Updates spec for #1342

Updates class comment
Fixes #1342
2019-05-03 14:25:17 +01:00 · 2019-05-03 14:23:04 +01:00 · 2019-05-03 14:04:50 +01:00
333 changed files with 670 additions and 92483 deletions
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -8,12 +8,10 @@ ClassVars:
  Enabled: false
 LineLength:
  Max: 120
 Lint/UriEscapeUnescape:
  Enabled: false
 MethodLength:
  Max: 20
-  Exclude:
+Lint/UriEscapeUnescape:
-  - 'app/controllers/enumeration/cli_options.rb'
+  Enabled: false
 Metrics/AbcSize:
  Max: 25
 Metrics/BlockLength:
@@ -21,14 +19,9 @@ Metrics/BlockLength:
  - 'spec/**/*'
 Metrics/ClassLength:
  Max: 150
  Exclude:
  - 'app/controllers/enumeration/cli_options.rb'
 Metrics/CyclomaticComplexity:
  Max: 8
 Style/Documentation:
  Enabled: false
 Style/FormatStringToken:
  Enabled: false
 Style/NumericPredicate:
  Exclude:
  - 'app/controllers/vuln_api.rb'
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM ruby:2.6.3-alpine AS builder
+FROM ruby:2.6.2-alpine3.9 AS builder
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 ARG BUNDLER_ARGS="--jobs=8 --without test development"
@@ -19,7 +19,7 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle
-FROM ruby:2.6.3-alpine
+FROM ruby:2.6.2-alpine3.9
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 RUN adduser -h /wpscan -g WPScan -D wpscan
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@
  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
  <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
  <a href="https://www.patreon.com/wpscan" target="_blank"><img src="https://img.shields.io/badge/patreon-donate-green.svg"></a>
 </p>
 # INSTALL
@@ -29,7 +30,6 @@
 - Curl >= 7.21  - Recommended: latest
  - The 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
 ### From RubyGems (Recommended)
@@ -84,46 +84,33 @@ For more options, open a terminal and type ```wpscan --help``` (if you built wps
 The DB is located at ~/.wpscan/db
 ## Load CLI options from file/s
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
- ~/.wpscan/scan.json
+- ~/.wpscan/cli_options.json
- ~/.wpscan/scan.yml
+- ~/.wpscan/cli_options.yml
- pwd/.wpscan/scan.json
+- pwd/.wpscan/cli_options.json
- pwd/.wpscan/scan.yml
+- pwd/.wpscan/cli_options.yml
-If those files exist, options from the `cli_options` key will be loaded and overridden if found twice.
+If those files exist, options from them will be loaded and overridden if found twice.
 e.g:
-~/.wpscan/scan.yml:
+~/.wpscan/cli_options.yml:
 ```yml
-cli_options:
+proxy: 'http://127.0.0.1:8080'
-  proxy: 'http://127.0.0.1:8080'
+verbose: true
  verbose: true
 ```
-pwd/.wpscan/scan.yml:
+pwd/.wpscan/cli_options.yml:
 ```yml
-cli_options:
+proxy: 'socks5://127.0.0.1:9090'
-  proxy: 'socks5://127.0.0.1:9090'
+url: 'http://target.tld'
  url: 'http://target.tld'
 ```
 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
 ## Save API Token in a file
 The feature mentioned above is useful to keep the API Token in a config file and not have to supply it via the CLI each time. To do so, create the ~/.wpscan/scan.yml file containing the below:
 ```yml
 cli_options:
  api_token: YOUR_API_TOKEN
 ```
 Enumerating usernames
 ```shell
--- a/app/controllers.rb
+++ b/app/controllers.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 require_relative 'controllers/core'
 require_relative 'controllers/vuln_api'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
 require_relative 'controllers/main_theme'
--- a/app/controllers/enumeration.rb
+++ b/app/controllers/enumeration.rb
@@ -7,6 +7,15 @@ module WPScan
  module Controller
    # Enumeration Controller
    class Enumeration < CMSScanner::Controller::Base
      def before_scan
        DB::DynamicFinders::Plugin.create_versions_finders
        DB::DynamicFinders::Theme.create_versions_finders
        # Force the Garbage Collector to run due to the above method being
        # quite heavy in objects allocation
        GC.start
      end
      def run
        enum = ParsedCli.enumerate || {}
--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -11,6 +11,7 @@ module WPScan
      end
      # @return [ Array<OptParseValidator::OptBase> ]
      # rubocop:disable Metrics/MethodLength
      def cli_enum_choices
        [
          OptMultiChoices.new(
@@ -44,6 +45,7 @@ module WPScan
          )
        ]
      end
      # rubocop:enable Metrics/MethodLength
      # @return [ Array<OptParseValidator::OptBase> ]
      def cli_plugins_opts
@@ -65,11 +67,6 @@ module WPScan
             'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
             'or --plugins-detection modes.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
          ),
          OptInteger.new(
            ['--plugins-threshold THRESHOLD',
             'Raise an error when the number of detected plugins via known locations reaches the threshold. ' \
             'Set to 0 to ignore the threshold.'], default: 100
          )
        ]
      end
@@ -94,11 +91,6 @@ module WPScan
             'Use the supplied mode to check themes versions instead of the --detection-mode ' \
             'or --themes-detection modes.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          ),
          OptInteger.new(
            ['--themes-threshold THRESHOLD',
             'Raise an error when the number of detected themes via known locations reaches the threshold. ' \
             'Set to 0 to ignore the threshold.'], default: 20
          )
        ]
      end
--- a/app/controllers/enumeration/enum_methods.rb
+++ b/app/controllers/enumeration/enum_methods.rb
@@ -62,7 +62,6 @@ module WPScan
      def enum_plugins
        opts = default_opts('plugins').merge(
          list: plugins_list_from_opts(ParsedCli.options),
          threshold: ParsedCli.plugins_threshold,
          sort: true
        )
@@ -109,7 +108,6 @@ module WPScan
      def enum_themes
        opts = default_opts('themes').merge(
          list: themes_list_from_opts(ParsedCli.options),
          threshold: ParsedCli.themes_threshold,
          sort: true
        )
--- a/app/controllers/password_attack.rb
+++ b/app/controllers/password_attack.rb
@@ -65,43 +65,30 @@ module WPScan
        case ParsedCli.password_attack
        when :wp_login
-          Finders::Passwords::WpLogin.new(target)
+          WPScan::Finders::Passwords::WpLogin.new(target)
        when :xmlrpc
          raise Error::XMLRPCNotDetected unless xmlrpc
-          Finders::Passwords::XMLRPC.new(xmlrpc)
+          WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
        when :xmlrpc_multicall
          raise Error::XMLRPCNotDetected unless xmlrpc
-          Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+          WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
        end
      end
      # @return [ Boolean ]
      def xmlrpc_get_users_blogs_enabled?
        if xmlrpc&.enabled? &&
           xmlrpc.available_methods.include?('wp.getUsersBlogs') &&
           xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
                 .run.body !~ /XML\-RPC services are disabled/
          true
        else
          false
        end
      end
      # @return [ CMSScanner::Finders::Finder ]
      def attacker_from_automatic_detection
-        if xmlrpc_get_users_blogs_enabled?
+        if xmlrpc&.enabled? && xmlrpc.available_methods.include?('wp.getUsersBlogs')
          wp_version = target.wp_version
          if wp_version && wp_version < '4.4'
-            Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+            WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
          else
-            Finders::Passwords::XMLRPC.new(xmlrpc)
+            WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
          end
        else
-          Finders::Passwords::WpLogin.new(target)
+          WPScan::Finders::Passwords::WpLogin.new(target)
        end
      end
--- a/app/controllers/vuln_api.rb
+++ b/app/controllers/vuln_api.rb
@@ -1,30 +0,0 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Controller to handle the API token
    class VulnApi < CMSScanner::Controller::Base
      def cli_options
        [
          OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
        ]
      end
      def before_scan
        return unless ParsedCli.api_token
        DB::VulnApi.token = ParsedCli.api_token
        api_status = DB::VulnApi.status
        raise Error::InvalidApiToken if api_status['error']
        raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
        raise api_status['http_error'] if api_status['http_error']
      end
      def after_scan
        output('status', status: DB::VulnApi.status, api_requests: WPScan.api_requests)
      end
    end
  end
 end
--- a/app/controllers/wp_version.rb
+++ b/app/controllers/wp_version.rb
@@ -17,7 +17,7 @@ module WPScan
      end
      def before_scan
-        DB::DynamicFinders::Wordpress.create_versions_finders
+        WPScan::DB::DynamicFinders::Wordpress.create_versions_finders
      end
      def run
--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -20,9 +20,9 @@ module WPScan
          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
            if res.effective_url.end_with?('.zip')
-              next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
+              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
            else
-              next unless SQL_PATTERN.match?(res.body)
+              next unless res.body =~ SQL_PATTERN
            end
            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
--- a/app/finders/interesting_findings.rb
+++ b/app/finders/interesting_findings.rb
@@ -4,7 +4,7 @@ require_relative 'interesting_findings/readme'
 require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
-require_relative 'interesting_findings/backup_db'
+require_relative 'interesting_findings/plugin_backup_folders'
 require_relative 'interesting_findings/mu_plugins'
 require_relative 'interesting_findings/registration'
 require_relative 'interesting_findings/tmm_db_migrate'
@@ -24,7 +24,7 @@ module WPScan
          super(target)
          %w[
-            Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
+            Readme DebugLog FullPathDisclosure PluginBackupFolders DuplicatorInstallerLog
            Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
            UploadSQLDump EmergencyPwdResetScript WPCron
          ].each do |f|
--- a/app/finders/interesting_findings/backup_db.rb
+++ b/app/finders/interesting_findings/backup_db.rb
@@ -1,26 +0,0 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
      # BackupDB finder
      class BackupDB < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          path = 'wp-content/backup-db/'
          res  = target.head_and_get(path, [200, 403])
          return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
          Model::BackupDB.new(
            target.url(path),
            confidence: 70,
            found_by: DIRECT_ACCESS,
            interesting_entries: target.directory_listing_entries(path),
            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
          )
        end
      end
    end
  end
 end
--- a/app/finders/interesting_findings/duplicator_installer_log.rb
+++ b/app/finders/interesting_findings/duplicator_installer_log.rb
@@ -9,7 +9,7 @@ module WPScan
        def aggressive(_opts = {})
          path = 'installer-log.txt'
-          return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
+          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
          Model::DuplicatorInstallerLog.new(
            target.url(path),
--- a/app/finders/interesting_findings/mu_plugins.rb
+++ b/app/finders/interesting_findings/mu_plugins.rb
@@ -10,7 +10,7 @@ module WPScan
          pattern = %r{#{target.content_dir}/mu\-plugins/}i
          target.in_scope_uris(target.homepage_res) do |uri|
-            next unless uri.path&.match?(pattern)
+            next unless uri.path =~ pattern
            url = target.url('wp-content/mu-plugins/')
--- a/app/finders/interesting_findings/plugin_backup_folders.rb
+++ b/app/finders/interesting_findings/plugin_backup_folders.rb
@@ -0,0 +1,34 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
      # Known Backup Folders from Plugin finder
      class PluginBackupFolders < CMSScanner::Finders::Finder
        PATHS = %w[wp-content/backup-db/ wp-content/backups-dup-pro/ wp-content/updraft/].freeze
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          found = []
          PATHS.each do |path|
            res = target.head_and_get(path, [200, 403])
            next unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
            found << Model::PluginBackupFolder.new(
              target.url(path),
              confidence: 70,
              found_by: DIRECT_ACCESS,
              interesting_entries: target.directory_listing_entries(path),
              references: { url: ['https://github.com/wpscanteam/wpscan/issues/422',
                                  'https://github.com/wpscanteam/wpscan/issues/1342'] }
            )
          end
          found
        end
      end
    end
  end
 end
--- a/app/finders/interesting_findings/upload_sql_dump.rb
+++ b/app/finders/interesting_findings/upload_sql_dump.rb
@@ -12,7 +12,7 @@ module WPScan
          path = 'wp-content/uploads/dump.sql'
          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
-          return unless SQL_PATTERN.match?(res.body)
+          return unless res.body =~ SQL_PATTERN
          Model::UploadSQLDump.new(
            target.url(path),
--- a/app/finders/passwords/wp_login.rb
+++ b/app/finders/passwords/wp_login.rb
@@ -13,7 +13,7 @@ module WPScan
        def valid_credentials?(response)
          response.code == 302 &&
-            [*response.headers['Set-Cookie']]&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
+            response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
        end
        def errored_response?(response)
--- a/app/finders/plugin_version.rb
+++ b/app/finders/plugin_version.rb
@@ -13,15 +13,25 @@ module WPScan
        def initialize(plugin)
          finders << PluginVersion::Readme.new(plugin)
-          create_and_load_dynamic_versions_finders(plugin)
+          load_specific_finders(plugin)
        end
-        # Create the dynamic version finders related to the plugin and register them
+        # Load the finders associated with the plugin
        #
        # @param [ Model::Plugin ] plugin
-        def create_and_load_dynamic_versions_finders(plugin)
+        def load_specific_finders(plugin)
-          DB::DynamicFinders::Plugin.create_versions_finders(plugin.slug).each do |finder|
+          module_name = plugin.classify
-            finders << finder.new(plugin)
+
          return unless Finders::PluginVersion.constants.include?(module_name)
          mod = Finders::PluginVersion.const_get(module_name)
          mod.constants.each do |constant|
            c = mod.const_get(constant)
            next unless c.is_a?(Class)
            finders << c.new(plugin)
          end
        end
      end
--- a/app/finders/plugin_version/readme.rb
+++ b/app/finders/plugin_version/readme.rb
@@ -11,7 +11,7 @@ module WPScan
          # The target(plugin)#readme_url can't be used directly here
          # as if the --detection-mode is passive, it will always return nil
-          target.potential_readme_filenames.each do |file|
+          Model::WpItem::READMES.each do |file|
            res = target.head_and_get(file)
            next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?
