Typhoeus::Response.new(effective_url: 'mock-url', return_code: 28)
+                )
+              )
+          end
+
+          it 'raises an HTTP error' do
+            expect { controller.before_scan }
+              .to raise_error(WPScan::Error::HTTP, 'HTTP Error: mock-url (Timeout was reached)')
+          end
+        end
+
+        context 'when the token is valid and no HTTP error' do
+          before do
+            expect(WPScan::DB::VulnApi)
+              .to receive(:status)
+              .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => requests)
+          end
+
+          context 'when limited requests' do
+            let(:requests) { 100 }
+
+            it 'does not raise an error' do
+              expect { controller.before_scan }.to_not raise_error
+            end
+
+            context 'when unlimited requests' do
+              let(:requests) { 'Unlimited' }
+
+              it 'does not raise an error' do
+                expect { controller.before_scan }.to_not raise_error
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

spec/app/finders/passwords/wp_login_spec.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+describe WPScan::Finders::Passwords::WpLogin do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Target.new(url) }
+  let(:url)        { 'http://ex.lo/' }
+
+  describe '#valid_credentials?' do
+    context 'when a non 302' do
+      it 'returns false' do
+        expect(finder.valid_credentials?(Typhoeus::Response.new(code: 200, headers: {}))).to be_falsey
+      end
+    end
+
+    context 'when a 302' do
+      let(:response) { Typhoeus::Response.new(code: 302, headers: headers) }
+
+      context 'when no cookies set' do
+        let(:headers) { {} }
+
+        it 'returns false' do
+          expect(finder.valid_credentials?(response)).to be_falsey
+        end
+      end
+
+      context 'when no logged_in cookie set' do
+        context 'when only one cookie set' do
+          let(:headers) { 'Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/' }
+
+          it 'returns false' do
+            expect(finder.valid_credentials?(response)).to be_falsey
+          end
+        end
+
+        context 'when multiple cookies set' do
+          let(:headers) do
+            "Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\n" \
+            'Set-Cookie: something=value; path=/'
+          end
+
+          it 'returns false' do
+            expect(finder.valid_credentials?(response)).to be_falsey
+          end
+        end
+      end
+
+      context 'when logged_in cookie set' do
+        let(:headers) do
+          "Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\r" \
+          "Set-Cookie: wordpress_xxx=yyy; path=/wp-content/plugins; httponly\r\n" \
+          "Set-Cookie: wordpress_xxx=yyy; path=/wp-admin; httponly\r\n" \
+          'Set-Cookie: wordpress_logged_in_xxx=yyy; path=/; httponly'
+        end
+
+        it 'returns false' do
+          expect(finder.valid_credentials?(response)).to eql true
+        end
+      end
+    end
+  end
+end

spec/app/finders/plugin_version_spec.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-# If this file is tested alone (rspec path-to-this-file), then there will be an error about
-# constants not being intilialized. This is due to the Dynamic Finders.
-
 describe WPScan::Finders::PluginVersion::Base do
   subject(:plugin_version) { described_class.new(plugin) }
   let(:plugin)             { WPScan::Model::Plugin.new(slug, target) }
@@ -15,7 +12,7 @@ describe WPScan::Finders::PluginVersion::Base do
       expect(plugin_version.finders.map { |f| f.class.to_s.demodulize }).to match_array @expected
     end
 
-    context 'when no related specific finders' do
+    context 'when no related dynamic finders' do
       let(:slug) { 'spec' }
 
       it 'contains the default finders' do
@@ -25,19 +22,13 @@ describe WPScan::Finders::PluginVersion::Base do
 
     # Dynamic Version Finders are not tested here, they are in
     # spec/lib/finders/dynamic_finder/plugin_versions_spec
-    context 'when specific finders' do
-      let(:specific) do
-        {
-          # None so far
-        }
-      end
-
+    context 'when dynamic finders' do
       WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |plugin_slug, configs|
         context "when #{plugin_slug} plugin" do
           let(:slug) { plugin_slug }
 
-          it 'contains the expected finders (default + specific + the dynamic ones)' do
-            @expected = default_finders + [*specific[plugin_slug]] + configs.keys
+          it 'contains the expected finders (default + the dynamic ones)' do
+            @expected = default_finders + configs.keys
           end
         end
       end

spec/app/finders/plugins/urls_in_homepage_spec.rb

@@ -3,14 +3,16 @@
 describe WPScan::Finders::Plugins::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
-  let(:url)        { 'http://wp.lab/' }
+  let(:url)        { 'https://wp.lab/' }
   let(:fixtures)   { FINDERS_FIXTURES.join('plugins', 'urls_in_homepage') }
 
