Bumps version

Update rubocop requirement from ~> 0.87.0 to ~> 0.88.0

.github/workflows/build.yml

@@ -0,0 +1,41 @@
+name: Build
+
+on: [push, pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        ruby: [2.5, 2.6, 2.7]
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v1
+
+    - name: Set up Ruby ${{ matrix.ruby }}
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+
+    - name: Install GEMs
+      run: |
+        gem install bundler
+        bundle config force_ruby_platform true
+        bundle config path vendor/bundle
+        bundle install --jobs 4 --retry 3
+
+    - name: rubocop
+      run: |
+        bundle exec rubocop
+
+    - name: rspec
+      run: |
+        bundle exec rspec
+
+    - name: Coveralls
+      uses: coverallsapp/github-action@master
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ruby.yml

@@ -1,34 +0,0 @@
-name: Ruby
-
-on: [push]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v1
-    - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
-      with:
-        ruby-version: 2.6.x
-    - name: Cache gems
-      uses: actions/cache@v1
-      with:
-        path: vendor/bundle
-        key: ${{ runner.os }}-gem-${{ hashFiles('**/wpscan.gemspec') }}
-        restore-keys: |
-          ${{ runner.os }}-gem-
-    - name: Build and test
-      run: |
-        gem install bundler
-        bundle config force_ruby_platform true
-        bundle config path vendor/bundle
-        bundle install --jobs 4 --retry 3
-    - name: test
-      run: |
-        bundle exec rspec
-    - name: rubocop
-      run: |
-        bundle exec rubocop

.rubocop.yml

@@ -1,6 +1,7 @@
 require: rubocop-performance
 AllCops:
-  TargetRubyVersion: 2.4
+  NewCops: enable
+  TargetRubyVersion: 2.5
   Exclude:
   - '*.gemspec'
   - 'vendor/**/*'
@@ -18,7 +19,7 @@ Metrics/ClassLength:
   Exclude:
   - 'app/controllers/enumeration/cli_options.rb'
 Metrics/CyclomaticComplexity:
-  Max: 8
+  Max: 10
 Metrics/MethodLength:
   Max: 20
   Exclude:

.ruby-version

@@ -1 +1 @@
-2.6.2
+2.7.1

.simplecov

@@ -1,4 +1,19 @@
+# frozen_string_literal: true
+
+if ENV['GITHUB_ACTION']
+  require 'simplecov-lcov'
+
+  SimpleCov::Formatter::LcovFormatter.config do |c|
+    c.single_report_path = 'coverage/lcov.info'
+    c.report_with_single_file = true
+  end
+
+  SimpleCov.formatter = SimpleCov::Formatter::LcovFormatter
+end
+
 SimpleCov.start do
+  enable_coverage :branch # Only supported for Ruby >= 2.5
+
   add_filter '/spec/'
   add_filter 'helper'
-end
+end

.travis.yml

@@ -1,17 +0,0 @@
-language: ruby
-sudo: false
-cache: bundler
-rvm:
-  - 2.4.9
-  - 2.5.7
-  - 2.6.5
-  - 2.7.0
-matrix:
-  allow_failures:
-    - rvm: 2.7.0
-script:
-  - bundle exec rubocop
-  - bundle exec rspec
-notifications:
-  email:
-    - team@wpscan.org

Dockerfile

@@ -1,16 +1,16 @@
-FROM ruby:2.6.3-alpine AS builder
+FROM ruby:2.7.1-alpine AS builder
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 
-ARG BUNDLER_ARGS="--jobs=8 --without test development"
-
-RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+RUN echo "install: --no-document --no-post-install-message\nupdate: --no-document --no-post-install-message" > /etc/gemrc
 
 COPY . /wpscan
 
 RUN apk add --no-cache git libcurl ruby-dev libffi-dev make gcc musl-dev zlib-dev procps sqlite-dev && \
-  bundle install --system --clean --no-cache --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \
-  # temp fix for https://github.com/bundler/bundler/issues/6680
-  rm -rf /usr/local/bundle/cache
+  bundle config force_ruby_platform true && \
+  bundle config disable_version_check 'true' && \
+  bundle config without "test development" && \
+  bundle config path.system 'true' && \
+  bundle install --gemfile=/wpscan/Gemfile --jobs=8
 
 WORKDIR /wpscan
 RUN rake install --trace
@@ -19,7 +19,7 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle
 
 
-FROM ruby:2.6.3-alpine
+FROM ruby:2.7.1-alpine
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 
 RUN adduser -h /wpscan -g WPScan -D wpscan

README.md

@@ -7,15 +7,15 @@
 <h3 align="center">WPScan</h3>
 
 <p align="center">
-  WordPress Vulnerability Scanner
+  WordPress Security Scanner
   <br>
   <br>
-  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
+  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
 </p>
 
 <p align="center">
   <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
-  <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
+  <a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
   <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
 </p>
 
@@ -31,7 +31,11 @@
 - RubyGems      - Recommended: latest
 - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
 
-### From RubyGems (Recommended)
+### In a Pentesting distribution
+
+When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
+
+### From RubyGems
 
 ```shell
 gem install wpscan
@@ -39,18 +43,6 @@ gem install wpscan
 
 On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
 
-### From sources (NOT Recommended)
-
-Prerequisites: Git
-
-```shell
-git clone https://github.com/wpscanteam/wpscan
-
-cd wpscan/
-
-bundle install && rake install
-```
-
 # Updating
 
 You can update the local database by using ```wpscan --update```
@@ -77,6 +69,8 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
 
 # Usage
 
+Full user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
+
 ```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
 
 If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
@@ -130,6 +124,11 @@ cli_options:
   api_token: YOUR_API_TOKEN
 ```
 
+## Load API Token From ENV (since v3.7.10)
+
+The API Token will be automatically loaded from the ENV variable `WPSCAN_API_TOKEN` if present. If the `--api-token` CLI option is also provided, the value from the CLI will be used.
+
+
 ## Enumerating usernames
 
 ```shell

app/controllers/custom_directories.rb

@@ -18,9 +18,7 @@ module WPScan
         target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
         target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir
 
-        return if target.content_dir
-
-        raise Error::WpContentDirNotDetected
+        raise Error::WpContentDirNotDetected unless target.content_dir
       end
     end
   end

app/controllers/enumeration/cli_options.rb

@@ -51,7 +51,7 @@ module WPScan
           OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),
           OptChoice.new(
             ['--plugins-detection MODE',
-             'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
+             'Use the supplied mode to enumerate Plugins.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive
           ),
           OptBoolean.new(
@@ -62,8 +62,7 @@ module WPScan
           ),
           OptChoice.new(
             ['--plugins-version-detection MODE',
-             'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
-             'or --plugins-detection modes.'],
+             'Use the supplied mode to check plugins\' versions.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
           ),
           OptInteger.new(

app/controllers/password_attack.rb

@@ -23,27 +23,32 @@ module WPScan
         ]
       end
 
-      def run
-        return unless ParsedCli.passwords
-
-        if user_interaction?
-          output('@info',
-                 msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s")
-        end
-
-        attack_opts = {
+      def attack_opts
+        @attack_opts ||= {
           show_progression: user_interaction?,
           multicall_max_passwords: ParsedCli.multicall_max_passwords
         }
+      end
+
+      def run
+        return unless ParsedCli.passwords
 
         begin
           found = []
 