@@ -52,7 +52,7 @@ module WPScan
          number = Regexp.last_match[1]
-          number if /[0-9]+/.match?(number)
+          number if number =~ /[0-9]+/
        end
        # @param [ String ] body
--- a/app/finders/plugins/body_pattern.rb
+++ b/app/finders/plugins/body_pattern.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'BodyPattern'
-      class BodyPattern < Finders::DynamicFinder::WpItems::Finder
+      class BodyPattern < WPScan::Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -15,7 +15,7 @@ module WPScan
        #
        # @return [ Plugin ] The detected plugin in the response, related to the config
        def process_response(opts, response, slug, klass, config)
-          return unless response.body&.match?(config['pattern'])
+          return unless response.body =~ config['pattern']
          Model::Plugin.new(
            slug,
--- a/app/finders/plugins/comment.rb
+++ b/app/finders/plugins/comment.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'Comment'
-      class Comment < Finders::DynamicFinder::WpItems::Finder
+      class Comment < WPScan::Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -18,7 +18,7 @@ module WPScan
          response.html.xpath(config['xpath'] || '//comment()').each do |node|
            comment = node.text.to_s.strip
-            next unless comment&.match?(config['pattern'])
+            next unless comment =~ config['pattern']
            return Model::Plugin.new(
              slug,
--- a/app/finders/plugins/config_parser.rb
+++ b/app/finders/plugins/config_parser.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'ConfigParser'
-      class ConfigParser < Finders::DynamicFinder::WpItems::Finder
+      class ConfigParser < WPScan::Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 40
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
--- a/app/finders/plugins/header_pattern.rb
+++ b/app/finders/plugins/header_pattern.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'HeaderPattern'
-      class HeaderPattern < Finders::DynamicFinder::WpItems::Finder
+      class HeaderPattern < WPScan::Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30
        # @param [ Hash ] opts
--- a/app/finders/plugins/javascript_var.rb
+++ b/app/finders/plugins/javascript_var.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'JavascriptVar'
-      class JavascriptVar < Finders::DynamicFinder::WpItems::Finder
+      class JavascriptVar < WPScan::Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 60
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
--- a/app/finders/plugins/known_locations.rb
+++ b/app/finders/plugins/known_locations.rb
@@ -21,8 +21,6 @@ module WPScan
          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
            found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
            raise Error::PluginsThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
          end
          found
--- a/app/finders/plugins/query_parameter.rb
+++ b/app/finders/plugins/query_parameter.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'QueryParameter'
-      class QueryParameter < Finders::DynamicFinder::WpItems::Finder
+      class QueryParameter < WPScan::Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 10
        def passive(_opts = {})
--- a/app/finders/plugins/xpath.rb
+++ b/app/finders/plugins/xpath.rb
@@ -4,7 +4,7 @@ module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'Xpath'
-      class Xpath < Finders::DynamicFinder::WpItems::Finder
+      class Xpath < WPScan::Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 40
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
--- a/app/finders/theme_version.rb
+++ b/app/finders/theme_version.rb
@@ -16,15 +16,25 @@ module WPScan
            ThemeVersion::Style.new(theme) <<
            ThemeVersion::WooFrameworkMetaGenerator.new(theme)
-          create_and_load_dynamic_versions_finders(theme)
+          load_specific_finders(theme)
        end
-        # Create the dynamic version finders related to the theme and register them
+        # Load the finders associated with the theme
        #
        # @param [ Model::Theme ] theme
-        def create_and_load_dynamic_versions_finders(theme)
+        def load_specific_finders(theme)
-          DB::DynamicFinders::Theme.create_versions_finders(theme.slug).each do |finder|
+          module_name = theme.classify
-            finders << finder.new(theme)
+
          return unless Finders::ThemeVersion.constants.include?(module_name)
          mod = Finders::ThemeVersion.const_get(module_name)
          mod.constants.each do |constant|
            c = mod.const_get(constant)
            next unless c.is_a?(Class)
            finders << c.new(theme)
          end
        end
      end
--- a/app/finders/themes/known_locations.rb
+++ b/app/finders/themes/known_locations.rb
@@ -21,8 +21,6 @@ module WPScan
          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
            raise Error::ThemesThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
          end
          found
--- a/app/finders/timthumbs/known_locations.rb
+++ b/app/finders/timthumbs/known_locations.rb
@@ -22,7 +22,7 @@ module WPScan
          found = []
          enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless /no image specified/i.match?(res.body)
+            next unless res.body =~ /no image specified/i
            found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
          end
--- a/app/finders/users/login_error_messages.rb
+++ b/app/finders/users/login_error_messages.rb
@@ -24,7 +24,7 @@ module WPScan
            return found if error.empty? # Protection plugin / error disabled
-            next unless /The password you entered for the username|Incorrect Password/i.match?(error)
+            next unless error =~ /The password you entered for the username|Incorrect Password/i
            found << Model::User.new(username, found_by: found_by, confidence: 100)
          end
--- a/app/finders/users/rss_generator.rb
+++ b/app/finders/users/rss_generator.rb
@@ -6,7 +6,7 @@ module WPScan
      # Users disclosed from the dc:creator field in the RSS
      # The names disclosed are display names, however depending on the configuration of the blog,
      # they can be the same than usernames
-      class RSSGenerator < Finders::WpVersion::RSSGenerator
+      class RSSGenerator < WPScan::Finders::WpVersion::RSSGenerator
        def process_urls(urls, _opts = {})
          found = []
--- a/app/finders/wp_version.rb
+++ b/app/finders/wp_version.rb
@@ -28,7 +28,7 @@ module WPScan
        # @param [ WPScan::Target ] target
        def initialize(target)
          (%w[RSSGenerator AtomGenerator RDFGenerator] +
-           DB::DynamicFinders::Wordpress.versions_finders_configs.keys +
+           WPScan::DB::DynamicFinders::Wordpress.versions_finders_configs.keys +
           %w[Readme UniqueFingerprinting]
          ).each do |finder_name|
            finders << WpVersion.const_get(finder_name.to_sym).new(target)
--- a/app/models/interesting_finding.rb
+++ b/app/models/interesting_finding.rb
@@ -10,7 +10,7 @@ module WPScan
    #
    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
    #
-    class BackupDB < InterestingFinding
+    class PluginBackupFolder < InterestingFinding
    end
    class DebugLog < InterestingFinding
--- a/app/models/plugin.rb
+++ b/app/models/plugin.rb
@@ -15,16 +15,9 @@ module WPScan
        @uri = Addressable::URI.parse(blog.url(path_from_blog))
      end
-      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # @return [ JSON ]
      # or the local metadata db otherwise
      # @return [ Hash ]
      def metadata
        @metadata ||= db_data.empty? ? DB::Plugin.metadata_at(slug) : db_data
      end
      # @return [ Hash ]
      def db_data
-        @db_data ||= DB::VulnApi.plugin_data(slug)
+        @db_data ||= DB::Plugin.db_data(slug)
      end
      # @param [ Hash ] opts
@@ -35,11 +28,6 @@ module WPScan
        @version
      end
      # @return [ Array<String> ]
      def potential_readme_filenames
        @potential_readme_filenames ||= [*(DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)]
      end
    end
  end
 end
--- a/app/models/theme.rb
+++ b/app/models/theme.rb
@@ -21,16 +21,9 @@ module WPScan
        parse_style
      end
      # Retrieve the metadata from the vuln API if available (and a valid token is given),
      # or the local metadata db otherwise
      # @return [ JSON ]
      def metadata
        @metadata ||= db_data.empty? ? DB::Theme.metadata_at(slug) : db_data
      end
      # @return [ Hash ]
      def db_data
-        @db_data ||= DB::VulnApi.theme_data(slug)
+        @db_data ||= DB::Theme.db_data(slug)
      end
      # @param [ Hash ] opts
--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -9,7 +9,6 @@ module WPScan
      include CMSScanner::Target::Platform::PHP
      include CMSScanner::Target::Server::Generic
      # Most common readme filenames, based on checking all public plugins and themes.
      READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
      attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
@@ -60,18 +59,18 @@ module WPScan
      # @return [ String ]
      def latest_version
-        @latest_version ||= metadata['latest_version'] ? Model::Version.new(metadata['latest_version']) : nil
+        @latest_version ||= db_data['latest_version'] ? Model::Version.new(db_data['latest_version']) : nil
      end
      # Not used anywhere ATM
      # @return [ Boolean ]
      def popular?