+  before { target.scope << 'sub.lab' }
+
   it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
     let(:type)                { 'plugins' }
     let(:uniq_links)          { true }
     let(:uniq_codes)          { true }
-    let(:expected_from_links) { (1..4).map { |i| "dl-#{i}" } }
+    let(:expected_from_links) { (1..5).map { |i| "dl-#{i}" } }
     let(:expected_from_codes) { (1..6).map { |i| "dc-#{i}" } }
   end
 

spec/app/finders/theme_version_spec.rb

@@ -13,20 +13,21 @@ describe WPScan::Finders::ThemeVersion::Base do
       expect(theme_version.finders.map { |f| f.class.to_s.demodulize }).to eql @expected
     end
 
-    context 'when no related specific finders' do
+    context 'when no related dynamic finders' do
       it 'contains the default finders' do
         @expected = default_finders
       end
     end
 
-    context 'when specific finders' do
-      {
-      }.each do |theme_slug, specific_finders|
+    # Dynamic Version Finders are not tested here, they are in
+    # spec/lib/finders/dynamic_finder/theme_versions_spec
+    context 'when dynamic finders' do
+      WPScan::DB::DynamicFinders::Theme.versions_finders_configs.each do |theme_slug, configs|
         context "when #{theme_slug} theme" do
           let(:slug) { theme_slug }
 
-          it 'contains the expected finders' do
-            @expected = default_finders + specific_finders
+          it 'contains the expected finders (default + the dynamic ones)' do
+            @expected = default_finders + configs.keys
           end
         end
       end

spec/app/finders/themes/urls_in_homepage_spec.rb

@@ -6,6 +6,8 @@ describe WPScan::Finders::Themes::UrlsInHomepage do
   let(:url)        { 'http://wp.lab/' }
   let(:fixtures)   { FINDERS_FIXTURES.join('themes', 'urls_in_homepage') }
 
+  # before { target.scope << 'sub.lab' }
+
   it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
     let(:type)                { 'themes' }
     let(:uniq_links)          { true }

spec/app/finders/users/author_id_brute_forcing_spec.rb

@@ -50,7 +50,7 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do
     end
 
     context 'when no display_name' do
-      ['4.1.1', '3.0', '2.9.2'].each do |file|
+      %w[4.9-span-tag 4.1.1 3.0 2.9.2].each do |file|
         it "returns nil for #{file}-empty.html" do
           body = File.read(fixtures.join("#{file}-empty.html"))
 

spec/app/finders/users/oembed_api_spec.rb

@@ -19,15 +19,17 @@ describe WPScan::Finders::Users::OembedApi do
     end
 
     context 'when a JSON response' do
+      let(:body) { File.read(fixture) }
+
       context 'when 404' do
-        let(:body) { File.read(fixtures.join('404.json')) }
+        let(:fixture) { fixtures.join('404.json') }
 
         its(:aggressive) { should eql([]) }
       end
 
       context 'when 200' do
         context 'when author_url present' do
-          let(:body) { File.read(fixtures.join('200_author_url.json')) }
+          let(:fixture) { fixtures.join('200_author_url.json') }
 
           it 'returns the expected array of users' do
             users = finder.aggressive
@@ -44,7 +46,7 @@ describe WPScan::Finders::Users::OembedApi do
         end
 
         context 'when author_url not present but author_name' do
-          let(:body) { File.read(fixtures.join('200_author_name.json')) }
+          let(:fixture) { fixtures.join('200_author_name.json') }
 
           it 'returns the expected array of users' do
             users = finder.aggressive
@@ -59,6 +61,12 @@ describe WPScan::Finders::Users::OembedApi do
             expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
           end
         end
+
+        context 'when body is an array' do
+          let(:fixture) { fixtures.join('array.json') }
+
+          its(:aggressive) { should eql([]) }
+        end
       end
     end
   end

spec/app/models/plugin_spec.rb

@@ -60,25 +60,60 @@ describe WPScan::Model::Plugin do
     end
   end
 
+  describe 'potential_readme_filenames' do
+    context 'when not set in the DF file' do
+      its(:potential_readme_filenames) { should eql described_class::READMES }
+    end
+
+    context 'when set in the DF file' do
+      context 'as a string' do
+        let(:slug) { 'photoblocks-grid-gallery' }
+
+        its(:potential_readme_filenames) { should eql %w[README.txt] }
+      end
+
+      context 'as an array' do
+        let(:slug) { 'customerlabs-actionrecorder' }
+
+        its(:potential_readme_filenames) { should eql %w[Readme.txt Readme.md] }
+      end
+    end
+  end
+
   describe '#latest_version, #last_updated, #popular' do
-    context 'when none' do
-      let(:slug) { 'vulnerable-not-popular' }
+    before { allow(plugin).to receive(:db_data).and_return(db_data) }
+
+    context 'when no db_data and no metadata' do
+      let(:slug)    { 'not-known' }
+      let(:db_data) { {} }
 
       its(:latest_version) { should be_nil }
       its(:last_updated) { should be_nil }
       its(:popular?) { should be false }
     end
 