-          attacker.attack(users, passwords(ParsedCli.passwords), attack_opts) do |user|
+          if user_interaction?
+            output('@info',
+                   msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s")
+          end
+
+          attacker.attack(users, ParsedCli.passwords, attack_opts) do |user|
             found << user
 
             attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}")
           end
+        rescue Error::NoLoginInterfaceDetected => e
+          # TODO: Maybe output that in JSON as well.
+          output('@notice', msg: e.to_s) if user_interaction?
         ensure
           output('users', users: found)
         end
@@ -65,6 +70,8 @@ module WPScan
 
         case ParsedCli.password_attack
         when :wp_login
+          raise Error::NoLoginInterfaceDetected unless target.login_url
+
           Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
           raise Error::XMLRPCNotDetected unless xmlrpc
@@ -81,8 +88,8 @@ module WPScan
       def xmlrpc_get_users_blogs_enabled?
         if xmlrpc&.enabled? &&
            xmlrpc.available_methods.include?('wp.getUsersBlogs') &&
-           xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
-                 .run.body !~ /XML\-RPC services are disabled/
+           !xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
+                  .run.body.match?(/>\s*405\s*</)
 
           true
         else
@@ -100,8 +107,10 @@ module WPScan
           else
             Finders::Passwords::XMLRPC.new(xmlrpc)
           end
-        else
+        elsif target.login_url
           Finders::Passwords::WpLogin.new(target)
+        else
+          raise Error::NoLoginInterfaceDetected
         end
       end
 
@@ -113,15 +122,6 @@ module WPScan
           acc << Model::User.new(elem.chomp)
         end
       end
-
-      # @param [ String ] wordlist_path
-      #
-      # @return [ Array<String> ]
-      def passwords(wordlist_path)
-        @passwords ||= File.open(wordlist_path).reduce([]) do |acc, elem|
-          acc << elem.chomp
-        end
-      end
     end
   end
 end

app/controllers/vuln_api.rb

@@ -4,6 +4,8 @@ module WPScan
   module Controller
     # Controller to handle the API token
     class VulnApi < CMSScanner::Controller::Base
+      ENV_KEY = 'WPSCAN_API_TOKEN'
+
       def cli_options
         [
           OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
@@ -11,9 +13,9 @@ module WPScan
       end
 
       def before_scan
-        return unless ParsedCli.api_token
+        return unless ParsedCli.api_token || ENV.key?(ENV_KEY)
 
-        DB::VulnApi.token = ParsedCli.api_token
+        DB::VulnApi.token = ParsedCli.api_token || ENV[ENV_KEY]
 
         api_status = DB::VulnApi.status
 

app/finders/db_exports/known_locations.rb

@@ -40,7 +40,7 @@ module WPScan
         # @return [ Hash ]
         def potential_urls(opts = {})
           urls        = {}
-          domain_name = PublicSuffix.domain(target.uri.host)[/(^[\w|-]+)/, 1]
+          domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
 
           File.open(opts[:list]).each_with_index do |path, index|
             path.gsub!('{domain_name}', domain_name)

app/finders/interesting_findings/backup_db.rb

@@ -16,8 +16,7 @@ module WPScan
             target.url(path),
             confidence: 70,
             found_by: DIRECT_ACCESS,
-            interesting_entries: target.directory_listing_entries(path),
-            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
+            interesting_entries: target.directory_listing_entries(path)
           )
         end
       end

app/finders/interesting_findings/debug_log.rb

@@ -11,11 +11,7 @@ module WPScan
 
           return unless target.debug_log?(path)
 
-          Model::DebugLog.new(
-            target.url(path),
-            confidence: 100, found_by: DIRECT_ACCESS,
-            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
-          )
+          Model::DebugLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/duplicator_installer_log.rb

@@ -11,12 +11,7 @@ module WPScan
 
           return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
 
-          Model::DuplicatorInstallerLog.new(
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
-          )
+          Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/emergency_pwd_reset_script.rb

@@ -15,10 +15,7 @@ module WPScan
           Model::EmergencyPwdResetScript.new(
             target.url(path),
             confidence: /password/i.match?(res.body) ? 100 : 40,
-            found_by: DIRECT_ACCESS,
-            references: {
-              url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
-            }
+            found_by: DIRECT_ACCESS
           )
         end
       end

app/finders/interesting_findings/full_path_disclosure.rb

@@ -16,8 +16,7 @@ module WPScan
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries,
-            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
+            interesting_entries: fpd_entries
           )
         end
       end

app/finders/interesting_findings/mu_plugins.rb

@@ -7,22 +7,16 @@ module WPScan
       class MuPlugins < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def passive(_opts = {})
-          pattern = %r{#{target.content_dir}/mu\-plugins/}i
+          pattern = %r{#{target.content_dir}/mu-plugins/}i
 
-          target.in_scope_uris(target.homepage_res) do |uri|
+          target.in_scope_uris(target.homepage_res, '(//@href|//@src)[contains(., "mu-plugins")]') do |uri|
             next unless uri.path&.match?(pattern)
 
             url = target.url('wp-content/mu-plugins/')
 
             target.mu_plugins = true
 
-            return Model::MuPlugins.new(
-              url,
-              confidence: 70,
-              found_by: 'URLs In Homepage (Passive Detection)',
-              to_s: "This site has 'Must Use Plugins': #{url}",
-              references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-            )
+            return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)')
           end
           nil
         end
@@ -37,13 +31,7 @@ module WPScan
 
           target.mu_plugins = true
 
-          Model::MuPlugins.new(
-            url,
-            confidence: 80,
-            found_by: DIRECT_ACCESS,
-            to_s: "This site has 'Must Use Plugins': #{url}",
-            references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-          )
+          Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/multisite.rb

@@ -12,18 +12,12 @@ module WPScan
           location = res.headers_hash['location']
 
           return unless [200, 302].include?(res.code)
-          return if res.code == 302 && location =~ /wp-login\.php\?action=register/
-          return unless res.code == 200 || res.code == 302 && location =~ /wp-signup\.php/
+          return if res.code == 302 && location&.include?('wp-login.php?action=register')
+          return unless res.code == 200 || res.code == 302 && location&.include?('wp-signup.php')
 
           target.multisite = true
 
-          Model::Multisite.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: 'This site seems to be a multisite',
-            references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
-          )
+          Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/registration.rb

@@ -20,12 +20,7 @@ module WPScan
 
           target.registration_enabled = true
 
-          Model::Registration.new(
-            res.effective_url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Registration is enabled: #{res.effective_url}"
-          )
+          Model::Registration.new(res.effective_url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/tmm_db_migrate.rb

@@ -13,12 +13,7 @@ module WPScan
 
           return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
 
-          Model::TmmDbMigrate.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { packetstorm: 131_957 }
-          )
+          Model::TmmDbMigrate.new(url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/upload_directory_listing.rb

@@ -13,12 +13,7 @@ module WPScan
 
           url = target.url(path)
 
-          Model::UploadDirectoryListing.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Upload directory has listing enabled: #{url}"
-          )
+          Model::UploadDirectoryListing.new(url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/upload_sql_dump.rb

@@ -14,11 +14,7 @@ module WPScan
 
           return unless SQL_PATTERN.match?(res.body)
 
-          Model::UploadSQLDump.new(
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS
-          )
+          Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/wp_cron.rb

@@ -11,17 +11,7 @@ module WPScan
 
           return unless res.code == 200
 
-          Model::WPCron.new(
-            wp_cron_url,
-            confidence: 60,
-            found_by: DIRECT_ACCESS,
-            references: {
-              url: [
-                'https://www.iplocation.net/defend-wordpress-from-ddos',
-                'https://github.com/wpscanteam/wpscan/issues/1299'
-              ]
-            }
-          )
+          Model::WPCron.new(wp_cron_url, confidence: 60, found_by: DIRECT_ACCESS)
         end
 
         def wp_cron_url

app/finders/main_theme/css_style_in_homepage.rb

@@ -20,8 +20,8 @@ module WPScan
         end
 
         def passive_from_css_href(res, opts)
-          target.in_scope_uris(res, '//style/@src|//link/@href') do |uri|
-            next unless uri.path =~ %r{/themes/([^\/]+)/style.css\z}i
+          target.in_scope_uris(res, '//link/@href[contains(., "style.css")]') do |uri|
+            next unless uri.path =~ %r{/themes/([^/]+)/style.css\z}i
 
             return create_theme(Regexp.last_match[1], uri.to_s, opts)
           end
@@ -33,7 +33,7 @@ module WPScan
             code = tag.text.to_s
             next if code.empty?
 