-        @popular ||= metadata['popular'] ? true : false
+        @popular ||= db_data['popular']
      end
      # @return [ String ]
      def last_updated
-        @last_updated ||= metadata['last_updated']
+        @last_updated ||= db_data['last_updated']
      end
      # @return [ Boolean ]
@@ -118,7 +117,7 @@ module WPScan
        return @readme_url unless @readme_url.nil?
-        potential_readme_filenames.each do |path|
+        READMES.each do |path|
          t_url = url(path)
          return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
@@ -127,10 +126,6 @@ module WPScan
        @readme_url = false
      end
      def potential_readme_filenames
        @potential_readme_filenames ||= READMES
      end
      # @param [ String ] path
      # @param [ Hash ] params The request params
      #
--- a/app/models/wp_version.rb
+++ b/app/models/wp_version.rb
@@ -35,16 +35,9 @@ module WPScan
        @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
      end
-      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # @return [ JSON ]
      # or the local metadata db otherwise
      # @return [ Hash ]
      def metadata
        @metadata ||= db_data.empty? ? DB::Version.metadata_at(number) : db_data
      end
      # @return [ Hash ]
      def db_data
-        @db_data ||= DB::VulnApi.wordpress_data(number)
+        @db_data ||= DB::Version.db_data(number)
      end
      # @return [ Array<Vulnerability> ]
@@ -62,12 +55,12 @@ module WPScan
      # @return [ String ]
      def release_date
-        @release_date ||= metadata['release_date'] || 'Unknown'
+        @release_date ||= db_data['release_date'] || 'Unknown'
      end
      # @return [ String ]
      def status
-        @status ||= metadata['status'] || 'Unknown'
+        @status ||= db_data['status'] || 'Unknown'
      end
    end
  end
--- a/app/views/cli/core/banner.erb
+++ b/app/views/cli/core/banner.erb
@@ -8,7 +8,7 @@ _______________________________________________________________
        WordPress Security Scanner by the WPScan Team
                       Version <%= WPScan::VERSION %>
-<%= ' ' * ((63 - WPScan::DB::Sponsor.text.length)/2) + WPScan::DB::Sponsor.text %>
+          Sponsored by Sucuri - https://sucuri.net
      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
 _______________________________________________________________
--- a/app/views/cli/enumeration/config_backups.erb
+++ b/app/views/cli/enumeration/config_backups.erb
@@ -5,7 +5,7 @@
 <%= notice_icon %> Config Backup(s) Identified:
 <% @config_backups.each do |config_backup| -%>
-<%= critical_icon %> <%= config_backup %>
+<%= info_icon %> <%= config_backup %>
 <%= render('@finding', item: config_backup) -%>
 <% end -%>
 <% end %>
--- a/app/views/cli/enumeration/db_exports.erb
+++ b/app/views/cli/enumeration/db_exports.erb
@@ -5,7 +5,7 @@
 <%= notice_icon %> Db Export(s) Identified:
 <% @db_exports.each do |db_export| -%>
-<%= critical_icon %> <%= db_export %>
+<%= info_icon %> <%= db_export %>
 <%= render('@finding', item: db_export) -%>
 <% end -%>
 <% end %>
--- a/app/views/cli/vuln_api/status.erb
+++ b/app/views/cli/vuln_api/status.erb
@@ -1,13 +0,0 @@
 <% unless @status.empty? -%>
 <% if @status['http_error'] -%>
 <%= critical_icon %> WPVulnDB API, <%= @status['http_error'].to_s %>
 <% else -%>
 <%= info_icon %> WPVulnDB API OK
 | Plan: <%= @status['plan'] %>
 | Requests Done (during the scan): <%= @api_requests %>
 | Requests Remaining: <%= @status['requests_remaining'] %>
 <% end -%>
 <% else -%>
 <%= warning_icon %> No WPVulnDB API Token given, as a result vulnerability data has not been output.
 <%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/register.
 <% end -%>
--- a/app/views/json/core/banner.erb
+++ b/app/views/json/core/banner.erb
@@ -7,5 +7,5 @@
    "@erwan_lr",
    "@_FireFart_"
  ],
-  "sponsor": <%= WPScan::DB::Sponsor.text.to_json %>
+  "sponsored_by": "Sucuri - https://sucuri.net"
 },
--- a/app/views/json/finding.erb
+++ b/app/views/json/finding.erb
@@ -11,10 +11,9 @@
  }<% unless index == last_index %>,<% end -%>
 <% end -%>
 <% end -%>
-}
+},
-<% if @item.respond_to?(:vulnerabilities) -%>
+"vulnerabilities": [
-,"vulnerabilities": [
+<% if @item.respond_to?(:vulnerabilities) && !(vulns = @item.vulnerabilities).empty? -%>
 <% unless (vulns = @item.vulnerabilities).empty? -%>
  <% last_index = vulns.size - 1 -%>
  <% vulns.each_with_index do |v, index| -%>
  {
@@ -24,5 +23,4 @@
  }<% unless index == last_index -%>,<% end -%>
  <% end -%>
 <% end -%>
-]
+]
 <% end -%>
--- a/app/views/json/vuln_api/status.erb
+++ b/app/views/json/vuln_api/status.erb
@@ -1,13 +0,0 @@
 "vuln_api": {
 <% unless @status.empty? -%>
 <% if @status['http_error'] -%>
 "http_error": <%= @status['http_error'].to_s.to_json %>
 <% else -%>
 "plan": <%= @status['plan'].to_json %>,
 "requests_done_during_scan": <%= @api_requests.to_json %>,
 "requests_remaining": <%= @status['requests_remaining'].to_json %>
 <% end -%>
 <% else -%>
 "error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/register."
 <% end -%>
 },
--- a/bin/wpscan
+++ b/bin/wpscan
@@ -5,7 +5,6 @@ require 'wpscan'
 WPScan::Scan.new do |s|
  s.controllers <<
    WPScan::Controller::VulnApi.new <<
    WPScan::Controller::CustomDirectories.new <<
    WPScan::Controller::InterestingFindings.new <<
    WPScan::Controller::WpVersion.new <<
--- a/bin/wpscan-memprof
+++ b/bin/wpscan-memprof
@@ -7,7 +7,6 @@ require 'wpscan'
 report = MemoryProfiler.report(top: 15) do
  WPScan::Scan.new do |s|
    s.controllers <<
      WPScan::Controller::VulnApi.new <<
      WPScan::Controller::CustomDirectories.new <<
      WPScan::Controller::InterestingFindings.new <<
      WPScan::Controller::WpVersion.new <<
--- a/bin/wpscan-stackprof
+++ b/bin/wpscan-stackprof
@@ -12,7 +12,6 @@ StackProf.run(mode: :cpu, out: '/tmp/stackprof-cpu.dump', interval: 500) do
  # require_relative 'wpscan' doesn't work
  WPScan::Scan.new do |s|
    s.controllers <<
      WPScan::Controller::VulnApi.new <<
      WPScan::Controller::CustomDirectories.new <<
      WPScan::Controller::InterestingFindings.new <<
      WPScan::Controller::WpVersion.new <<
--- a/lib/wpscan.rb
+++ b/lib/wpscan.rb
@@ -13,8 +13,7 @@ require 'uri'
 require 'time'
 require 'readline'
 require 'securerandom'
-# Monkey Patches/Fixes/Override
+
 require 'wpscan/typhoeus/response' # Adds a from_vuln_api? method
 # Custom Libs
 require 'wpscan/helper'
 require 'wpscan/db'
@@ -39,28 +38,12 @@ module WPScan
  APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
  DB_DIR  = Pathname.new(Dir.home).join('.wpscan', 'db')
  Typhoeus.on_complete do |response|
    next if response.cached? || !response.from_vuln_api?
    self.api_requests += 1
  end
  # Override, otherwise it would be returned as 'wp_scan'
  #
  # @return [ String ]
  def self.app_name
    'wpscan'
  end
  # @return [ Integer ]
  def self.api_requests
    @@api_requests ||= 0
  end
  # @param [ Integer ] value
  def self.api_requests=(value)
    @@api_requests = value
  end
 end
 require "#{WPScan::APP_DIR}/app"
--- a/lib/wpscan/browser.rb
+++ b/lib/wpscan/browser.rb
@@ -7,7 +7,7 @@ module WPScan
    # @return [ String ]
    def default_user_agent
-      @default_user_agent ||= "WPScan v#{VERSION} (https://wpscan.org/)"
+      "WPScan v#{VERSION} (https://wpscan.org/)"
    end
  end
 end
--- a/lib/wpscan/db.rb
+++ b/lib/wpscan/db.rb
@@ -7,12 +7,9 @@ require_relative 'db/plugins'
 require_relative 'db/themes'
 require_relative 'db/plugin'
 require_relative 'db/theme'
 require_relative 'db/sponsor'
 require_relative 'db/wp_version'
 require_relative 'db/fingerprints'
 require_relative 'db/vuln_api'
 require_relative 'db/dynamic_finders/base'
 require_relative 'db/dynamic_finders/plugin'
 require_relative 'db/dynamic_finders/theme'
--- a/lib/wpscan/db/dynamic_finders/base.rb
+++ b/lib/wpscan/db/dynamic_finders/base.rb
@@ -5,19 +5,18 @@ module WPScan
    module DynamicFinders
      class Base
        # @return [ String ]
-        def self.df_file
+        def self.db_file
-          @df_file ||= DB_DIR.join('dynamic_finders.yml').to_s
+          @db_file ||= DB_DIR.join('dynamic_finders.yml').to_s
        end
        # @return [ Hash ]
-        def self.all_df_data
+        def self.db_data
-          @all_df_data ||= YAML.safe_load(File.read(df_file), [Regexp])
+          # true allows aliases to be loaded
          @db_data ||= YAML.safe_load(File.read(db_file), [Regexp], [], true)
        end
        # @return [ Array<Symbol> ]
        def self.allowed_classes
          # The Readme is not put in there as it's not a Real DF, but rather using the DF system
          # to get the list of potential filenames for a given slug
          @allowed_classes ||= %i[Comment Xpath HeaderPattern BodyPattern JavascriptVar QueryParameter ConfigParser]
        end
--- a/lib/wpscan/db/dynamic_finders/plugin.rb
+++ b/lib/wpscan/db/dynamic_finders/plugin.rb
@@ -5,8 +5,8 @@ module WPScan
    module DynamicFinders
      class Plugin < Base
        # @return [ Hash ]
-        def self.df_data
+        def self.db_data
-          @df_data ||= all_df_data['plugins'] || {}
+          @db_data ||= super['plugins'] || {}
        end
        def self.version_finder_module
@@ -21,7 +21,7 @@ module WPScan
          return configs unless allowed_classes.include?(finder_class)
-          df_data.each do |slug, finders|
+          db_data.each do |slug, finders|
            # Quite sure better can be done with some kind of logic statement in the select
            fs = if aggressive
                   finders.reject { |_f, c| c['path'].nil? }
@@ -48,7 +48,7 @@ module WPScan
          @versions_finders_configs = {}
-          df_data.each do |slug, finders|
+          db_data.each do |slug, finders|
            finders.each do |finder_name, config|
              next unless config.key?('version')
@@ -73,33 +73,23 @@ module WPScan
          version_finder_module.const_get(constant_name)
        end
-        # Create the dynamic finders related to the given slug, and return the created classes
+        def self.create_versions_finders
-        #
+          versions_finders_configs.each do |slug, finders|
-        # @param [ String ] slug
+            mod = maybe_create_module(slug)
        #
        # @return [ Array<Class> ] The created classes
        def self.create_versions_finders(slug)
          created = []
          mod     = maybe_create_module(slug)
-          versions_finders_configs[slug]&.each do |finder_class, config|
+            finders.each do |finder_class, config|