-    context 'when values' do
+    context 'when no db_data but metadata' do
       let(:slug) { 'no-vulns-popular' }
+      let(:db_data) { {} }
 
       its(:latest_version) { should eql WPScan::Model::Version.new('2.0') }
       its(:last_updated) { should eql '2015-05-16T00:00:00.000Z' }
       its(:popular?) { should be true }
     end
+
+    context 'when db_data' do
+      let(:slug) { 'no-vulns-popular' }
+      let(:db_data) { vuln_api_data_for('plugins/no-vulns-popular') }
+
+      its(:latest_version) { should eql WPScan::Model::Version.new('2.1') }
+      its(:last_updated) { should eql '2015-05-16T00:00:00.000Z-via-api' }
+      its(:popular?) { should be true }
+    end
   end
 
   describe '#outdated?' do
+    before { allow(plugin).to receive(:db_data).and_return({}) }
+
     context 'when last_version' do
       let(:slug) { 'no-vulns-popular' }
 
@@ -96,13 +131,13 @@ describe WPScan::Model::Plugin do
             .and_return(WPScan::Model::Version.new(version_number))
         end
 
-        context 'when version < last_version' do
+        context 'when version < latest_version' do
           let(:version_number) { '1.2' }
 
           its(:outdated?) { should eql true }
         end
 
-        context 'when version >= last_version' do
+        context 'when version >= latest_version' do
           let(:version_number) { '3.0' }
 
           its(:outdated?) { should eql false }
@@ -110,7 +145,7 @@ describe WPScan::Model::Plugin do
       end
     end
 
-    context 'when no last_version' do
+    context 'when no latest_version' do
       let(:slug) { 'vulnerable-not-popular' }
 
       context 'when no version' do
@@ -133,13 +168,16 @@ describe WPScan::Model::Plugin do
   end
 
   describe '#vulnerabilities' do
+    before { allow(plugin).to receive(:db_data).and_return(db_data) }
+
     after do
       expect(plugin.vulnerabilities).to eq @expected
       expect(plugin.vulnerable?).to eql @expected.empty? ? false : true
     end
 
     context 'when plugin not in the DB' do
-      let(:slug) { 'not-in-db' }
+      let(:slug)    { 'not-in-db' }
+      let(:db_data) { {} }
 
       it 'returns an empty array' do
         @expected = []
@@ -148,7 +186,8 @@ describe WPScan::Model::Plugin do
 
     context 'when in the DB' do
       context 'when no vulnerabilities' do
-        let(:slug) { 'no-vulns-popular' }
+        let(:slug)    { 'no-vulns-popular' }
+        let(:db_data) { vuln_api_data_for('plugins/no-vulns-popular') }
 
         it 'returns an empty array' do
           @expected = []
@@ -156,11 +195,13 @@ describe WPScan::Model::Plugin do
       end
 
       context 'when vulnerabilities' do
-        let(:slug) { 'vulnerable-not-popular' }
+        let(:slug)    { 'vulnerable-not-popular' }
+        let(:db_data) { vuln_api_data_for('plugins/vulnerable-not-popular') }
+
         let(:all_vulns) do
           [
             WPScan::Vulnerability.new(
-              'First Vuln',
+              'First Vuln <= 6.3.10 - LFI',
               { wpvulndb: '1' },
               'LFI',
               '6.3.10'

spec/app/models/theme_spec.rb

@@ -10,10 +10,9 @@ describe WPScan::Model::Theme do
   before { expect(blog).to receive(:content_dir).at_least(1).and_return('wp-content') }
 
   describe '#new' do
-    before do
-      stub_request(:get, /.*\.css\z/)
-        .to_return(body: File.read(fixtures.join('style.css')))
-    end
+    before { stub_request(:get, /.*\.css\z/).to_return(body: File.read(fixture)) }
+
+    let(:fixture) { fixtures.join('style.css') }
 
     its(:url) { should eql 'http://wp.lab/wp-content/themes/spec/' }
     its(:style_url) { should eql 'http://wp.lab/wp-content/themes/spec/style.css' }
@@ -34,6 +33,14 @@ describe WPScan::Model::Theme do
 
       its(:style_url) { should eql opts[:style_url] }
     end
+
+    context 'when some new lines are stripped' do
+      let(:fixture) { fixtures.join('stripped_new_lines.css') }
+
+      its(:style_name)  { should eql 'Divi' }
+      its(:style_uri)   { should eql 'http://www.elegantthemes.com/gallery/divi/' }
+      its(:license_uri) { should eql 'http://www.gnu.org/licenses/gpl-2.0.html' }
+    end
   end
 
   describe '#version' do
@@ -86,8 +93,179 @@ describe WPScan::Model::Theme do
     end
   end
 