-            next unless code =~ %r{#{item_code_pattern('themes')}\\?/style\.css[^"'\( ]*}i
+            next unless code =~ %r{#{item_code_pattern('themes')}\\?/style\.css[^"'( ]*}i
 
             return create_theme(Regexp.last_match[1], Regexp.last_match[0].strip, opts)
           end

app/finders/passwords/wp_login.rb

@@ -13,7 +13,7 @@ module WPScan
 
         def valid_credentials?(response)
           response.code == 302 &&
-            [*response.headers['Set-Cookie']]&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
+            Array(response.headers['Set-Cookie'])&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
         end
 
         def errored_response?(response)

app/finders/passwords/xml_rpc.rb

@@ -12,11 +12,11 @@ module WPScan
         end
 
         def valid_credentials?(response)
-          response.code == 200 && response.body =~ /blogName/
+          response.code == 200 && response.body.include?('blogName')
         end
 
         def errored_response?(response)
-          response.code != 200 && response.body !~ /login_error/i
+          response.code != 200 && response.body !~ /Incorrect username or password/i
         end
       end
     end

app/finders/passwords/xml_rpc_multicall.rb

@@ -22,8 +22,30 @@ module WPScan
           target.multi_call(methods, cache_ttl: 0).run
         end
 
+        # @param [ IO ] file
+        # @param [ Integer ] passwords_size
+        # @return [ Array<String> ] The passwords from the last checked position in the file until there are
+        #                           passwords_size passwords retrieved
+        def passwords_from_wordlist(file, passwords_size)
+          pwds       = []
+          added_pwds = 0
+
+          return pwds if passwords_size.zero?
+
+          # Make sure that the main code does not call #sysseek or #count etc
+          # otherwise the file descriptor will be set to somwehere else
+          file.each_line(chomp: true) do |line|
+            pwds << line
+            added_pwds += 1
+
+            break if added_pwds == passwords_size
+          end
+
+          pwds
+        end
+
         # @param [ Array<Model::User> ] users
-        # @param [ Array<String> ] passwords
+        # @param [ String ] wordlist_path
         # @param [ Hash ] opts
         # @option opts [ Boolean ] :show_progression
         # @option opts [ Integer ] :multicall_max_passwords
@@ -33,18 +55,22 @@ module WPScan
         # TODO: Make rubocop happy about metrics etc
         #
         # rubocop:disable all
-        def attack(users, passwords, opts = {})
-          wordlist_index         = 0
+        def attack(users, wordlist_path, opts = {})
+          checked_passwords      = 0
+          wordlist               = File.open(wordlist_path)
+          wordlist_size          = wordlist.count
           max_passwords          = opts[:multicall_max_passwords]
           current_passwords_size = passwords_size(max_passwords, users.size)
 
-          create_progress_bar(total: (passwords.size / current_passwords_size.round(1)).ceil,
+          create_progress_bar(total: (wordlist_size / current_passwords_size.round(1)).ceil,
                               show_progression: opts[:show_progression])
 
+          wordlist.sysseek(0) # reset the descriptor to the beginning of the file as it changed with #count
+
           loop do
-            current_users     = users.select { |user| user.password.nil? }
-            current_passwords = passwords[wordlist_index, current_passwords_size]
-            wordlist_index   += current_passwords_size
+            current_users      = users.select { |user| user.password.nil? }
+            current_passwords  = passwords_from_wordlist(wordlist, current_passwords_size)
+            checked_passwords += current_passwords_size
 
             break if current_users.empty? || current_passwords.nil? || current_passwords.empty?
 
@@ -76,16 +102,19 @@ module WPScan
                 break
               end
 
-              progress_bar.total = progress_bar.progress + ((passwords.size - wordlist_index) / current_passwords_size.round(1)).ceil
+              begin
+                progress_bar.total = progress_bar.progress + ((wordlist_size - checked_passwords) / current_passwords_size.round(1)).ceil
+              rescue ProgressBar::InvalidProgressError
+              end
             end
           end
           # Maybe a progress_bar.stop ?
         end
-        # rubocop:disable all
+        # rubocop:enable all
 
         def passwords_size(max_passwords, users_size)
           return 1 if max_passwords < users_size
-          return 0 if users_size == 0
+          return 0 if users_size.zero?
 
           max_passwords / users_size
         end
@@ -94,9 +123,13 @@ module WPScan
         def check_and_output_errors(res)
           progress_bar.log("Incorrect response: #{res.code} / #{res.return_message}") unless res.code == 200
 
-          progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)') if res.body =~ /parse error. not well formed/i
+          if /parse error. not well formed/i.match?(res.body)
+            progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)')
+          end
 
-          progress_bar.log('The requested method is not supported') if res.body =~ /requested method [^ ]+ does not exist/i
+          return unless /requested method [^ ]+ does not exist/i.match?(res.body)
+
+          progress_bar.log('The requested method is not supported')
         end
       end
     end

app/finders/plugin_version/readme.rb

@@ -48,7 +48,7 @@ module WPScan
         #
         # @return [ String, nil ] The version number detected from the stable tag
         def from_stable_tag(body)
-          return unless body =~ /\b(?:stable tag|version):\s*(?!trunk)([0-9a-z\.-]+)/i
+          return unless body =~ /\b(?:stable tag|version):\s*(?!trunk)([0-9a-z.-]+)/i
 
           number = Regexp.last_match[1]
 
@@ -59,7 +59,7 @@ module WPScan
         #
         # @return [ String, nil ] The best version number detected from the changelog section
         def from_changelog_section(body)
-          extracted_versions = body.scan(%r{[=]+\s+(?:v(?:ersion)?\s*)?([0-9\.-]+)[ \ta-z0-9\(\)\.\-\/]*[=]+}i)
+          extracted_versions = body.scan(%r{=+\s+(?:v(?:ersion)?\s*)?([0-9.-]+)[ \ta-z0-9().\-/]*=+}i)
 
           return if extracted_versions.nil? || extracted_versions.empty?
 