-            klass = config['class'] || finder_class
+              klass = config['class'] || finder_class
-            # Instead of raising exceptions, skip unallowed/already defined finders
+              # Instead of raising exceptions, skip unallowed/already defined finders
-            # So that, when new DF configs are put in the .yml
+              # So that, when new DF configs are put in the .yml
-            # users with old version of WPScan will still be able to scan blogs
+              # users with old version of WPScan will still be able to scan blogs
-            # when updating the DB but not the tool
+              # when updating the DB but not the tool
              next if mod.constants.include?(finder_class.to_sym) ||
                      !allowed_classes.include?(klass.to_sym)
-            next unless allowed_classes.include?(klass.to_sym)
+              version_finder_super_class(klass).create_child_class(mod, finder_class.to_sym, config)
-
+            end
            created << if mod.constants.include?(finder_class.to_sym)
                         mod.const_get(finder_class.to_sym)
                       else
                         version_finder_super_class(klass).create_child_class(mod, finder_class.to_sym, config)
                       end
          end
          created
        end
        # The idea here would be to check if the class exist in
--- a/lib/wpscan/db/dynamic_finders/theme.rb
+++ b/lib/wpscan/db/dynamic_finders/theme.rb
@@ -5,8 +5,8 @@ module WPScan
    module DynamicFinders
      class Theme < Plugin
        # @return [ Hash ]
-        def self.df_data
+        def self.db_data
-          @df_data ||= all_df_data['themes'] || {}
+          @db_data ||= super['themes'] || {}
        end
        def self.version_finder_module
--- a/lib/wpscan/db/dynamic_finders/wordpress.rb
+++ b/lib/wpscan/db/dynamic_finders/wordpress.rb
@@ -5,8 +5,8 @@ module WPScan
    module DynamicFinders
      class Wordpress < Base
        # @return [ Hash ]
-        def self.df_data
+        def self.db_data
-          @df_data ||= all_df_data['wordpress'] || {}
+          @db_data ||= super['wordpress'] || {}
        end
        # @return [ Constant ]
@@ -30,9 +30,9 @@ module WPScan
          return configs unless allowed_classes.include?(finder_class)
          finders = if aggressive
-                      df_data.reject { |_f, c| c['path'].nil? }
+                      db_data.reject { |_f, c| c['path'].nil? }
                    else
-                      df_data.select { |_f, c| c['path'].nil? }
+                      db_data.select { |_f, c| c['path'].nil? }
                    end
          finders.each do |finder_name, config|
@@ -48,7 +48,7 @@ module WPScan
        # @return [ Hash ]
        def self.versions_finders_configs
-          @versions_finders_configs ||= df_data.select { |_finder_name, config| config.key?('version') }
+          @versions_finders_configs ||= db_data.select { |_finder_name, config| config.key?('version') }
        end
        def self.create_versions_finders
--- a/lib/wpscan/db/plugin.rb
+++ b/lib/wpscan/db/plugin.rb
@@ -4,9 +4,9 @@ module WPScan
  module DB
    # Plugin DB
    class Plugin < WpItem
-      # @return [ Hash ]
+      # @return [ String ]
-      def self.metadata
+      def self.db_file
-        @metadata ||= super['plugins'] || {}
+        @db_file ||= DB_DIR.join('plugins.json').to_s
      end
    end
  end
--- a/lib/wpscan/db/plugins.rb
+++ b/lib/wpscan/db/plugins.rb
@@ -5,8 +5,8 @@ module WPScan
    # WP Plugins
    class Plugins < WpItems
      # @return [ JSON ]
-      def self.metadata
+      def self.db
-        Plugin.metadata
+        Plugin.db
      end
    end
  end
--- a/lib/wpscan/db/sponsor.rb
+++ b/lib/wpscan/db/sponsor.rb
@@ -1,16 +0,0 @@
 # frozen_string_literal: true
 module WPScan
  module DB
    class Sponsor
      # @return [ Hash ]
      def self.text
        @text ||= file_path.exist? ? File.read(file_path).chomp : ''
      end
      def self.file_path
        @file_path ||= DB_DIR.join('sponsor.txt')
      end
    end
  end
 end
--- a/lib/wpscan/db/theme.rb
+++ b/lib/wpscan/db/theme.rb
@@ -4,9 +4,9 @@ module WPScan
  module DB
    # Theme DB
    class Theme < WpItem
-      # @return [ Hash ]
+      # @return [ String ]
-      def self.metadata
+      def self.db_file
-        @metadata ||= super['themes'] || {}
+        @db_file ||= DB_DIR.join('themes.json').to_s
      end
    end
  end
--- a/lib/wpscan/db/themes.rb
+++ b/lib/wpscan/db/themes.rb
@@ -5,8 +5,8 @@ module WPScan
    # WP Themes
    class Themes < WpItems
      # @return [ JSON ]
-      def self.metadata
+      def self.db
-        Theme.metadata
+        Theme.db
      end
    end
  end
--- a/lib/wpscan/db/updater.rb
+++ b/lib/wpscan/db/updater.rb
@@ -7,15 +7,12 @@ module WPScan
    class Updater
      # /!\ Might want to also update the Enumeration#cli_options when some filenames are changed here
      FILES = %w[
-        metadata.json wp_fingerprints.json
+        plugins.json themes.json wordpresses.json
        timthumbs-v3.txt config_backups.txt db_exports.txt
-        dynamic_finders.yml LICENSE sponsor.txt
+        dynamic_finders.yml wp_fingerprints.json LICENSE
      ].freeze
-      OLD_FILES = %w[
+      OLD_FILES = %w[wordpress.db user-agents.txt dynamic_finders_01.yml].freeze
        wordpress.db user-agents.txt dynamic_finders_01.yml
        wordpresses.json plugins.json themes.json
      ].freeze
      attr_reader :repo_directory
@@ -67,12 +64,11 @@ module WPScan
      # @return [ Hash ] The params for Typhoeus::Request
      # @note Those params can't be overriden by CLI options
      def request_params
-        @request_params ||= {
+        {
          timeout: 600,
          connecttimeout: 300,
          accept_encoding: 'gzip, deflate',
-          cache_ttl: 0,
+          cache_ttl: 0
          headers: { 'User-Agent' => Browser.instance.default_user_agent, 'Referer' => nil }
        }
      end
--- a/lib/wpscan/db/vuln_api.rb
+++ b/lib/wpscan/db/vuln_api.rb
@@ -1,78 +0,0 @@
 # frozen_string_literal: true
 module WPScan
  module DB
    # WPVulnDB API
    class VulnApi
      NON_ERROR_CODES = [200, 401, 404].freeze
      class << self
        attr_accessor :token
      end
      # @return [ Addressable::URI ]
      def self.uri
        @uri ||= Addressable::URI.parse('https://wpvulndb.com/api/v3/')
      end
      # @param [ String ] path
      # @param [ Hash ] params
      #
      # @return [ Hash ]
      def self.get(path, params = {})
        return {} unless token
        res = Browser.get(uri.join(path), params.merge(request_params))
        return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
        raise Error::HTTP, res
      rescue Error::HTTP => e
        retries ||= 0
        if (retries += 1) <= 3
          sleep(1)
          retry
        end
        { 'http_error' => e }
      end
      # @return [ Hash ]
      def self.plugin_data(slug)
        get("plugins/#{slug}")&.dig(slug) || {}
      end
      # @return [ Hash ]
      def self.theme_data(slug)
        get("themes/#{slug}")&.dig(slug) || {}
      end
      # @return [ Hash ]
      def self.wordpress_data(version_number)
        get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {}
      end
      # @return [ Hash ]
      def self.status
        json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0)
        json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1
        json
      end
      # @return [ Hash ]
      def self.request_params
        {
          headers: {
            'Host' => uri.host, # Reset in case user provided a --vhost for the target
            'Referer' => nil, # Removes referer set by the cmsscanner to the target url
            'User-Agent' => Browser.instance.default_user_agent,
            'Authorization' => "Token token=#{token}"
          }
        }
      end
    end
  end
 end
--- a/lib/wpscan/db/wp_item.rb
+++ b/lib/wpscan/db/wp_item.rb
@@ -6,19 +6,14 @@ module WPScan
    class WpItem
      # @param [ String ] identifier The plugin/theme slug or version number
      #
-      # @return [ Hash ] The JSON data from the metadata associated to the identifier
+      # @return [ Hash ] The JSON data from the DB associated to the identifier
-      def self.metadata_at(identifier)
+      def self.db_data(identifier)
-        metadata[identifier] || {}
+        db[identifier] || {}
      end
      # @return [ JSON ]
-      def self.metadata
+      def self.db
-        @metadata ||= read_json_file(metadata_file)
+        @db ||= read_json_file(db_file)
      end
      # @return [ String ]
      def self.metadata_file
        @metadata_file ||= DB_DIR.join('metadata.json').to_s
      end
    end
  end
--- a/lib/wpscan/db/wp_items.rb
+++ b/lib/wpscan/db/wp_items.rb
@@ -6,17 +6,17 @@ module WPScan
    class WpItems
      # @return [ Array<String> ] The slug of all items
      def self.all_slugs
-        metadata.keys
+        db.keys
      end
      # @return [ Array<String> ] The slug of all popular items
      def self.popular_slugs
-        metadata.select { |_key, item| item['popular'] == true }.keys
+        db.select { |_key, item| item['popular'] == true }.keys
      end
      # @return [ Array<String> ] The slug of all vulnerable items
      def self.vulnerable_slugs
-        metadata.select { |_key, item| item['vulnerabilities'] == true }.keys
+        db.reject { |_key, item| item['vulnerabilities'].empty? }.keys
      end
    end
  end
--- a/lib/wpscan/db/wp_version.rb
+++ b/lib/wpscan/db/wp_version.rb
@@ -4,9 +4,9 @@ module WPScan
  module DB
    # WP Version
    class Version < WpItem
-      # @return [ Hash ]
+      # @return [ String ]
-      def self.metadata
+      def self.db_file
-        @metadata ||= super['wordpress'] || {}
+        @db_file ||= DB_DIR.join('wordpresses.json').to_s
      end
    end
  end
--- a/lib/wpscan/errors.rb
+++ b/lib/wpscan/errors.rb
@@ -9,9 +9,7 @@ module WPScan
  end
 end
 require_relative 'errors/enumeration'
 require_relative 'errors/http'
 require_relative 'errors/update'
 require_relative 'errors/vuln_api'
 require_relative 'errors/wordpress'
 require_relative 'errors/xmlrpc'
--- a/lib/wpscan/errors/enumeration.rb
+++ b/lib/wpscan/errors/enumeration.rb
@@ -1,21 +0,0 @@
 # frozen_string_literal: true
 module WPScan
  module Error
    class PluginsThresholdReached < Standard
      def to_s
        "The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
        'option to ignore the bad responses.'