+  describe '#latest_version, #last_updated, #popular' do
+    before do
+      stub_request(:get, /.*\.css\z/)
+      allow(theme).to receive(:db_data).and_return(db_data)
+    end
+
+    context 'when no db_data and no metadata' do
+      let(:slug)    { 'not-known' }
+      let(:db_data) { {} }
+
+      its(:latest_version) { should be_nil }
+      its(:last_updated) { should be_nil }
+      its(:popular?) { should be false }
+    end
+
+    context 'when no db_data but metadata' do
+      let(:slug) { 'no-vulns-popular' }
+      let(:db_data) { {} }
+
+      its(:latest_version) { should eql WPScan::Model::Version.new('2.0') }
+      its(:last_updated) { should eql '2015-05-16T00:00:00.000Z' }
+      its(:popular?) { should be true }
+    end
+
+    context 'when db_data' do
+      let(:slug) { 'no-vulns-popular' }
+      let(:db_data) { vuln_api_data_for('themes/no-vulns-popular') }
+
+      its(:latest_version) { should eql WPScan::Model::Version.new('2.2') }
+      its(:last_updated) { should eql '2015-05-16T00:00:00.000Z-via-api' }
+      its(:popular?) { should be true }
+    end
+  end
+
+  describe '#outdated?' do
+    before do
+      stub_request(:get, /.*\.css\z/)
+      allow(theme).to receive(:db_data).and_return({})
+    end
+
+    context 'when last_version' do
+      let(:slug) { 'no-vulns-popular' }
+
+      context 'when no version' do
+        before { expect(theme).to receive(:version).at_least(1).and_return(nil) }
+
+        its(:outdated?) { should eql false }
+      end
+
+      context 'when version' do
+        before do
+          expect(theme)
+            .to receive(:version)
+            .at_least(1)
+            .and_return(WPScan::Model::Version.new(version_number))
+        end
+
+        context 'when version < latest_version' do
+          let(:version_number) { '1.2' }
+
+          its(:outdated?) { should eql true }
+        end
+
+        context 'when version >= latest_version' do
+          let(:version_number) { '3.0' }
+
+          its(:outdated?) { should eql false }
+        end
+      end
+    end
+
+    context 'when no latest_version' do
+      let(:slug) { 'vulnerable-not-popular' }
+
+      context 'when no version' do
+        before { expect(theme).to receive(:version).at_least(1).and_return(nil) }
+
+        its(:outdated?) { should eql false }
+      end
+
+      context 'when version' do
+        before do
+          expect(theme)
+            .to receive(:version)
+            .at_least(1)
+            .and_return(WPScan::Model::Version.new('1.0'))
+        end
+
+        its(:outdated?) { should eql false }
+      end
+    end
+  end
+
   describe '#vulnerabilities' do
-    xit
+    before do
+      stub_request(:get, /.*\.css\z/)
+      allow(theme).to receive(:db_data).and_return(db_data)
+    end
+
+    after do
+      expect(theme.vulnerabilities).to eq @expected
+      expect(theme.vulnerable?).to eql @expected.empty? ? false : true
+    end
+
+    context 'when theme not in the DB' do
+      let(:slug)    { 'not-in-db' }
+      let(:db_data) { {} }
+
+      it 'returns an empty array' do
+        @expected = []
+      end
+    end
+
+    context 'when in the DB' do
+      context 'when no vulnerabilities' do
+        let(:slug)    { 'no-vulns-popular' }
+        let(:db_data) { vuln_api_data_for('themes/no-vulns-popular') }
+
+        it 'returns an empty array' do
+          @expected = []
+        end
+      end
+
+      context 'when vulnerabilities' do
+        let(:slug)    { 'vulnerable-not-popular' }
+        let(:db_data) { vuln_api_data_for('themes/vulnerable-not-popular') }
+
+        let(:all_vulns) do
+          [
+            WPScan::Vulnerability.new(
+              'First Vuln',
+              { wpvulndb: '1' },
+              'LFI',
+              '6.3.10'
+            ),
+            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+          ]
+        end
+
+        context 'when no theme version' do
+          before { expect(theme).to receive(:version).at_least(1).and_return(false) }
+
+          it 'returns all the vulnerabilities' do
+            @expected = all_vulns
+          end
+        end
+
+        context 'when theme version' do
+          before do
+            expect(theme)
+              .to receive(:version)
+              .at_least(1)
+              .and_return(WPScan::Model::Version.new(number))
+          end
+
+          context 'when < to a fixed_in' do
+            let(:number) { '5.0' }
+
+            it 'returns it' do
+              @expected = all_vulns
+            end
+          end
+
+          context 'when >= to a fixed_in' do
+            let(:number) { '6.3.10' }
+
+            it 'does not return it ' do
+              @expected = [all_vulns.last]
+            end
+          end
+        end
+      end
+    end
   end
 
   describe '#parent_theme' do

spec/app/models/wp_version_spec.rb

@@ -40,11 +40,13 @@ describe WPScan::Model::WpVersion do
 
   describe '#vulnerabilities' do
     subject(:version) { described_class.new(number) }
+    before { allow(version).to receive(:db_data).and_return(db_data) }
 
     context 'when no vulns' do
       let(:number) { '4.4' }
+      let(:db_data) { { 'vulnerabilities' => [] } }
 