@@ -68,11 +68,9 @@ module WPScan
           extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
 
           sorted = extracted_versions.sort do |x, y|
-            begin
-              Gem::Version.new(x) <=> Gem::Version.new(y)
-            rescue StandardError
-              0
-            end
+            Gem::Version.new(x) <=> Gem::Version.new(y)
+          rescue StandardError
+            0
           end
 
           sorted.last

app/finders/theme_version/style.rb

@@ -30,7 +30,7 @@ module WPScan
 
         # @return [ Version ]
         def style_version
-          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z\.-]+)/i
+          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z.-]+)/i
 
           Model::Version.new(
             Regexp.last_match[1],

app/finders/users.rb

@@ -6,7 +6,7 @@ require_relative 'users/oembed_api'
 require_relative 'users/rss_generator'
 require_relative 'users/author_id_brute_forcing'
 require_relative 'users/login_error_messages'
-require_relative 'users/yoast_seo_author_sitemap.rb'
+require_relative 'users/yoast_seo_author_sitemap'
 
 module WPScan
   module Finders

app/finders/users/author_id_brute_forcing.rb

@@ -71,11 +71,13 @@ module WPScan
           return username, 'Display Name', 50 if username
         end
 
-        # @param [ String ] url
+        # @param [ String, Addressable::URI ] uri
         #
         # @return [ String, nil ]
-        def username_from_author_url(url)
-          url[%r{/author/([^/\b]+)/?}i, 1]
+        def username_from_author_url(uri)
+          uri = Addressable::URI.parse(uri) unless uri.is_a?(Addressable::URI)
+
+          uri.path[%r{/author/([^/\b]+)/?}i, 1]
         end
 
         # @param [ Typhoeus::Response ] res
@@ -83,12 +85,12 @@ module WPScan
         # @return [ String, nil ] The username found
         def username_from_response(res)
           # Permalink enabled
-          target.in_scope_uris(res, '//link/@href|//a/@href') do |uri|
-            username = username_from_author_url(uri.to_s)
+          target.in_scope_uris(res, '//@href[contains(., "author/")]') do |uri|
+            username = username_from_author_url(uri)
             return username if username
           end
 
-          # No permalink
+          # No permalink, TODO Maybe use xpath to extract the classes ?
           res.body[/<body class="archive author author-([^\s]+)[ "]/i, 1]
         end
 

app/finders/users/author_posts.rb

@@ -45,7 +45,7 @@ module WPScan
         def potential_usernames(res)
           usernames = []
 
-          target.in_scope_uris(res, '//a/@href') do |uri, node|
+          target.in_scope_uris(res, '//a/@href[contains(., "author")]') do |uri, node|
             if uri.path =~ %r{/author/([^/\b]+)/?\z}i
               usernames << [Regexp.last_match[1], 'Author Pattern', 100]
             elsif /author=[0-9]+/.match?(uri.query)

app/finders/users/login_error_messages.rb

@@ -37,7 +37,7 @@ module WPScan
           # usernames from the potential Users found
           unames = opts[:found].map(&:username)
 
-          [*opts[:list]].each { |uname| unames << uname.chomp }
+          Array(opts[:list]).each { |uname| unames << uname.chomp }
 
           unames.uniq
         end

app/finders/users/rss_generator.rb

@@ -13,7 +13,7 @@ module WPScan
           urls.each do |url|
             res = Browser.get_and_follow_location(url)
 
-            next unless res.code == 200 && res.body =~ /<dc\:creator>/i
+            next unless res.code == 200 && res.body =~ /<dc:creator>/i
 
             potential_usernames = []
 

app/finders/users/wp_json_api.rb

@@ -21,7 +21,7 @@ module WPScan
           loop do
             current_page += 1
 
-            res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
+            res = Browser.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
 
             total_pages ||= res.headers['X-WP-TotalPages'].to_i
 

app/finders/users/yoast_seo_author_sitemap.rb

@@ -13,7 +13,7 @@ module WPScan
           found = []
 
           Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
-            username = user_tag.text.to_s[%r{/author/([^\/]+)/}, 1]
+            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
 
             next unless username && !username.strip.empty?
 

app/finders/wp_items/urls_in_page.rb

@@ -8,11 +8,15 @@ module WPScan
         # @param [ String ] type plugins / themes
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
-        # @return [Array<String> ] The plugins/themes detected in the href, src attributes of the homepage
+        # @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page
         def items_from_links(type, uniq = true)
           found = []
+          xpath = format(
+            '(//@href|//@src|//@data-src)[contains(., "%s")]',
+            type == 'plugins' ? target.plugins_dir : target.content_dir
+          )
 
-          target.in_scope_uris(page_res) do |uri|
+          target.in_scope_uris(page_res, xpath) do |uri|
             next unless uri.to_s =~ item_attribute_pattern(type)
 
             slug = Regexp.last_match[1]&.strip
@@ -51,7 +55,7 @@ module WPScan
         #
         # @return [ Regexp ]
         def item_code_pattern(type)
-          @item_code_pattern ||= %r{["'\( ]#{item_url_pattern(type)}([^\\\/\)"']+)}i
+          @item_code_pattern ||= %r{["'( ]#{item_url_pattern(type)}([^\\/)"']+)}i
         end
 
         # @param [ String ] type
@@ -62,9 +66,9 @@ module WPScan
           item_url = type == 'plugins' ? target.plugins_url : target.content_url
 
           url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
-          item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
+          item_dir = %r{(?:#{url}|\\?/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
 
-          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i
+          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?/}i
         end
       end
     end

app/finders/wp_version/rdf_generator.rb

@@ -28,7 +28,7 @@ module WPScan
         end
 
         def passive_urls_xpath
-          '//a[contains(@href, "rdf")]/@href'
+          '//a[contains(@href, "/rdf")]/@href'
         end
 
         def aggressive_urls(_opts = {})

app/models/interesting_finding.rb

@@ -8,45 +8,110 @@ module WPScan
     end
 
     #
-    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
+    # Some classes are empty for the #type to be correctly displayed (as taken from the self.class from the parent)
     #
     class BackupDB < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://github.com/wpscanteam/wpscan/issues/422'] }
+      end
     end
 
     class DebugLog < InterestingFinding
+      # @ return [ Hash ]
+      def references
+        @references ||= { url: ['https://codex.wordpress.org/Debugging_in_WordPress'] }
+      end
     end
 
     class DuplicatorInstallerLog < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.exploit-db.com/ghdb/3981/'] }
+      end
     end
 
     class EmergencyPwdResetScript < InterestingFinding
+      def references
+        @references ||= {
+          url: ['https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script']
+        }
+      end
     end
 
     class FullPathDisclosure < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.owasp.org/index.php/Full_Path_Disclosure'] }
+      end
     end
 
     class MuPlugins < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "This site has 'Must Use Plugins': #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Must_Use_Plugins'] }
+      end
     end
 
     class Multisite < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'This site seems to be a multisite'
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Glossary#Multisite'] }
+      end
     end
 
     class Readme < InterestingFinding
     end
 
     class Registration < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Registration is enabled: #{url}"
+      end
     end
 
     class TmmDbMigrate < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { packetstorm: [131_957] }
+      end
     end
 
     class UploadDirectoryListing < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Upload directory has listing enabled: #{url}"
+      end
     end
 
     class UploadSQLDump < InterestingFinding
     end
 
     class WPCron < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "The external WP-Cron seems to be enabled: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= {
+          url: [
+            'https://www.iplocation.net/defend-wordpress-from-ddos',
+            'https://github.com/wpscanteam/wpscan/issues/1299'
+          ]
+        }
+      end
     end
   end
 end

app/models/plugin.rb

@@ -38,7 +38,7 @@ module WPScan
 
       # @return [ Array<String> ]
       def potential_readme_filenames
-        @potential_readme_filenames ||= [*(DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)]
+        @potential_readme_filenames ||= Array((DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super))
       end
     end
   end

app/models/theme.rb

@@ -45,7 +45,7 @@ module WPScan
       # @return [ Theme ]
       def parent_theme
         return unless template
-        return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
+        return unless style_body =~ /^@import\surl\(["']?([^"')]+)["']?\);\s*$/i
 
         opts = detection_opts.merge(
           style_url: url(Regexp.last_match[1]),
@@ -101,7 +101,7 @@ module WPScan
       #
       # @return [ String ]
       def parse_style_tag(body, tag)
-        value = body[/#{Regexp.escape(tag)}:[\t ]*([^\r\n\*]+)/i, 1]
+        value = body[/\b#{Regexp.escape(tag)}:[\t ]*([^\r\n*]+)/, 1]
 
         value && !value.strip.empty? ? value.strip : nil
       end

app/models/timthumb.rb

@@ -40,9 +40,9 @@ module WPScan
       def rce_132_vuln
         Vulnerability.new(
           'Timthumb <= 1.32 Remote Code Execution',
-          { exploitdb: ['17602'] },
-          'RCE',
-          '1.33'
+          references: { exploitdb: ['17602'] },
+          type: 'RCE',
+          fixed_in: '1.33'
         )
       end
 