      end
    end
    class ThemesThresholdReached < Standard
      def to_s
        "The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
        'option to ignore the bad responses.'
      end
    end
  end
 end
--- a/lib/wpscan/errors/vuln_api.rb
+++ b/lib/wpscan/errors/vuln_api.rb
@@ -1,20 +0,0 @@
 # frozen_string_literal: true
 module WPScan
  module Error
    # Error raised when the token given via --api-token is invalid
    class InvalidApiToken < Standard
      def to_s
        'The API token provided is invalid'
      end
    end
    # Error raised when the number of API requests has been reached
    # currently not implemented on the API side
    class ApiLimitReached < Standard
      def to_s
        'Your API limit has been reached'
      end
    end
  end
 end
--- a/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb
@@ -4,9 +4,9 @@ module WPScan
  module Finders
    module DynamicFinder
      module Version
-        # Version finder using Body Pattern method. Typically used when the response is not
+        # Version finder using Body Pattern method. Tipically used when the response is not
        # an HTML doc and Xpath can't be used
-        class BodyPattern < Finders::DynamicFinder::Version::Finder
+        class BodyPattern < WPScan::Finders::DynamicFinder::Version::Finder
          # @return [ Hash ]
          def self.child_class_constants
            @child_class_constants ||= super().merge(PATTERN: nil, CONFIDENCE: 60)
@@ -16,7 +16,7 @@ module WPScan
          # @param [ Hash ] opts
          # @return [ Version ]
          def find(response, _opts = {})
-            return unless response.code != 404 && response.body =~ self.class::PATTERN
+            return unless response.body =~ self.class::PATTERN
            create_version(
              Regexp.last_match[:v],
--- a/lib/wpscan/finders/dynamic_finder/version/comment.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/comment.rb
@@ -6,7 +6,7 @@ module WPScan
      module Version
        # Version finder in Comment, which is basically an Xpath one with a default
        # Xpath of //comment()
-        class Comment < Finders::DynamicFinder::Version::Xpath
+        class Comment < WPScan::Finders::DynamicFinder::Version::Xpath
          # @return [ Hash ]
          def self.child_class_constants
            @child_class_constants ||= super().merge(PATTERN: nil, XPATH: '//comment()')
--- a/lib/wpscan/finders/dynamic_finder/version/config_parser.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/config_parser.rb
@@ -6,7 +6,7 @@ module WPScan
      module Version
        # Version finder using by parsing config files, such as composer.json
        # and so on
-        class ConfigParser < Finders::DynamicFinder::Version::Finder
+        class ConfigParser < WPScan::Finders::DynamicFinder::Version::Finder
          ALLOWED_PARSERS = [JSON, YAML].freeze
          def self.child_class_constants
--- a/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb
@@ -5,7 +5,7 @@ module WPScan
    module DynamicFinder
      module Version
        # Version finder using Header Pattern method
-        class HeaderPattern < Finders::DynamicFinder::Version::Finder
+        class HeaderPattern < WPScan::Finders::DynamicFinder::Version::Finder
          # @return [ Hash ]
          def self.child_class_constants
            @child_class_constants ||= super().merge(HEADER: nil, PATTERN: nil, CONFIDENCE: 60)
--- a/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb
@@ -5,7 +5,7 @@ module WPScan
    module DynamicFinder
      module Version
        # Version finder using JavaScript Variable method
-        class JavascriptVar < Finders::DynamicFinder::Version::Finder
+        class JavascriptVar < WPScan::Finders::DynamicFinder::Version::Finder
          # @return [ Hash ]
          def self.child_class_constants
            @child_class_constants ||= super().merge(
--- a/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
@@ -5,7 +5,7 @@ module WPScan
    module DynamicFinder
      module Version
        # Version finder using QueryParameter method
-        class QueryParameter < Finders::DynamicFinder::Version::Finder
+        class QueryParameter < WPScan::Finders::DynamicFinder::Version::Finder
          # @return [ Hash ]
          def self.child_class_constants
            @child_class_constants ||= super().merge(
--- a/lib/wpscan/finders/dynamic_finder/version/xpath.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/xpath.rb
@@ -5,7 +5,7 @@ module WPScan
    module DynamicFinder
      module Version
        # Version finder using Xpath method
-        class Xpath < Finders::DynamicFinder::Version::Finder
+        class Xpath < WPScan::Finders::DynamicFinder::Version::Finder
          # @return [ Hash ]
          def self.child_class_constants
            @child_class_constants ||= super().merge(
--- a/lib/wpscan/finders/dynamic_finder/wp_item_version.rb
+++ b/lib/wpscan/finders/dynamic_finder/wp_item_version.rb
@@ -4,22 +4,22 @@ module WPScan
  module Finders
    module DynamicFinder
      module WpItemVersion
-        class BodyPattern < Finders::DynamicFinder::Version::BodyPattern
+        class BodyPattern < WPScan::Finders::DynamicFinder::Version::BodyPattern
        end
-        class Comment < Finders::DynamicFinder::Version::Comment
+        class Comment < WPScan::Finders::DynamicFinder::Version::Comment
        end
-        class ConfigParser < Finders::DynamicFinder::Version::ConfigParser
+        class ConfigParser < WPScan::Finders::DynamicFinder::Version::ConfigParser
        end
-        class HeaderPattern < Finders::DynamicFinder::Version::HeaderPattern
+        class HeaderPattern < WPScan::Finders::DynamicFinder::Version::HeaderPattern
        end
-        class JavascriptVar < Finders::DynamicFinder::Version::JavascriptVar
+        class JavascriptVar < WPScan::Finders::DynamicFinder::Version::JavascriptVar
        end
-        class QueryParameter < Finders::DynamicFinder::Version::QueryParameter
+        class QueryParameter < WPScan::Finders::DynamicFinder::Version::QueryParameter
          # @return [ Regexp ]
          def path_pattern
            # TODO: consider the target.blog.themes_dir if the target is a Theme (maybe implement a WpItem#item_dir ?)
@@ -37,7 +37,7 @@ module WPScan
          end
        end
-        class Xpath < Finders::DynamicFinder::Version::Xpath
+        class Xpath < WPScan::Finders::DynamicFinder::Version::Xpath
        end
      end
    end
--- a/lib/wpscan/finders/dynamic_finder/wp_version.rb
+++ b/lib/wpscan/finders/dynamic_finder/wp_version.rb
@@ -12,23 +12,23 @@ module WPScan
          end
        end
-        class BodyPattern < Finders::DynamicFinder::Version::BodyPattern
+        class BodyPattern < WPScan::Finders::DynamicFinder::Version::BodyPattern
          include Finder
        end
-        class Comment < Finders::DynamicFinder::Version::Comment
+        class Comment < WPScan::Finders::DynamicFinder::Version::Comment
          include Finder
        end
-        class HeaderPattern < Finders::DynamicFinder::Version::HeaderPattern
+        class HeaderPattern < WPScan::Finders::DynamicFinder::Version::HeaderPattern
          include Finder
        end
-        class JavascriptVar < Finders::DynamicFinder::Version::JavascriptVar
+        class JavascriptVar < WPScan::Finders::DynamicFinder::Version::JavascriptVar
          include Finder
        end
-        class QueryParameter < Finders::DynamicFinder::Version::QueryParameter
+        class QueryParameter < WPScan::Finders::DynamicFinder::Version::QueryParameter
          include Finder
          # @return [ Hash ]
--- a/lib/wpscan/helper.rb
+++ b/lib/wpscan/helper.rb
@@ -6,15 +6,13 @@ rescue StandardError => e
  raise "JSON parsing error in #{file} #{e}"
 end
 # Sanitize and classify a slug
 # @note As a class can not start with a digit or underscore, a D_ is
 #       put as a prefix in such case. Ugly but well :x
 #       Not only used to classify slugs though, but Dynamic Finder names as well
 #
 # @return [ Symbol ]
 # @note As a class can not start with a digit or underscore, a D_ is
 # put as a prefix in such case. Ugly but well :x
 # Not only used to classify slugs though, but Dynamic Finder names as well
 def classify_slug(slug)
-  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
+  classified = slug.to_s.tr('-', '_').camelize.to_s
-  classified = "D_#{classified}" if /\d/.match?(classified[0])
+  classified = "D_#{classified}" if classified[0] =~ /\d/
  classified.to_sym
 end
--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -29,7 +29,7 @@ module WPScan
          end
          homepage_res.html.css('meta[name="generator"]').each do |node|
-            return true if /wordpress/i.match?(node['content'])
+            return true if node['content'] =~ /wordpress/i
          end
          return true unless comments_from_page(/wordpress/i, homepage_res).empty?
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -99,19 +99,20 @@ module WPScan
        # @return [ String, False ] String of the sub_dir found, false otherwise
        # @note: nil can not be returned here, otherwise if there is no sub_dir
-        #        the check would be done each time, which would make enumeration of
+        #        the check would be done each time
        #        long list of items very slow to generate
        def sub_dir
-          return @sub_dir unless @sub_dir.nil?
+          unless @sub_dir
            # url_pattern is from CMSScanner::Target
            pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
-          # url_pattern is from CMSScanner::Target
+            in_scope_uris(homepage_res) do |uri|
-          pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
+              return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
            end
-          in_scope_uris(homepage_res) do |uri|
+            @sub_dir = false
            return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
          end
-          @sub_dir = false
+          @sub_dir
        end
        # Override of the WebSite#url to consider the custom WP directories
--- a/lib/wpscan/typhoeus/response.rb
+++ b/lib/wpscan/typhoeus/response.rb
@@ -1,13 +0,0 @@
 # frozen_string_literal: true
 module Typhoeus
  # Custom Response class
  class Response
    # @note: Ignores requests done to the /status endpoint of the API
    #
    # @return [ Boolean ]
    def from_vuln_api?
      effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) && !effective_url.include?('/status')
    end
  end
 end
--- a/lib/wpscan/version.rb
+++ b/lib/wpscan/version.rb
@@ -2,5 +2,5 @@
 # Version
 module WPScan
-  VERSION = '3.7.0'
+  VERSION = '3.5.3'
 end
--- a/spec/app/controllers/enumeration_spec.rb
+++ b/spec/app/controllers/enumeration_spec.rb
@@ -70,8 +70,8 @@ describe WPScan::Controller::Enumeration do
    it 'contains the correct options' do
      expect(controller.cli_options.map(&:to_sym)).to eql(
        %i[enumerate exclude_content_based
-           plugins_list plugins_detection plugins_version_all plugins_version_detection plugins_threshold
+           plugins_list plugins_detection plugins_version_all plugins_version_detection
-           themes_list themes_detection themes_version_all themes_version_detection themes_threshold
+           themes_list themes_detection themes_version_all themes_version_detection
           timthumbs_list timthumbs_detection
           config_backups_list config_backups_detection
           db_exports_list db_exports_detection
@@ -102,6 +102,15 @@ describe WPScan::Controller::Enumeration do
    end
  end
  describe '#before_scan' do
    it 'creates the Dynamic Finders' do
      expect(WPScan::DB::DynamicFinders::Plugin).to receive(:create_versions_finders)
      expect(WPScan::DB::DynamicFinders::Theme).to receive(:create_versions_finders)
      controller.before_scan
    end
  end
  describe '#run' do
    context 'when no :enumerate' do
      before do
--- a/spec/app/controllers/password_attack_spec.rb
+++ b/spec/app/controllers/password_attack_spec.rb
@@ -52,60 +52,6 @@ describe WPScan::Controller::PasswordAttack do
    end
  end
  describe '#xmlrpc_get_users_blogs_enabled?' do
    before { expect(controller.target).to receive(:xmlrpc).and_return(xmlrpc) }
    context 'when xmlrpc not found' do
      let(:xmlrpc) { nil }
      its(:xmlrpc_get_users_blogs_enabled?) { should be false }
    end
    context 'when xmlrpc not enabled' do
      let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}xmlrpc.php") }
      it 'returns false' do
        expect(xmlrpc).to receive(:enabled?).and_return(false)
        expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
      end
    end
    context 'when xmlrpc enabled' do
      let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}xmlrpc.php") }
      before { expect(xmlrpc).to receive(:enabled?).and_return(true) }
      context 'when wp.getUsersBlogs methods not listed' do
        it 'returns false' do
          expect(xmlrpc).to receive(:available_methods).and_return(%w[m1 m2])
          expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
        end
      end
      context 'when wp.getUsersBlogs method listed' do
        before { expect(xmlrpc).to receive(:available_methods).and_return(%w[wp.getUsersBlogs m2]) }
        context 'when wp.getUsersBlogs method disabled' do
          it 'returns false' do
            stub_request(:post, xmlrpc.url).to_return(body: 'XML-RPC services are disabled on this site.')
            expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
          end
        end
        context 'when wp.getUsersBlogs method enabled' do
          it 'returns true' do
            stub_request(:post, xmlrpc.url).to_return(body: 'Incorrect username or password.')
            expect(controller.xmlrpc_get_users_blogs_enabled?).to be true
          end
        end
      end
    end
  end
  describe '#attacker' do
    context 'when --password-attack provided' do
      let(:cli_args) { "#{super()} --password-attack #{attack}" }
@@ -146,7 +92,7 @@ describe WPScan::Controller::PasswordAttack do
          before do
            expect(controller.target)
              .to receive(:xmlrpc)
-              .and_return(WPScan::Model::XMLRPC.new("#{target_url}xmlrpc.php"))
+              .and_return(WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php"))
          end
          context 'when single xmlrpc' do
@@ -171,50 +117,73 @@ describe WPScan::Controller::PasswordAttack do
    end
    context 'when automatic detection' do
-      context 'when xmlrpc_get_users_blogs_enabled? is false' do
+      before { expect(controller.target).to receive(:xmlrpc).and_return(xmlrpc) }
      context 'when xmlrpc not found' do
        let(:xmlrpc) { nil }
        it 'returns the WpLogin' do
-          expect(controller).to receive(:xmlrpc_get_users_blogs_enabled?).and_return(false)
+          expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
          expect(controller.attacker.target).to be_a WPScan::Target
        end
      end
      context 'when xmlrpc not enabled' do
        let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php") }
        it 'returns the WpLogin' do
          expect(xmlrpc).to receive(:enabled?).and_return(false)
          expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
          expect(controller.attacker.target).to be_a WPScan::Target
        end
      end
-      context 'when xmlrpc_get_users_blogs_enabled? is true' do
+      context 'when xmlrpc enabled' do
-        before do
+        let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php") }
          expect(controller).to receive(:xmlrpc_get_users_blogs_enabled?).and_return(true)
-          expect(controller.target)
+        before { expect(xmlrpc).to receive(:enabled?).and_return(true) }
            .to receive(:xmlrpc).and_return(WPScan::Model::XMLRPC.new("#{target_url}xmlrpc.php"))
        end
-        context 'when WP version not found' do
+        context 'when wp.getUsersBlogs methods not available' do
-          it 'returns the XMLRPC' do
+          it 'returns the WpLogin' do
-            expect(controller.target).to receive(:wp_version).and_return(false)
+            expect(xmlrpc).to receive(:available_methods).and_return(%w[m1 m2])
-            expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
+            expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
-            expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
+            expect(controller.attacker.target).to be_a WPScan::Target
          end
        end
-        context 'when WP version found' do
+        context 'when wp.getUsersBlogs method evailable' do
-          before { expect(controller.target).to receive(:wp_version).and_return(wp_version) }
+          before { expect(xmlrpc).to receive(:available_methods).and_return(%w[wp.getUsersBlogs m2]) }
-          context 'when WP < 4.4' do
+          context 'when WP version not found' do
-            let(:wp_version) { WPScan::Model::WpVersion.new('3.8.1') }
+            it 'returns the XMLRPC' do
              expect(controller.target).to receive(:wp_version).and_return(false)
-            it 'returns the XMLRPCMulticall' do
+              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
              expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
            end
          end
-          context 'when WP >= 4.4' do
+          context 'when WP version found' do
-            let(:wp_version) { WPScan::Model::WpVersion.new('4.4') }
+            before { expect(controller.target).to receive(:wp_version).and_return(wp_version) }
-            it 'returns the XMLRPC' do
+            context 'when WP < 4.4' do
-              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
+              let(:wp_version) { WPScan::Model::WpVersion.new('3.8.1') }
-              expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
+
              it 'returns the XMLRPCMulticall' do
                expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
                expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
              end
            end
            context 'when WP >= 4.4' do
              let(:wp_version) { WPScan::Model::WpVersion.new('4.4') }
              it 'returns the XMLRPC' do
                expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
                expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
              end
            end
          end
        end
--- a/spec/app/controllers/vuln_api_spec.rb
+++ b/spec/app/controllers/vuln_api_spec.rb
@@ -1,93 +0,0 @@
 # frozen_string_literal: true
 describe WPScan::Controller::VulnApi do
  subject(:controller) { described_class.new }
  let(:target_url)     { 'http://ex.lo/' }
  let(:cli_args)       { "--url #{target_url}" }
  before do
    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
  end
  describe '#cli_options' do
    its(:cli_options) { should_not be_empty }
    its(:cli_options) { should be_a Array }
    it 'contains to correct options' do
      expect(controller.cli_options.map(&:to_sym)).to eq %i[api_token]
    end
  end
  describe '#before_scan' do
    context 'when no --api-token provided' do
      its(:before_scan) { should be nil }
    end
    context 'when --api-token given' do
      let(:cli_args) { "#{super()} --api-token token" }
      context 'when the token is invalid' do
        before { expect(WPScan::DB::VulnApi).to receive(:status).and_return('error' => 'HTTP Token: Access denied.') }
        it 'raise an InvalidApiToken error' do
          expect { controller.before_scan }.to raise_error(WPScan::Error::InvalidApiToken)
        end
      end
      context 'when the token is valid' do
        context 'when the limit has been reached' do
          before do
            expect(WPScan::DB::VulnApi)
              .to receive(:status)
              .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 0)
          end
          it 'raises an ApiLimitReached error' do
            expect { controller.before_scan }.to raise_error(WPScan::Error::ApiLimitReached)
          end
        end
        context 'when a HTTP error, like a timeout' do
          before do
            expect(WPScan::DB::VulnApi)
              .to receive(:status)
              .and_return(
                'http_error' => WPScan::Error::HTTP.new(
                  Typhoeus::Response.new(effective_url: 'mock-url', return_code: 28)
                )
              )
          end
          it 'raises an HTTP error' do
            expect { controller.before_scan }
              .to raise_error(WPScan::Error::HTTP, 'HTTP Error: mock-url (Timeout was reached)')
          end
        end
        context 'when the token is valid and no HTTP error' do
          before do
            expect(WPScan::DB::VulnApi)
              .to receive(:status)
              .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => requests)
          end
          context 'when limited requests' do
            let(:requests) { 100 }
            it 'does not raise an error' do
              expect { controller.before_scan }.to_not raise_error
            end
            context 'when unlimited requests' do
              let(:requests) { 'Unlimited' }
              it 'does not raise an error' do
                expect { controller.before_scan }.to_not raise_error
              end
            end
          end
        end
      end
    end
  end
 end
--- a/spec/app/finders/interesting_findings/backup_db_spec.rb
+++ b/spec/app/finders/interesting_findings/backup_db_spec.rb
@@ -1,73 +0,0 @@
 # frozen_string_literal: true
 describe WPScan::Finders::InterestingFindings::BackupDB do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
  let(:url)        { 'http://ex.lo/' }
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'backup_db') }
  let(:wp_content) { 'wp-content' }
  let(:dir_url)    { target.url("#{wp_content}/backup-db/") }
  before do
    expect(target).to receive(:content_dir).at_least(1).and_return(wp_content)
    expect(target).to receive(:head_or_get_params).and_return(method: :head)
  end
  describe '#aggressive' do
    context 'when not a 200 or 403' do
      it 'returns nil' do
        stub_request(:head, dir_url).to_return(status: 404)
        expect(finder.aggressive).to eql nil
      end
    end
    context 'when 200 and matching the homepage' do
      it 'returns nil' do
        stub_request(:head, dir_url)
        stub_request(:get, dir_url)
        expect(target).to receive(:homepage_or_404?).and_return(true)
        expect(finder.aggressive).to eql nil
      end
    end
    context 'when 200 or 403' do
      before do
        stub_request(:head, dir_url)
        stub_request(:get, dir_url).and_return(body: body)
        expect(target).to receive(:homepage_or_404?).and_return(false)
      end
      after do
        found = finder.aggressive
        expect(found).to eql WPScan::Model::BackupDB.new(
          dir_url,
          confidence: 70,
          found_by: described_class::DIRECT_ACCESS
        )
        expect(found.interesting_entries).to eq @expected_entries
      end
      context 'when no directory listing' do
        let(:body) { '' }
        it 'returns an empty interesting_findings attribute' do
          @expected_entries = []
        end
      end
      context 'when directory listing enabled' do
        let(:body) { File.read(fixtures.join('dir_listing.html')) }
        it 'returns the expected interesting_findings attribute' do
          @expected_entries = %w[sqldump.sql test.txt]
        end
      end
    end
  end
 end
--- a/spec/app/finders/interesting_findings/plugin_backup_folders_spec.rb
+++ b/spec/app/finders/interesting_findings/plugin_backup_folders_spec.rb
@@ -0,0 +1,76 @@
 # frozen_string_literal: true
 describe WPScan::Finders::InterestingFindings::PluginBackupFolders do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
  let(:url)        { 'http://ex.lo/' }
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'plugin_backup_folders') }
  before do
    expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')
    finder.class::PATHS.each { |path| stub_request(:head, target.url(path)).to_return(status: 404) }
    allow(target).to receive(:head_or_get_params).and_return(method: :head)
  end
  describe '#aggressive' do
    context 'when none of them exist' do
      it 'returns an empty array' do
        expect(finder.aggressive).to eql([])
      end
    end
    context 'when one exist but matches the homepage' do
      let(:existing_url) { target.url(finder.class::PATHS.sample) }
      it 'ignores it' do
        stub_request(:head, existing_url)
        stub_request(:get, existing_url)
        expect(target).to receive(:homepage_or_404?).and_return(true)
        expect(finder.aggressive).to eql([])
      end
    end
    context 'when 200 or 403' do
      let(:existing_url) { target.url(finder.class::PATHS.sample) }
      before do
        stub_request(:head, existing_url)
        stub_request(:get, existing_url).and_return(body: body)
        expect(target).to receive(:homepage_or_404?).and_return(false)
      end
      after do
        found = finder.aggressive
        expect(found.size).to eql 1
        expect(found).to eql([WPScan::Model::PluginBackupFolder.new(existing_url,
                                                                    confidence: 70,
                                                                    found_by: described_class::DIRECT_ACCESS)])
        expect(found.first.interesting_entries).to eq @expected_entries
      end
      context 'when no directory listing' do
        let(:body) { '' }
        it 'returns an empty interesting_findings attribute' do
          @expected_entries = []
        end
      end
      context 'when directory listing enabled' do
        let(:body) { File.read(fixtures.join('dir_listing.html')) }
        it 'returns the expected interesting_findings attribute' do
          @expected_entries = %w[sqldump.sql test.txt]
        end
      end
    end
  end
 end
--- a/spec/app/finders/passwords/wp_login_spec.rb
+++ b/spec/app/finders/passwords/wp_login_spec.rb
@@ -1,61 +0,0 @@
 # frozen_string_literal: true
 describe WPScan::Finders::Passwords::WpLogin do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url) }
  let(:url)        { 'http://ex.lo/' }
  describe '#valid_credentials?' do
    context 'when a non 302' do
      it 'returns false' do
        expect(finder.valid_credentials?(Typhoeus::Response.new(code: 200, headers: {}))).to be_falsey
      end
    end
    context 'when a 302' do
      let(:response) { Typhoeus::Response.new(code: 302, headers: headers) }
      context 'when no cookies set' do
        let(:headers) { {} }
        it 'returns false' do
          expect(finder.valid_credentials?(response)).to be_falsey
        end
      end
      context 'when no logged_in cookie set' do
        context 'when only one cookie set' do
          let(:headers) { 'Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/' }
          it 'returns false' do
            expect(finder.valid_credentials?(response)).to be_falsey
          end
        end
        context 'when multiple cookies set' do
          let(:headers) do
            "Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\n" \
            'Set-Cookie: something=value; path=/'
          end
          it 'returns false' do
            expect(finder.valid_credentials?(response)).to be_falsey
          end
        end
      end
      context 'when logged_in cookie set' do
        let(:headers) do
          "Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\r" \
          "Set-Cookie: wordpress_xxx=yyy; path=/wp-content/plugins; httponly\r\n" \
          "Set-Cookie: wordpress_xxx=yyy; path=/wp-admin; httponly\r\n" \
          'Set-Cookie: wordpress_logged_in_xxx=yyy; path=/; httponly'
        end
        it 'returns false' do
          expect(finder.valid_credentials?(response)).to eql true
        end
      end
    end
  end
 end
--- a/spec/app/finders/plugin_version_spec.rb
+++ b/spec/app/finders/plugin_version_spec.rb
@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 # If this file is tested alone (rspec path-to-this-file), then there will be an error about