-      its(:vulnerabilities) { should eql([]) }
+      its(:vulnerabilities) { should be_empty }
     end
 
     context 'when vulnerable' do
@@ -53,13 +55,30 @@ describe WPScan::Model::WpVersion do
         expect(version).to be_vulnerable
       end
 
+      let(:all_vulns) do
+        [
+          WPScan::Vulnerability.new(
+            'WP 3.8.1 - Vuln 1',
+            { wpvulndb: '1' },
+            'SQLI'
+          ),
+          WPScan::Vulnerability.new(
+            'WP 3.8.1 - Vuln 2',
+            { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
+            nil,
+            '3.8.2'
+          )
+        ]
+      end
+
       context 'when a signle vuln' do
-        let(:number) { '3.8' }
+        let(:number) { '3.8.1' }
+        let(:db_data) { vuln_api_data_for('wordpresses/38') }
 
         it 'returns the expected result' do
           @expected = [WPScan::Vulnerability.new(
             'WP 3.8 - Vuln 1',
-            { url: %w[url-4], osvdb: %w[11], wpvulndb: '3' },
+            { url: %w[url-4], wpvulndb: '3' },
             'AUTHBYPASS'
           )]
         end
@@ -67,6 +86,7 @@ describe WPScan::Model::WpVersion do
 
       context 'when multiple vulns' do
         let(:number) { '3.8.1' }
+        let(:db_data) { vuln_api_data_for('wordpresses/381') }
 
         it 'returns the expected results' do
           @expected = [
@@ -77,7 +97,7 @@ describe WPScan::Model::WpVersion do
             ),
             WPScan::Vulnerability.new(
               'WP 3.8.1 - Vuln 2',
-              { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
+              { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
               nil,
               '3.8.2'
             )
@@ -87,27 +107,30 @@ describe WPScan::Model::WpVersion do
     end
   end
 
-  describe '#release_date' do
+  describe '#metadata, #release_date, #status' do
     subject(:version) { described_class.new('3.8.1') }
 
-    its(:release_date) { should eql '2014-01-23' }
+    before { allow(version).to receive(:db_data).and_return(db_data) }
 
-    context 'when the version is not in the DB' do
-      subject(:version) { described_class.new('3.8.2') }
+    context 'when no db_data' do
+      let(:db_data) { {} }
 
-      its(:release_date) { should eql 'Unknown' }
+      its(:release_date) { should eql '2014-01-23' }
+      its(:status) { should eql 'outdated' }
+
+      context 'when the version is not in the metadata' do
+        subject(:version) { described_class.new('3.8.2') }
+
+        its(:release_date) { should eql 'Unknown' }
+        its(:status) { should eql 'Unknown' }
+      end
     end
-  end
 
-  describe '#status' do
-    subject(:version) { described_class.new('3.8.1') }
+    context 'when db_data' do
+      let(:db_data) { vuln_api_data_for('wordpresses/381') }
 
-    its(:status) { should eql 'outdated' }
-
-    context 'when the version is not in the DB' do
-      subject(:version) { described_class.new('3.8.2') }
-
-      its(:release_date) { should eql 'Unknown' }
+      its(:release_date) { should eql '2014-01-23-via-api' }
+      its(:status) { should eql 'outdated-via-api' }
     end
   end
 end

spec/app/views_spec.rb

@@ -9,6 +9,7 @@ describe 'App::Views' do
   # in the expected output.
   %i[JSON CliNoColour].each do |formatter|
     context "when #{formatter}" do
+      it_behaves_like 'App::Views::VulnApi'
       it_behaves_like 'App::Views::WpVersion'
       it_behaves_like 'App::Views::MainTheme'
       it_behaves_like 'App::Views::Enumeration'

spec/fixtures/db/metadata.json

@@ -0,0 +1,56 @@
+{
+  "wordpress": {
+    "4.0": {
+      "release_date": "2014-09-04",
+      "status": "latest"
+    },
+    "3.8.1": {
+      "release_date": "2014-01-23",
+      "status": "outdated"
+    },
+    "3.8": {
+      "release_date": "2013-12-12",
+      "status": "insecure"
+    }
+  },
+  "plugins": {
+    "no-vulns-popular": {
+      "vulnerabilities": false,
+      "popular": true,
+      "latest_version": "2.0",
+      "last_updated": "2015-05-16T00:00:00.000Z"
+    },
+    "vulnerable-not-popular": {
+      "latest_version": null,
+      "last_updated": null,
+      "popular": false,
+      "vulnerabilities": true
+    }
+  },
+  "themes": {
+    "no-vulns-popular": {
+      "popular": true,
+      "latest_version": "2.0",
+      "last_updated": "2015-05-16T00:00:00.000Z",
+      "vulnerabilities": false
+    },
+    "vulnerable-not-popular": {
+      "latest_version": null,
+      "last_updated": null,
+      "popular": false,
+      "vulnerabilities": true
+    },
+    "dignitas-themes": {
+      "popular": true,
+      "latest_version": null,
+      "last_updated": null,
+      "vulnerabilities" : true
+    },
+    "yaaburnee-themes": {
+      "popular": false,
+      "latest_version": null,
+      "last_updated": null,
+      "vulnerabilities" : true
+    }
+  }
+}