@@ -50,12 +50,12 @@ module WPScan
       def rce_webshot_vuln
         Vulnerability.new(
           'Timthumb <= 2.8.13 WebShot Remote Code Execution',
-          {
+          references: {
             url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
             cve: '2014-4663'
           },
-          'RCE',
-          '2.8.14'
+          type: 'RCE',
+          fixed_in: '2.8.14'
         )
       end
 

app/models/wp_item.rb

@@ -39,7 +39,7 @@ module WPScan
 
         @vulnerabilities = []
 
-        [*db_data['vulnerabilities']].each do |json_vuln|
+        Array(db_data['vulnerabilities']).each do |json_vuln|
           vulnerability = Vulnerability.load_from_json(json_vuln)
           @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
         end

app/models/wp_version.rb

@@ -53,7 +53,7 @@ module WPScan
 
         @vulnerabilities = []
 
-        [*db_data['vulnerabilities']].each do |json_vuln|
+        Array(db_data['vulnerabilities']).each do |json_vuln|
           @vulnerabilities << Vulnerability.load_from_json(json_vuln)
         end
 

app/models/xml_rpc.rb

@@ -8,7 +8,7 @@ module WPScan
 
       # @return [ Hash ]
       def references
-        {
+        @references ||= {
           url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
           metasploit: [
             'auxiliary/scanner/http/wordpress_ghost_scanner',

app/views/cli/password_attack/users.erb

@@ -2,7 +2,7 @@
 <% if @users.empty? -%>
 <%= notice_icon %> No Valid Passwords Found.
 <% else -%>
-<%= notice_icon %> Valid Combinations Found:
+<%= critical_icon %> Valid Combinations Found:
 <% @users.each do |user| -%>
  | Username: <%= user.username %>, Password: <%= user.password %>
 <% end -%>

app/views/cli/vulnerability.erb

@@ -1,4 +1,7 @@
  | <%= critical_icon %> Title: <%= @v.title %>
+<% if @v.cvss -%>
+ |     CVSS: <%= @v.cvss[:score] %> (<%= @v.cvss[:vector] %>)
+<% end -%>
 <% if @v.fixed_in -%>
  |     Fixed in: <%= @v.fixed_in %>
 <% end -%>

app/views/json/finding.erb

@@ -19,6 +19,9 @@
   <% vulns.each_with_index do |v, index| -%>
   {
     "title": <%= v.title.to_json %>,
+    <% if v.cvss -%>
+    "cvss": <%= v.cvss.to_json %>,
+    <% end -%>
     "fixed_in": <%= v.fixed_in.to_json %>,
     "references": <%= v.references.to_json %>
   }<% unless index == last_index -%>,<% end -%>

lib/wpscan/db/updater.rb

@@ -67,13 +67,13 @@ module WPScan
       # @return [ Hash ] The params for Typhoeus::Request
       # @note Those params can't be overriden by CLI options
       def request_params
-        @request_params ||= {
+        @request_params ||= Browser.instance.default_connect_request_params.merge(
           timeout: 600,
           connecttimeout: 300,
           accept_encoding: 'gzip, deflate',
           cache_ttl: 0,
-          headers: { 'User-Agent' => Browser.instance.default_user_agent, 'Referer' => nil }
-        }
+          headers: { 'User-Agent' => Browser.instance.default_user_agent }
+        )
       end
 
       # @return [ String ] The raw file URL associated with the given filename
@@ -85,7 +85,7 @@ module WPScan
       def remote_file_checksum(filename)
         url = "#{remote_file_url(filename)}.sha512"
 
-        res = Browser.get(url, request_params)
+        res = Typhoeus.get(url, request_params)
         raise Error::Download, res if res.timed_out? || res.code != 200
 
         res.body.chomp
@@ -126,7 +126,7 @@ module WPScan
         file_path = local_file_path(filename)
         file_url  = remote_file_url(filename)
 
-        res = Browser.get(file_url, request_params)
+        res = Typhoeus.get(file_url, request_params)
         raise Error::Download, res if res.timed_out? || res.code != 200
 
         File.open(file_path, 'wb') { |f| f.write(res.body) }
@@ -139,24 +139,22 @@ module WPScan
         updated = []
 
         FILES.each do |filename|
-          begin
-            db_checksum = remote_file_checksum(filename)
+          db_checksum = remote_file_checksum(filename)
 
-            # Checking if the file needs to be updated
-            next if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
+          # Checking if the file needs to be updated
+          next if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
 
-            create_backup(filename)
-            dl_checksum = download(filename)
+          create_backup(filename)
+          dl_checksum = download(filename)
 
-            raise "#{filename}: checksums do not match" unless dl_checksum == db_checksum
+          raise Error::ChecksumsMismatch, filename unless dl_checksum == db_checksum
 
-            updated << filename
-          rescue StandardError => e
-            restore_backup(filename)
-            raise e
-          ensure
-            delete_backup(filename) if File.exist?(backup_file_path(filename))
-          end
+          updated << filename
+        rescue StandardError => e
+          restore_backup(filename)
+          raise e
+        ensure
+          delete_backup(filename) if File.exist?(backup_file_path(filename))
         end
 
         File.write(last_update_file, Time.now)

lib/wpscan/db/vuln_api.rb

@@ -21,8 +21,10 @@ module WPScan
       # @return [ Hash ]
       def self.get(path, params = {})
         return {} unless token
+        return {} if path.end_with?('/latest') # Remove this when api/v4 is up
 
-        res = Browser.get(uri.join(path), params.merge(request_params))
+        # Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
+        res = Typhoeus.get(uri.join(path), default_request_params.merge(params))
 
         return {} if res.code == 404 # This is for API inconsistencies when dots in path
         return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
@@ -64,15 +66,14 @@ module WPScan
       end
 
       # @return [ Hash ]
-      def self.request_params
-        {
+      # @note Those params can not be overriden by CLI options
+      def self.default_request_params
+        Browser.instance.default_connect_request_params.merge(
           headers: {
-            'Host' => uri.host, # Reset in case user provided a --vhost for the target
-            'Referer' => nil, # Removes referer set by the cmsscanner to the target url
             'User-Agent' => Browser.instance.default_user_agent,
             'Authorization' => "Token token=#{token}"
           }
-        }
+        )
       end
     end
   end

lib/wpscan/errors/update.rb

@@ -8,5 +8,17 @@ module WPScan
         'Update required, you can not run a scan if a database file is missing.'
       end
     end
+
+    class ChecksumsMismatch < Standard
+      attr_reader :db_file
+
+      def initialize(db_file)
+        @db_file = db_file
+      end
+
+      def to_s
+        "#{db_file}: checksums do not match. Please try again in a few minutes."
+      end
+    end
   end
 end

lib/wpscan/errors/wordpress.rb

@@ -29,5 +29,11 @@ module WPScan
         ' use the --scope option or make sure the --url value given is the correct one'
       end
     end
+
+    class NoLoginInterfaceDetected < Standard
+      def to_s
+        'Could not find a login interface to perform the password attack against'
+      end
+    end
   end
 end

lib/wpscan/finders/dynamic_finder/finder.rb

@@ -17,7 +17,7 @@ module WPScan
         end
 
         # Needed to have inheritance of the @child_class_constants
-        # If inheritance is not needed, then the #child_class_constant can be used in the classe definition, ie
+        # If inheritance is not needed, then the #child_class_constant can be used in the class definition, ie
         #   child_class_constant :FILES, PATTERN: /aaa/i
         # @return [ Hash ]
         def self.child_class_constants

lib/wpscan/finders/dynamic_finder/version/config_parser.rb

@@ -11,7 +11,7 @@ module WPScan
 
           def self.child_class_constants
             @child_class_constants ||= super.merge(
-              PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 70
+              PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[.\d]+)/, CONFIDENCE: 70
             )
           end
 