 # constants not being intilialized. This is due to the Dynamic Finders.
 describe WPScan::Finders::PluginVersion::Base do
  subject(:plugin_version) { described_class.new(plugin) }
  let(:plugin)             { WPScan::Model::Plugin.new(slug, target) }
@@ -12,7 +15,7 @@ describe WPScan::Finders::PluginVersion::Base do
      expect(plugin_version.finders.map { |f| f.class.to_s.demodulize }).to match_array @expected
    end
-    context 'when no related dynamic finders' do
+    context 'when no related specific finders' do
      let(:slug) { 'spec' }
      it 'contains the default finders' do
@@ -22,13 +25,19 @@ describe WPScan::Finders::PluginVersion::Base do
    # Dynamic Version Finders are not tested here, they are in
    # spec/lib/finders/dynamic_finder/plugin_versions_spec
-    context 'when dynamic finders' do
+    context 'when specific finders' do
      let(:specific) do
        {
          # None so far
        }
      end
      WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |plugin_slug, configs|
        context "when #{plugin_slug} plugin" do
          let(:slug) { plugin_slug }
-          it 'contains the expected finders (default + the dynamic ones)' do
+          it 'contains the expected finders (default + specific + the dynamic ones)' do
-            @expected = default_finders + configs.keys
+            @expected = default_finders + [*specific[plugin_slug]] + configs.keys
          end
        end
      end
--- a/spec/app/finders/theme_version_spec.rb
+++ b/spec/app/finders/theme_version_spec.rb
@@ -13,21 +13,20 @@ describe WPScan::Finders::ThemeVersion::Base do
      expect(theme_version.finders.map { |f| f.class.to_s.demodulize }).to eql @expected
    end
-    context 'when no related dynamic finders' do
+    context 'when no related specific finders' do
      it 'contains the default finders' do
        @expected = default_finders
      end
    end
-    # Dynamic Version Finders are not tested here, they are in
+    context 'when specific finders' do
-    # spec/lib/finders/dynamic_finder/theme_versions_spec
+      {
-    context 'when dynamic finders' do
+      }.each do |theme_slug, specific_finders|
      WPScan::DB::DynamicFinders::Theme.versions_finders_configs.each do |theme_slug, configs|
        context "when #{theme_slug} theme" do
          let(:slug) { theme_slug }
-          it 'contains the expected finders (default + the dynamic ones)' do
+          it 'contains the expected finders' do
-            @expected = default_finders + configs.keys
+            @expected = default_finders + specific_finders
          end
        end
      end
--- a/spec/app/models/plugin_spec.rb
+++ b/spec/app/models/plugin_spec.rb
@@ -60,60 +60,25 @@ describe WPScan::Model::Plugin do
    end
  end
  describe 'potential_readme_filenames' do
    context 'when not set in the DF file' do
      its(:potential_readme_filenames) { should eql described_class::READMES }
    end
    context 'when set in the DF file' do
      context 'as a string' do
        let(:slug) { 'photoblocks-grid-gallery' }
        its(:potential_readme_filenames) { should eql %w[README.txt] }
      end
      context 'as an array' do
        let(:slug) { 'customerlabs-actionrecorder' }
        its(:potential_readme_filenames) { should eql %w[Readme.txt Readme.md] }
      end
    end
  end
  describe '#latest_version, #last_updated, #popular' do
-    before { allow(plugin).to receive(:db_data).and_return(db_data) }
+    context 'when none' do
-
+      let(:slug) { 'vulnerable-not-popular' }
    context 'when no db_data and no metadata' do
      let(:slug)    { 'not-known' }
      let(:db_data) { {} }
      its(:latest_version) { should be_nil }
      its(:last_updated) { should be_nil }
      its(:popular?) { should be false }
    end
-    context 'when no db_data but metadata' do
+    context 'when values' do
      let(:slug) { 'no-vulns-popular' }
      let(:db_data) { {} }
      its(:latest_version) { should eql WPScan::Model::Version.new('2.0') }
      its(:last_updated) { should eql '2015-05-16T00:00:00.000Z' }
      its(:popular?) { should be true }
    end
    context 'when db_data' do
      let(:slug) { 'no-vulns-popular' }
      let(:db_data) { vuln_api_data_for('plugins/no-vulns-popular') }
      its(:latest_version) { should eql WPScan::Model::Version.new('2.1') }
      its(:last_updated) { should eql '2015-05-16T00:00:00.000Z-via-api' }
      its(:popular?) { should be true }
    end
  end
  describe '#outdated?' do
    before { allow(plugin).to receive(:db_data).and_return({}) }
    context 'when last_version' do
      let(:slug) { 'no-vulns-popular' }
@@ -131,13 +96,13 @@ describe WPScan::Model::Plugin do
            .and_return(WPScan::Model::Version.new(version_number))
        end
-        context 'when version < latest_version' do
+        context 'when version < last_version' do
          let(:version_number) { '1.2' }
          its(:outdated?) { should eql true }
        end
-        context 'when version >= latest_version' do
+        context 'when version >= last_version' do
          let(:version_number) { '3.0' }
          its(:outdated?) { should eql false }
@@ -145,7 +110,7 @@ describe WPScan::Model::Plugin do
      end
    end
-    context 'when no latest_version' do
+    context 'when no last_version' do
      let(:slug) { 'vulnerable-not-popular' }
      context 'when no version' do
@@ -168,16 +133,13 @@ describe WPScan::Model::Plugin do
  end
  describe '#vulnerabilities' do
    before { allow(plugin).to receive(:db_data).and_return(db_data) }
    after do
      expect(plugin.vulnerabilities).to eq @expected
      expect(plugin.vulnerable?).to eql @expected.empty? ? false : true
    end
    context 'when plugin not in the DB' do
-      let(:slug)    { 'not-in-db' }
+      let(:slug) { 'not-in-db' }
      let(:db_data) { {} }
      it 'returns an empty array' do
        @expected = []
@@ -186,8 +148,7 @@ describe WPScan::Model::Plugin do
    context 'when in the DB' do
      context 'when no vulnerabilities' do
-        let(:slug)    { 'no-vulns-popular' }
+        let(:slug) { 'no-vulns-popular' }
        let(:db_data) { vuln_api_data_for('plugins/no-vulns-popular') }
        it 'returns an empty array' do
          @expected = []
@@ -195,13 +156,11 @@ describe WPScan::Model::Plugin do
      end
      context 'when vulnerabilities' do
-        let(:slug)    { 'vulnerable-not-popular' }
+        let(:slug) { 'vulnerable-not-popular' }
        let(:db_data) { vuln_api_data_for('plugins/vulnerable-not-popular') }
        let(:all_vulns) do
          [
            WPScan::Vulnerability.new(
-              'First Vuln <= 6.3.10 - LFI',
+              'First Vuln',
              { wpvulndb: '1' },
              'LFI',
              '6.3.10'
--- a/spec/app/models/theme_spec.rb
+++ b/spec/app/models/theme_spec.rb
@@ -86,179 +86,8 @@ describe WPScan::Model::Theme do
    end
  end
  describe '#latest_version, #last_updated, #popular' do
    before do
      stub_request(:get, /.*\.css\z/)
      allow(theme).to receive(:db_data).and_return(db_data)
    end
    context 'when no db_data and no metadata' do
      let(:slug)    { 'not-known' }
      let(:db_data) { {} }
      its(:latest_version) { should be_nil }
      its(:last_updated) { should be_nil }
      its(:popular?) { should be false }
    end
    context 'when no db_data but metadata' do
      let(:slug) { 'no-vulns-popular' }
      let(:db_data) { {} }
      its(:latest_version) { should eql WPScan::Model::Version.new('2.0') }
      its(:last_updated) { should eql '2015-05-16T00:00:00.000Z' }
      its(:popular?) { should be true }
    end
    context 'when db_data' do
      let(:slug) { 'no-vulns-popular' }
      let(:db_data) { vuln_api_data_for('themes/no-vulns-popular') }
      its(:latest_version) { should eql WPScan::Model::Version.new('2.2') }
      its(:last_updated) { should eql '2015-05-16T00:00:00.000Z-via-api' }
      its(:popular?) { should be true }
    end
  end
  describe '#outdated?' do
    before do
      stub_request(:get, /.*\.css\z/)
      allow(theme).to receive(:db_data).and_return({})
    end
    context 'when last_version' do
      let(:slug) { 'no-vulns-popular' }
      context 'when no version' do
        before { expect(theme).to receive(:version).at_least(1).and_return(nil) }
        its(:outdated?) { should eql false }
      end
      context 'when version' do
        before do
          expect(theme)
            .to receive(:version)
            .at_least(1)
            .and_return(WPScan::Model::Version.new(version_number))
        end
        context 'when version < latest_version' do
          let(:version_number) { '1.2' }
          its(:outdated?) { should eql true }
        end
        context 'when version >= latest_version' do
          let(:version_number) { '3.0' }
          its(:outdated?) { should eql false }
        end
      end
    end
    context 'when no latest_version' do
      let(:slug) { 'vulnerable-not-popular' }
      context 'when no version' do
        before { expect(theme).to receive(:version).at_least(1).and_return(nil) }
        its(:outdated?) { should eql false }
      end
      context 'when version' do
        before do
          expect(theme)
            .to receive(:version)
            .at_least(1)
            .and_return(WPScan::Model::Version.new('1.0'))
        end
        its(:outdated?) { should eql false }
      end
    end
  end
  describe '#vulnerabilities' do
-    before do
+    xit
      stub_request(:get, /.*\.css\z/)