spec/fixtures/db/plugins.json

@@ -1,25 +0,0 @@
-{
-  "no-vulns-popular": {
-    "vulnerabilities": [],
-    "popular": true,
-    "latest_version": "2.0",
-    "last_updated": "2015-05-16T00:00:00.000Z"
-  },
-  "vulnerable-not-popular": {
-    "latest_version": null,
-    "last_updated": null,
-    "popular": false,
-    "vulnerabilities" : [
-      {
-        "title" : "First Vuln",
-        "fixed_in" : "6.3.10",
-        "id" : 1,
-        "vuln_type": "LFI"
-      },
-      {
-        "title": "No Fixed In",
-        "id": 2
-      }
-    ]
-  }
-}

spec/fixtures/db/sponsor.txt

@@ -0,0 +1 @@
+Sponsored By Kittens

spec/fixtures/db/themes.json

@@ -1,48 +0,0 @@
-{
-  "no-vulns-popular": {
-    "popular": true,
-    "latest_version": "2.0",
-    "last_updated": "2015-05-16T00:00:00.000Z",
-    "vulnerabilities": []
-  },
-  "dignitas-themes": {
-    "popular": true,
-    "latest_version": null,
-    "last_updated": null,
-    "vulnerabilities" : [
-      {
-        "created_at" : "2015-03-05T19:25:59.000Z",
-        "updated_at" : "2015-03-05T19:37:47.000Z",
-        "references": {
-          "url" : [
-            "http://research.evex.pw/?vuln=6",
-            "http://packetstormsecurity.com/files/130652/"
-          ]
-          },
-       "title" : "Dignitas 1.1.9 - Privilage Escalation",
-       "id" : 7825,
-       "vuln_type" : "AUTHBYPASS"
-        }
-     ]
-  },
-  "yaaburnee-themes": {
-    "popular": false,
-    "latest_version": null,
-    "last_updated": null,
-    "vulnerabilities" : [
-      {
-        "created_at" : "2015-03-05T19:25:44.000Z",
-        "updated_at" : "2015-03-05T19:41:14.000Z",
-        "references": {
-          "url" : [
-            "http://research.evex.pw/?vuln=6",
-            "http://packetstormsecurity.com/files/130652/"
-          ]
-        },
-        "title" : "Ya'aburnee 1.0.7 - Privilage Escalation",
-        "id" : 7824,
-        "vuln_type" : "AUTHBYPASS"
-      }
-    ]
-  }
-}

spec/fixtures/db/vuln_api/plugins/no-vulns-popular.json

@@ -0,0 +1,6 @@
+{
+  "vulnerabilities": [],
+  "popular": true,
+  "latest_version": "2.1",
+  "last_updated": "2015-05-16T00:00:00.000Z-via-api"
+}

spec/fixtures/db/vuln_api/plugins/vulnerable-not-popular.json

@@ -0,0 +1,17 @@
+{
+  "latest_version": null,
+  "last_updated": null,
+  "popular": false,
+  "vulnerabilities" : [
+    {
+      "title" : "First Vuln \u003c= 6.3.10 - LFI",
+      "fixed_in" : "6.3.10",
+      "id" : 1,
+      "vuln_type": "LFI"
+    },
+    {
+      "title": "No Fixed In",
+      "id": 2
+    }
+  ]
+}

spec/fixtures/db/vuln_api/themes/dignitas-themes.json

@@ -0,0 +1,22 @@
+{
+  "popular": true,
+  "latest_version": null,
+  "last_updated": null,
+  "vulnerabilities" : [
+    {
+      "created_at" : "2015-03-05T19:25:59.000Z",
+      "updated_at" : "2015-03-05T19:37:47.000Z",
+      "references": {
+        "url" : [
+          "http://research.evex.pw/?vuln=6"
+        ],
+        "packetstorm": [
+          "130652"
+        ]
+      },
+     "title" : "Dignitas 1.1.9 - Privilage Escalation",
+     "id" : 7825,
+     "vuln_type" : "AUTHBYPASS"
+    }
+  ]
+}

spec/fixtures/db/vuln_api/themes/no-vulns-popular.json

@@ -0,0 +1,6 @@
+{
+  "popular": true,
+  "latest_version": "2.2",
+  "last_updated": "2015-05-16T00:00:00.000Z-via-api",
+  "vulnerabilities": []
+}