@@ -21,13 +21,11 @@ module WPScan
             parsers = ALLOWED_PARSERS.include?(self.class::PARSER) ? [self.class::PARSER] : ALLOWED_PARSERS
 
             parsers.each do |parser|
-              begin
-                parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
+              parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
 
-                return parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
-              rescue StandardError
-                next
-              end
+              return parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
+            rescue StandardError
+              next
             end
 
             nil # Make sure nil is returned in case none of the parsers managed to parse the body correctly

lib/wpscan/finders/dynamic_finder/version/query_parameter.rb

@@ -9,7 +9,7 @@ module WPScan
           # @return [ Hash ]
           def self.child_class_constants
             @child_class_constants ||= super().merge(
-              XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)\=(?<v>\d+\.[\.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
+              XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)=(?<v>\d+\.[.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
             )
           end
 

lib/wpscan/finders/dynamic_finder/version/xpath.rb

@@ -9,7 +9,7 @@ module WPScan
           # @return [ Hash ]
           def self.child_class_constants
             @child_class_constants ||= super().merge(
-              XPATH: nil, PATTERN: /\A(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 60
+              XPATH: nil, PATTERN: /\A(?<v>\d+\.[.\d]+)/, CONFIDENCE: 60
             )
           end
 

lib/wpscan/finders/dynamic_finder/wp_version.rb

@@ -33,7 +33,7 @@ module WPScan
 
           # @return [ Hash ]
           def self.child_class_constants
-            @child_class_constants ||= super().merge(PATTERN: /ver\=(?<v>\d+\.[\.\d]+)/i)
+            @child_class_constants ||= super().merge(PATTERN: /ver=(?<v>\d+\.[.\d]+)/i)
           end
         end
 

lib/wpscan/helper.rb

@@ -13,7 +13,7 @@ end
 #
 # @return [ Symbol ]
 def classify_slug(slug)
-  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
+  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
   classified = "D_#{classified}" if /\d/.match?(classified[0])
 
   classified.to_sym

lib/wpscan/references.rb

@@ -2,7 +2,7 @@
 
 module WPScan
   # References module (which should be included along with the CMSScanner::References)
-  # to allow the use of the wpvulndb reference
+  # to allow the use of the wpvulndb reference.
   module References
     extend ActiveSupport::Concern
 

lib/wpscan/target.rb

@@ -19,13 +19,13 @@ module WPScan
     # @return [ Boolean ]
     def vulnerable?
       [@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e|
-        [*e].each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation
+        Array(e).each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation
       end
 
-      return true unless [*@config_backups].empty?
-      return true unless [*@db_exports].empty?
+      return true unless Array(@config_backups).empty?
+      return true unless Array(@db_exports).empty?
 
-      [*@users].each { |u| return true if u.password }
+      Array(@users).each { |u| return true if u.password }
 
       false
     end

lib/wpscan/target/platform/wordpress.rb

@@ -11,9 +11,9 @@ module WPScan
       module WordPress
         include CMSScanner::Target::Platform::PHP
 
-        WORDPRESS_PATTERN      = %r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i.freeze
-        WP_JSON_OEMBED_PATTERN = %r{/wp\-json/oembed/}i.freeze
-        WP_ADMIN_AJAX_PATTERN  = %r{\\?/wp\-admin\\?/admin\-ajax\.php}i.freeze
+        WORDPRESS_PATTERN      = %r{/(?:(?:wp-content/(?:themes|(?:mu-)?plugins|uploads))|wp-includes)/}i.freeze
+        WP_JSON_OEMBED_PATTERN = %r{/wp-json/oembed/}i.freeze
+        WP_ADMIN_AJAX_PATTERN  = %r{\\?/wp-admin\\?/admin-ajax\.php}i.freeze
 
         # These methods are used in the associated interesting_findings finders
         # to keep the boolean state of the finding rather than re-check the whole thing again
@@ -32,8 +32,12 @@ module WPScan
 
           if %i[mixed aggressive].include?(detection_mode)
             %w[wp-admin/install.php wp-login.php].each do |path|
-              return true if in_scope_uris(Browser.get_and_follow_location(url(path))).any? do |uri|
-                WORDPRESS_PATTERN.match?(uri.path)
+              res = Browser.get_and_follow_location(url(path))
+
+              next unless res.code == 200
+
+              in_scope_uris(res, '//link/@href|//script/@src') do |uri|
+                return true if WORDPRESS_PATTERN.match?(uri.path)
               end
             end
           end
@@ -44,7 +48,7 @@ module WPScan
         # @param [ Typhoeus::Response ] response
         # @return [ Boolean ]
         def wordpress_from_meta_comments_or_scripts?(response)
-          in_scope_uris(response) do |uri|
+          in_scope_uris(response, '//link/@href|//script/@src') do |uri|
             return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
           end
 
@@ -100,8 +104,9 @@ module WPScan
 
           unless content_dir
             pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
+            xpath   = '(//@href|//@src)[contains(., "wp.com")]'
 
-            uris_from_page(homepage_res) do |uri|
+            uris_from_page(homepage_res, xpath) do |uri|
               return true if uri.to_s.match?(pattern)
             end
           end
@@ -134,15 +139,16 @@ module WPScan
         # the first time the method is called, and the effective_url is then used
         # if suitable, otherwise the default wp-login will be.
         #
-        # @return [ String ] The URL to the login page
+        # @return [ String, false ] The URL to the login page or false if not detected
         def login_url
-          return @login_url if @login_url
+          return @login_url unless @login_url.nil?
 
-          @login_url = url('wp-login.php')
+          @login_url = url('wp-login.php') # TODO: url(ParsedCli.login_uri)
 
           res = Browser.get_and_follow_location(@login_url)
 
-          @login_url = res.effective_url if res.effective_url =~ /wp\-login\.php\z/i && in_scope?(res.effective_url)
+          @login_url = res.effective_url if res.effective_url =~ /wp-login\.php\z/i && in_scope?(res.effective_url)
+          @login_url = false if res.code == 404
 
           @login_url
         end

lib/wpscan/target/platform/wordpress/custom_directories.rb

@@ -104,10 +104,11 @@ module WPScan
           return @sub_dir unless @sub_dir.nil?
 