      allow(theme).to receive(:db_data).and_return(db_data)
    end
    after do
      expect(theme.vulnerabilities).to eq @expected
      expect(theme.vulnerable?).to eql @expected.empty? ? false : true
    end
    context 'when theme not in the DB' do
      let(:slug)    { 'not-in-db' }
      let(:db_data) { {} }
      it 'returns an empty array' do
        @expected = []
      end
    end
    context 'when in the DB' do
      context 'when no vulnerabilities' do
        let(:slug)    { 'no-vulns-popular' }
        let(:db_data) { vuln_api_data_for('themes/no-vulns-popular') }
        it 'returns an empty array' do
          @expected = []
        end
      end
      context 'when vulnerabilities' do
        let(:slug)    { 'vulnerable-not-popular' }
        let(:db_data) { vuln_api_data_for('themes/vulnerable-not-popular') }
        let(:all_vulns) do
          [
            WPScan::Vulnerability.new(
              'First Vuln',
              { wpvulndb: '1' },
              'LFI',
              '6.3.10'
            ),
            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
          ]
        end
        context 'when no theme version' do
          before { expect(theme).to receive(:version).at_least(1).and_return(false) }
          it 'returns all the vulnerabilities' do
            @expected = all_vulns
          end
        end
        context 'when theme version' do
          before do
            expect(theme)
              .to receive(:version)
              .at_least(1)
              .and_return(WPScan::Model::Version.new(number))
          end
          context 'when < to a fixed_in' do
            let(:number) { '5.0' }
            it 'returns it' do
              @expected = all_vulns
            end
          end
          context 'when >= to a fixed_in' do
            let(:number) { '6.3.10' }
            it 'does not return it ' do
              @expected = [all_vulns.last]
            end
          end
        end
      end
    end
  end
  describe '#parent_theme' do
--- a/spec/app/models/wp_version_spec.rb
+++ b/spec/app/models/wp_version_spec.rb
@@ -40,13 +40,11 @@ describe WPScan::Model::WpVersion do
  describe '#vulnerabilities' do
    subject(:version) { described_class.new(number) }
    before { allow(version).to receive(:db_data).and_return(db_data) }
    context 'when no vulns' do
      let(:number) { '4.4' }
      let(:db_data) { { 'vulnerabilities' => [] } }
-      its(:vulnerabilities) { should be_empty }
+      its(:vulnerabilities) { should eql([]) }
    end
    context 'when vulnerable' do
@@ -55,30 +53,13 @@ describe WPScan::Model::WpVersion do
        expect(version).to be_vulnerable
      end
      let(:all_vulns) do
        [
          WPScan::Vulnerability.new(
            'WP 3.8.1 - Vuln 1',
            { wpvulndb: '1' },
            'SQLI'
          ),
          WPScan::Vulnerability.new(
            'WP 3.8.1 - Vuln 2',
            { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
            nil,
            '3.8.2'
          )
        ]
      end
      context 'when a signle vuln' do
-        let(:number) { '3.8.1' }
+        let(:number) { '3.8' }
        let(:db_data) { vuln_api_data_for('wordpresses/38') }
        it 'returns the expected result' do
          @expected = [WPScan::Vulnerability.new(
            'WP 3.8 - Vuln 1',
-            { url: %w[url-4], wpvulndb: '3' },
+            { url: %w[url-4], osvdb: %w[11], wpvulndb: '3' },
            'AUTHBYPASS'
          )]
        end
@@ -86,7 +67,6 @@ describe WPScan::Model::WpVersion do
      context 'when multiple vulns' do
        let(:number) { '3.8.1' }
        let(:db_data) { vuln_api_data_for('wordpresses/381') }
        it 'returns the expected results' do
          @expected = [
@@ -97,7 +77,7 @@ describe WPScan::Model::WpVersion do
            ),
            WPScan::Vulnerability.new(
              'WP 3.8.1 - Vuln 2',
-              { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
+              { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
              nil,
              '3.8.2'
            )
@@ -107,30 +87,27 @@ describe WPScan::Model::WpVersion do
    end
  end
-  describe '#metadata, #release_date, #status' do
+  describe '#release_date' do
    subject(:version) { described_class.new('3.8.1') }
-    before { allow(version).to receive(:db_data).and_return(db_data) }
+    its(:release_date) { should eql '2014-01-23' }
-    context 'when no db_data' do
+    context 'when the version is not in the DB' do
-      let(:db_data) { {} }
+      subject(:version) { described_class.new('3.8.2') }
-      its(:release_date) { should eql '2014-01-23' }
+      its(:release_date) { should eql 'Unknown' }
      its(:status) { should eql 'outdated' }
      context 'when the version is not in the metadata' do
        subject(:version) { described_class.new('3.8.2') }
        its(:release_date) { should eql 'Unknown' }
        its(:status) { should eql 'Unknown' }
      end
    end
  end
-    context 'when db_data' do
+  describe '#status' do
-      let(:db_data) { vuln_api_data_for('wordpresses/381') }
+    subject(:version) { described_class.new('3.8.1') }
-      its(:release_date) { should eql '2014-01-23-via-api' }
+    its(:status) { should eql 'outdated' }
-      its(:status) { should eql 'outdated-via-api' }
+
    context 'when the version is not in the DB' do
      subject(:version) { described_class.new('3.8.2') }
      its(:release_date) { should eql 'Unknown' }
    end
  end
 end
--- a/spec/app/views_spec.rb
+++ b/spec/app/views_spec.rb
@@ -9,7 +9,6 @@ describe 'App::Views' do
  # in the expected output.
  %i[JSON CliNoColour].each do |formatter|
    context "when #{formatter}" do
      it_behaves_like 'App::Views::VulnApi'
      it_behaves_like 'App::Views::WpVersion'
      it_behaves_like 'App::Views::MainTheme'
      it_behaves_like 'App::Views::Enumeration'
--- a/spec/fixtures/db/dynamic_finders.yml
+++ b/spec/fixtures/db/dynamic_finders.yml
--- a/spec/fixtures/db/metadata.json
+++ b/spec/fixtures/db/metadata.json
@@ -1,56 +0,0 @@
 {
  "wordpress": {
    "4.0": {
      "release_date": "2014-09-04",
      "status": "latest"
    },
    "3.8.1": {
      "release_date": "2014-01-23",
      "status": "outdated"
    },
    "3.8": {
      "release_date": "2013-12-12",
      "status": "insecure"
    }
  },
  "plugins": {
    "no-vulns-popular": {
      "vulnerabilities": false,
      "popular": true,
      "latest_version": "2.0",
      "last_updated": "2015-05-16T00:00:00.000Z"
    },
    "vulnerable-not-popular": {
      "latest_version": null,
      "last_updated": null,
      "popular": false,
      "vulnerabilities": true
    }
  },
  "themes": {
    "no-vulns-popular": {
      "popular": true,
      "latest_version": "2.0",
      "last_updated": "2015-05-16T00:00:00.000Z",
      "vulnerabilities": false
    },
    "vulnerable-not-popular": {
      "latest_version": null,
      "last_updated": null,
      "popular": false,
      "vulnerabilities": true
    },
    "dignitas-themes": {
      "popular": true,
      "latest_version": null,
      "last_updated": null,
      "vulnerabilities" : true
    },
    "yaaburnee-themes": {
      "popular": false,
      "latest_version": null,
      "last_updated": null,
      "vulnerabilities" : true
    }
  }
 }
--- a/spec/fixtures/db/plugins.json
+++ b/spec/fixtures/db/plugins.json
@@ -0,0 +1,25 @@
 {
  "no-vulns-popular": {
    "vulnerabilities": [],
    "popular": true,
    "latest_version": "2.0",
    "last_updated": "2015-05-16T00:00:00.000Z"
  },
  "vulnerable-not-popular": {
    "latest_version": null,
    "last_updated": null,
    "popular": false,
    "vulnerabilities" : [
      {
        "title" : "First Vuln",
        "fixed_in" : "6.3.10",
        "id" : 1,
        "vuln_type": "LFI"
      },
      {
        "title": "No Fixed In",
        "id": 2
      }
    ]
  }
 }
--- a/spec/fixtures/db/sponsor.txt
+++ b/spec/fixtures/db/sponsor.txt
@@ -1 +0,0 @@
 Sponsored By Kittens
--- a/spec/fixtures/db/themes.json
+++ b/spec/fixtures/db/themes.json
@@ -0,0 +1,48 @@
 {
  "no-vulns-popular": {
    "popular": true,
    "latest_version": "2.0",
    "last_updated": "2015-05-16T00:00:00.000Z",
    "vulnerabilities": []
  },
  "dignitas-themes": {
    "popular": true,
    "latest_version": null,
    "last_updated": null,
    "vulnerabilities" : [
      {
        "created_at" : "2015-03-05T19:25:59.000Z",
        "updated_at" : "2015-03-05T19:37:47.000Z",
        "references": {
          "url" : [
            "http://research.evex.pw/?vuln=6",
            "http://packetstormsecurity.com/files/130652/"
          ]
          },
       "title" : "Dignitas 1.1.9 - Privilage Escalation",
       "id" : 7825,
       "vuln_type" : "AUTHBYPASS"
        }
     ]
  },
  "yaaburnee-themes": {
    "popular": false,
    "latest_version": null,
    "last_updated": null,
    "vulnerabilities" : [
      {
        "created_at" : "2015-03-05T19:25:44.000Z",
        "updated_at" : "2015-03-05T19:41:14.000Z",
        "references": {
          "url" : [
            "http://research.evex.pw/?vuln=6",
            "http://packetstormsecurity.com/files/130652/"
          ]
        },
        "title" : "Ya'aburnee 1.0.7 - Privilage Escalation",
        "id" : 7824,
        "vuln_type" : "AUTHBYPASS"
      }
    ]
  }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
erwanlr	82db02a688	Updates spec for #1342	2019-05-03 14:25:17 +01:00
erwanlr	2c07de8c6b	Updates class comment	2019-05-03 14:23:04 +01:00
erwanlr	4b0b8fa624	Fixes #1342	2019-05-03 14:04:50 +01:00