spec/fixtures/db/vuln_api/themes/vulnerable-not-popular.json

@@ -0,0 +1,17 @@
+{
+  "latest_version": null,
+  "last_updated": null,
+  "popular": false,
+  "vulnerabilities" : [
+    {
+      "title" : "First Vuln",
+      "fixed_in" : "6.3.10",
+      "id" : 1,
+      "vuln_type": "LFI"
+    },
+    {
+      "title": "No Fixed In",
+      "id": 2
+    }
+  ]
+}

spec/fixtures/db/vuln_api/themes/yaaburnee-themes.json

@@ -0,0 +1,22 @@
+{
+  "popular": false,
+  "latest_version": null,
+  "last_updated": null,
+  "vulnerabilities" : [
+    {
+      "created_at" : "2015-03-05T19:25:44.000Z",
+      "updated_at" : "2015-03-05T19:41:14.000Z",
+      "references": {
+        "url" : [
+          "http://research.evex.pw/?vuln=6",
+        ],
+        "packetstorm": [
+          "130652"
+        ]
+      },
+      "title" : "Ya'aburnee 1.0.7 - Privilage Escalation",
+      "id" : 7824,
+      "vuln_type" : "AUTHBYPASS"
+    }
+  ]
+}

spec/fixtures/db/vuln_api/wordpresses/38.json

@@ -0,0 +1,17 @@
+{
+  "release_date" : "2013-12-12",
+  "status": "insecure",
+  "vulnerabilities" : [
+    {
+      "references": {
+        "url" : ["url-4"],
+        "osvdb" : ["11"]
+      },
+      "created_at" : "2014-08-01T10:58:19.000Z",
+      "updated_at" : "2014-09-16T15:45:26.000Z",
+      "title" : "WP 3.8 - Vuln 1",
+      "id" : 3,
+      "vuln_type" : "AUTHBYPASS"
+    }
+  ]
+}

spec/fixtures/db/vuln_api/wordpresses/381.json

@@ -0,0 +1,27 @@
+{
+  "release_date" : "2014-01-23-via-api",
+  "status": "outdated-via-api",
+  "vulnerabilities" : [
+    {
+      "created_at" : "2014-08-01T10:58:19.000Z",
+      "updated_at" : "2014-09-16T13:52:17.000Z",
+      "title" : "WP 3.8.1 - Vuln 1",
+      "id" : 1,
+      "vuln_type" : "SQLI",
+      "published_date" : null,
+      "fixed_in" : null
+     },
+     {
+      "references" : {
+        "cve" : ["2014-0166"],
+        "osvdb" : ["10"],
+        "url" : ["url-2","url-3"]
+      },
+      "fixed_in" : "3.8.2",
+      "created_at" : "2014-08-01T10:58:19.000Z",
+      "updated_at" : "2014-09-16T13:53:11.000Z",
+      "id" : 2,
+      "title" : "WP 3.8.1 - Vuln 2"
+    }
+  ]
+}

spec/fixtures/db/vuln_api/wordpresses/40.json

@@ -0,0 +1,4 @@
+{
+  "release_date" : "2014-09-04",
+  "status": "latest"
+}

spec/fixtures/db/wordpresses.json

@@ -1,50 +0,0 @@
-{
-  "4.0": {
-    "release_date" : "2014-09-04",
-    "status": "latest"
-  },
-  "3.8.1": {
-    "release_date" : "2014-01-23",
-    "status": "outdated",
-    "vulnerabilities" : [
-      {
-        "created_at" : "2014-08-01T10:58:19.000Z",
-        "updated_at" : "2014-09-16T13:52:17.000Z",
-        "title" : "WP 3.8.1 - Vuln 1",
-        "id" : 1,
-        "vuln_type" : "SQLI",
-        "published_date" : null,
-        "fixed_in" : null
-       },
-       {
-        "references" : {
-          "cve" : ["2014-0166"],
-          "osvdb" : ["10"],
-          "url" : ["url-2","url-3"]
-        },
-        "fixed_in" : "3.8.2",
-        "created_at" : "2014-08-01T10:58:19.000Z",
-        "updated_at" : "2014-09-16T13:53:11.000Z",
-        "id" : 2,
-        "title" : "WP 3.8.1 - Vuln 2"
-      }
-    ]
-   },
-   "3.8": {
-    "release_date" : "2013-12-12",
-    "status": "insecure",
-    "vulnerabilities" : [
-      {
-        "references": {
-          "url" : ["url-4"],
-          "osvdb" : ["11"]
-        },
-        "created_at" : "2014-08-01T10:58:19.000Z",
-        "updated_at" : "2014-09-16T15:45:26.000Z",
-        "title" : "WP 3.8 - Vuln 1",
-        "id" : 3,
-        "vuln_type" : "AUTHBYPASS"
-      }
-    ]
-  }
-}

spec/fixtures/dynamic_finders/plugin_version/acf-dropzone/translation_file/languages/acf-dropzone.pot