           # url_pattern is from CMSScanner::Target
-          pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
+          pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp-includes/)}i
+          xpath = '(//@src|//@href|//@data-src)[contains(., "xmlrpc.php") or contains(., "wp-includes/")]'
 
           [homepage_res, error_404_res].each do |page_res|
-            in_scope_uris(page_res) do |uri|
+            in_scope_uris(page_res, xpath) do |uri|
               return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
             end
           end
@@ -123,9 +124,9 @@ module WPScan
         def url(path = nil)
           return @uri.to_s unless path
 
-          if %r{wp\-content/plugins}i.match?(path)
+          if %r{wp-content/plugins}i.match?(path)
             path = +path.gsub('wp-content/plugins', plugins_dir)
-          elsif /wp\-content/i.match?(path)
+          elsif /wp-content/i.match?(path)
             path = +path.gsub('wp-content', content_dir)
           elsif path[0] != '/' && sub_dir
             path = "#{sub_dir}/#{path}"

lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.7.6'
+  VERSION = '3.8.4'
 end

lib/wpscan/vulnerability.rb

@@ -18,9 +18,10 @@ module WPScan
 
       new(
         json_data['title'],
-        references,
-        json_data['vuln_type'],
-        json_data['fixed_in']
+        references: references,
+        type: json_data['vuln_type'],
+        fixed_in: json_data['fixed_in'],
+        cvss: json_data['cvss']&.symbolize_keys
       )
     end
   end

spec/app/controllers/core_spec.rb

@@ -70,7 +70,7 @@ describe WPScan::Controller::Core do
         let(:cli_args) { "#{super()} --no-update" }
 
         it 'raises an error' do
-          expect { core.update_db_required? }. to raise_error(WPScan::Error::MissingDatabaseFile)
+          expect { core.update_db_required? }.to raise_error(WPScan::Error::MissingDatabaseFile)
         end
       end
 

spec/app/controllers/password_attack_spec.rb

@@ -1,5 +1,24 @@
 # frozen_string_literal: true
 
+XMLRPC_FAILED_BODY = '
+<?xml version="1.0" encoding="UTF-8"?>
+<methodResponse>
+  <fault>
+    <value>
+      <struct>
+        <member>
+          <name>faultCode</name>
+          <value><int>405</int></value>
+        </member>
+        <member>
+          <name>faultString</name>
+          <value><string>%s</string></value>
+        </member>
+      </struct>
+    </value>
+  </fault>
+</methodResponse>'
+
 describe WPScan::Controller::PasswordAttack do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
@@ -21,7 +40,7 @@ describe WPScan::Controller::PasswordAttack do
 
   describe '#users' do
     context 'when no --usernames' do
-      it 'calles target.users' do
+      it 'calls target.users' do
         expect(controller.target).to receive(:users)
         controller.users
       end
@@ -40,10 +59,6 @@ describe WPScan::Controller::PasswordAttack do
     end
   end
 
-  describe '#passwords' do
-    xit
-  end
-
   describe '#run' do
     context 'when no --passwords is supplied' do
       it 'does not run the attacker' do
@@ -85,20 +100,34 @@ describe WPScan::Controller::PasswordAttack do
       end
 
       context 'when wp.getUsersBlogs method listed' do
-        before { expect(xmlrpc).to receive(:available_methods).and_return(%w[wp.getUsersBlogs m2]) }
+        before do
+          expect(xmlrpc).to receive(:available_methods).and_return(%w[wp.getUsersBlogs m2])
+
+          stub_request(:post, xmlrpc.url).to_return(body: body)
+        end
 
         context 'when wp.getUsersBlogs method disabled' do
-          it 'returns false' do
-            stub_request(:post, xmlrpc.url).to_return(body: 'XML-RPC services are disabled on this site.')
+          context 'when blog is in EN' do
+            let(:body) { format(XMLRPC_FAILED_BODY, 'XML-RPC services are disabled on this site.') }
 
-            expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
+            it 'returns false' do
+              expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
+            end
+          end
+
+          context 'when blog is in FR' do
+            let(:body) { format(XMLRPC_FAILED_BODY, 'Les services XML-RPC sont désactivés sur ce site.') }
+
+            it 'returns false' do
+              expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
+            end
           end
         end
 
         context 'when wp.getUsersBlogs method enabled' do
-          it 'returns true' do
-            stub_request(:post, xmlrpc.url).to_return(body: 'Incorrect username or password.')
+          let(:body) { 'Incorrect username or password.' }
 
+          it 'returns true' do
             expect(controller.xmlrpc_get_users_blogs_enabled?).to be true
           end
         end
@@ -107,15 +136,34 @@ describe WPScan::Controller::PasswordAttack do
   end
 
   describe '#attacker' do
+    before do
+      allow(controller.target).to receive(:sub_dir)
+      controller.target.instance_variable_set(:@login_url, nil)
+    end
+
     context 'when --password-attack provided' do
       let(:cli_args) { "#{super()} --password-attack #{attack}" }
 
       context 'when wp-login' do
+        before { stub_request(:get, controller.target.url('wp-login.php')).to_return(status: status) }
+
         let(:attack) { 'wp-login' }
 
-        it 'returns the correct object' do
-          expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
-          expect(controller.attacker.target).to be_a WPScan::Target
+        context 'when available' do
+          let(:status) { 200 }
+
+          it 'returns the correct object' do
+            expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
+            expect(controller.attacker.target).to be_a WPScan::Target
+          end
+        end
+
+        context 'when not available (404)' do
+          let(:status) { 404 }
+
+          it 'raises an error' do
+            expect { controller.attacker }.to raise_error(WPScan::Error::NoLoginInterfaceDetected)
+          end
         end
       end
 
@@ -172,11 +220,26 @@ describe WPScan::Controller::PasswordAttack do
 
     context 'when automatic detection' do
       context 'when xmlrpc_get_users_blogs_enabled? is false' do
-        it 'returns the WpLogin' do
+        before do
           expect(controller).to receive(:xmlrpc_get_users_blogs_enabled?).and_return(false)
+          stub_request(:get, controller.target.url('wp-login.php')).to_return(status: status)
+        end
 
-          expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
-          expect(controller.attacker.target).to be_a WPScan::Target
+        context 'when wp-login available' do
+          let(:status) { 200 }
+
+          it 'returns the WpLogin' do
+            expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
+            expect(controller.attacker.target).to be_a WPScan::Target
+          end
+        end
+
+        context 'when wp-login.php not available' do
+          let(:status) { 404 }
+
+          it 'raises an error' do
+            expect { controller.attacker }.to raise_error(WPScan::Error::NoLoginInterfaceDetected)
+          end
         end
       end
 

spec/app/controllers/vuln_api_spec.rb

@@ -74,20 +74,40 @@ describe WPScan::Controller::VulnApi do
           context 'when limited requests' do
             let(:requests) { 100 }
 
-            it 'does not raise an error' do
+            it 'sets the token and does not raise an error' do
               expect { controller.before_scan }.to_not raise_error
+
+              expect(WPScan::DB::VulnApi.token).to eql 'token'
             end
 
             context 'when unlimited requests' do
               let(:requests) { 'Unlimited' }
 
-              it 'does not raise an error' do
+              it 'sets the token and does not raise an error' do
                 expect { controller.before_scan }.to_not raise_error
+
+                expect(WPScan::DB::VulnApi.token).to eql 'token'
               end
             end
           end
         end
       end
     end
+
+    context 'when token in ENV' do
+      before do
+        ENV[described_class::ENV_KEY] = 'token-from-env'
+
+        expect(WPScan::DB::VulnApi)
+          .to receive(:status)
+          .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 'Unlimited')
+      end
+
+      it 'sets the token and does not raise an error' do
+        expect { controller.before_scan }.to_not raise_error
+
+        expect(WPScan::DB::VulnApi.token).to eql 'token-from-env'
+      end
+    end
   end
 end

spec/app/finders/db_exports/known_locations_spec.rb

@@ -12,7 +12,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
       allow(target).to receive(:sub_dir).and_return(false)
     end
 
-    it 'replace {domain_name} by its value' do
+    it 'replaces {domain_name} by its value' do
       expect(finder.potential_urls(opts).keys).to eql %w[
         http://ex.lo/aa/ex.sql
         http://ex.lo/aa/wordpress.sql
@@ -27,7 +27,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
       context "when #{sub_domain} sub-domain" do
         let(:url) { "https://#{sub_domain}.domain.tld" }
 