@@ -0,0 +1,63 @@
+# Copyright (C) 2019 Jörn Lund
+# This file is distributed under the same license as the ACF Dropzone plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: ACF Dropzone 1.0.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/acf-dropzone\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-07-04T10:29:43+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.1.0\n"
+"X-Domain: acf-dropzone\n"
+
+#. Plugin Name of the plugin
+msgid "ACF Dropzone"
+msgstr ""
+
+#. Plugin URI of the plugin
+msgid "https://github.com/mcguffin/acf-dropzone"
+msgstr ""
+
+#. Description of the plugin
+msgid "Drag and drop file upload for ACF-Fields."
+msgstr ""
+
+#. Author of the plugin
+msgid "Jörn Lund"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://github.com/mcguffin"
+msgstr ""
+
+#: include/AcfDropzone/Compat/ACF.php:47
+#: tmp/svn/tags/1.0.0/include/AcfDropzone/Compat/ACF.php:47
+#: tmp/svn/trunk/include/AcfDropzone/Compat/ACF.php:47
+#: tmp/git/include/AcfDropzone/Compat/ACF.php:47
+msgid "Enable Dropzone"
+msgstr ""
+
+#: include/AcfDropzone/Compat/ACF.php:103
+#: tmp/svn/tags/1.0.0/include/AcfDropzone/Compat/ACF.php:103
+#: tmp/svn/trunk/include/AcfDropzone/Compat/ACF.php:103
+#: tmp/git/include/AcfDropzone/Compat/ACF.php:103
+msgid "Dismiss this notice."
+msgstr ""
+
+#: include/AcfDropzone/Compat/ACF.php:107
+#: tmp/svn/tags/1.0.0/include/AcfDropzone/Compat/ACF.php:107
+#: tmp/svn/trunk/include/AcfDropzone/Compat/ACF.php:107
+#: tmp/git/include/AcfDropzone/Compat/ACF.php:107
+msgid "Drop files here"
+msgstr ""
+
+#: include/AcfDropzone/Compat/ACF.php:108
+#: tmp/svn/tags/1.0.0/include/AcfDropzone/Compat/ACF.php:108
+#: tmp/svn/trunk/include/AcfDropzone/Compat/ACF.php:108
+#: tmp/git/include/AcfDropzone/Compat/ACF.php:108
+msgid "or"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/acf-duplicate-repeater/translation_file/languages/acf-duplicate-repeater.pot

@@ -0,0 +1,58 @@
+# Copyright (C) 2019 Jörn Lund
+# This file is distributed under the same license as the ACF Duplicate Repeater plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: ACF Duplicate Repeater 2.0.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/acf-duplicate-repeater\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-08-22T14:32:38+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.2.0\n"
+"X-Domain: acf-duplicate-repeater\n"
+
+#. Plugin Name of the plugin
+msgid "ACF Duplicate Repeater"
+msgstr ""
+
+#. Plugin URI of the plugin
+msgid "https://github.com/mcguffin/acf-duplicate-repeater"
+msgstr ""
+
+#. Description of the plugin
+msgid "Duplicate Repeater and Layout Fields in ACF Pro"
+msgstr ""
+
+#. Author of the plugin
+msgid "Jörn Lund"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://github.com/mcguffin"
+msgstr ""
+
+#. Translators: ACF-Pro URL
+#: include/ACFDuplicateRepeater/Core/Core.php:69
+msgid "The ACF Duplicate Repeater plugin only provides support for <a href=\"%s\">ACF Pro 5.7</a> and up."
+msgstr ""
+
+#. Translators: Plugins page URL
+#: include/ACFDuplicateRepeater/Core/Core.php:78
+msgid "Please upgrade ACF Pro to the latest Version on the <a href=\"%s\">plugins page</a>."
+msgstr ""
+
+#. Translators: Plugins page URL
+#: include/ACFDuplicateRepeater/Core/Core.php:87
+msgid "You can disable and uninstall the plugin on the <a href=\"%2$s\">plugins page</a>."
+msgstr ""
+
+#: include/ACFDuplicateRepeater/Core/Core.php:123
+msgid "Duplicate Entry"
+msgstr ""
+
+#: include/ACFDuplicateRepeater/Core/Core.php:127
+msgid "Duplicate Layout"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/acf-flexible-content-extended/change_log/CHANGELOG.md

@@ -0,0 +1,4 @@
+# Changelog ##
+
+## 1.0.0 - 26 Aug 2019
+* Initial release

spec/fixtures/dynamic_finders/plugin_version/acf-flexible-content-preview/change_log/CHANGELOG.md

@@ -0,0 +1,4 @@
+# Changelog ##
+
+## 1.0.0 - 16 Aug 2019
+* Initial release