-        it 'replace {domain_name} by its correct value' do
+        it 'replaces {domain_name} by its correct value' do
           expect(finder.potential_urls(opts).keys).to include "#{url}/domain.sql"
         end
       end
@@ -36,7 +36,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
     context 'when multi-level tlds' do
       let(:url) { 'https://something.com.tr' }
 
-      it 'replace {domain_name} by its correct value' do
+      it 'replaces {domain_name} by its correct value' do
         expect(finder.potential_urls(opts).keys).to include 'https://something.com.tr/something.sql'
       end
     end
@@ -44,7 +44,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
     context 'when multi-level tlds and sub-domain' do
       let(:url) { 'https://dev.something.com.tr' }
 
-      it 'replace {domain_name} by its correct value' do
+      it 'replaces {domain_name} by its correct value' do
         expect(finder.potential_urls(opts).keys).to include 'https://dev.something.com.tr/something.sql'
       end
     end
@@ -52,10 +52,18 @@ describe WPScan::Finders::DbExports::KnownLocations do
     context 'when some weird stuff' do
       let(:url) { 'https://098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.com' }
 
-      it 'replace {domain_name} by its correct value' do
+      it 'replaces {domain_name} by its correct value' do
         expect(finder.potential_urls(opts).keys).to include "#{url}/domain-test.sql"
       end
     end
+
+    context 'when a non standard URL' do
+      let(:url) { 'http://dc-2' }
+
+      it 'replaces {domain_name} by its correct value' do
+        expect(finder.potential_urls(opts).keys).to include "#{url}/dc-2.sql"
+      end
+    end
   end
 
   describe '#aggressive' do

spec/app/finders/interesting_findings/mu_plugins_spec.rb

@@ -6,8 +6,55 @@ describe WPScan::Finders::InterestingFindings::MuPlugins do
   let(:url)        { 'http://ex.lo/' }
   let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'mu_plugins') }
 
+  before do
+    expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')
+  end
+
   describe '#passive' do
-    xit
+    before { stub_request(:get, url).to_return(body: body) }
+
+    context 'when no uris' do
+      let(:body) { '' }
+
+      its(:passive) { should be nil }
+    end
+
+    context 'when a large amount of unrelated uris' do
+      let(:body) do
+        Array.new(250) { |i| "<a href='#{url}#{i}.html'>Some Link</a><img src='#{url}img-#{i}.png'/>" }.join("\n")
+      end
+
+      it 'should not take a while to process the page' do
+        time_start = Time.now
+        result = finder.passive
+        time_end = Time.now
+
+        expect(result).to be nil
+        expect(time_end - time_start).to be < 1
+      end
+    end
+
+    context 'when uris' do
+      let(:body) { File.read(fixtures.join(fixture)) }
+
+      context 'when none matching' do
+        let(:fixture) { 'no_match.html' }
+
+        its(:passive) { should be nil }
+      end
+
+      context 'when matching via href' do
+        let(:fixture) { 'match_href.html' }
+
+        its(:passive) { should be_a WPScan::Model::MuPlugins }
+      end
+
+      context 'when matching from src' do
+        let(:fixture) { 'match_src.html' }
+
+        its(:passive) { should be_a WPScan::Model::MuPlugins }
+      end
+    end
   end
 
   describe '#aggressive' do

spec/app/finders/passwords/xml_rpc_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+describe WPScan::Finders::Passwords::XMLRPC do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Model::XMLRPC.new(url) }
+  let(:url)        { 'http://ex.lo/xmlrpc.php' }
+
+  RESPONSE_403_BODY = '<?xml version="1.0" encoding="UTF-8"?>
+    <methodResponse>
+      <fault>
+        <value>
+          <struct>
+            <member>
+              <name>faultCode</name>
+              <value><int>403</int></value>
+            </member>
+            <member>
+              <name>faultString</name>
+              <value><string>Incorrect username or password.</string></value>
+            </member>
+          </struct>
+        </value>
+      </fault>
+    </methodResponse>'
+
+  describe '#attack' do
+    let(:wordlist_path) { FINDERS_FIXTURES.join('passwords.txt').to_s }
+
+    context 'when no valid credentials' do
+      before do
+        stub_request(:post, url).to_return(status: status, body: RESPONSE_403_BODY)
+
+        finder.attack(users, wordlist_path)
+      end
+
+      let(:users) { %w[admin].map { |username| WPScan::Model::User.new(username) } }
+
+      context 'when status = 200' do
+        let(:status) { 200 }
+
+        its('progress_bar.log') { should be_empty }
+      end
+
+      context 'when status = 403' do
+        let(:status) { 403 }
+
+        its('progress_bar.log') { should be_empty }
+      end
+    end
+  end
+end

spec/app/finders/plugin_version/readme_spec.rb

@@ -109,7 +109,7 @@ describe WPScan::Finders::PluginVersion::Readme do
         'a-lead-capture-contact-form-and-tab-button-by-awebvoicecom' => '3.1',
         'backup-scheduler' => '1.5.9',
         'release_date_slash' => '1.0.4'
-      }. each do |file, version_number|
+      }.each do |file, version_number|
         context "whith #{file}.txt" do
           it 'returns the expected version' do
             @file = "#{file}.txt"

spec/app/finders/users/author_id_brute_forcing_spec.rb

@@ -19,7 +19,7 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do
     end
   end
 
-  describe '#potential_username' do
+  describe '#username_from_response' do
     [
       '4.1.1', '4.1.1-permalink',
       '3.0', '3.0-permalink',
@@ -32,6 +32,19 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do
         expect(finder.username_from_response(res)).to eql 'admin'
       end
     end
+
+    context 'when a lot of unrelated links' do
+      it 'should not take a while to process the page' do
+        body = Array.new(300) { |i| "<a href='#{url}#{i}.html'>Some Link</a>" }.join("\n")
+        body << '<a href="https://wp.lab/author/test/">Link</a>'
+
+        time_start = Time.now
+        expect(finder.username_from_response(Typhoeus::Response.new(body: body))).to eql 'test'
+        time_end = Time.now
+
+        expect(time_end - time_start).to be < 1
+      end
+    end
   end
 
   describe '#display_name_from_body' do

spec/app/finders/users/author_posts_spec.rb

@@ -16,12 +16,31 @@ describe WPScan::Finders::Users::AuthorPosts do
 
       results = finder.potential_usernames(res)
 
-      expect(results).to eql([
-                               ['admin', 'Author Pattern', 100],
-                               ['admin display_name', 'Display Name', 30],
-                               ['editor', 'Author Pattern', 100],
-                               ['editor', 'Display Name', 30]
-                             ])
+      expect(results).to eql [
+        ['admin', 'Author Pattern', 100],
+        ['admin display_name', 'Display Name', 30],
+        ['editor', 'Author Pattern', 100],
+        ['editor', 'Display Name', 30]
+      ]
+    end
+
+    context 'when a lot of unrelated uris' do
+      it 'should not take a while to process the page' do
+        body =  Array.new(300) { |i| "<a href='#{url}#{i}.html'>Some Link</a>" }.join("\n")
+        body << "<a href='#{url}author/admin/'>Other Link</a>"
+        body << "<a href='#{url}?author=2'>user display name</a>"
+
+        time_start = Time.now
+        results = finder.potential_usernames(Typhoeus::Response.new(body: body))
+        time_end = Time.now
+
+        expect(results).to eql [
+          ['admin', 'Author Pattern', 100],
+          ['user display name', 'Display Name', 30]
+        ]
+
+        expect(time_end - time_start).to be < 1
+      end
     end
   end
 end

spec/app/models/plugin_spec.rb

@@ -202,11 +202,11 @@ describe WPScan::Model::Plugin do
           [
             WPScan::Vulnerability.new(
               'First Vuln <= 6.3.10 - LFI',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
             ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
           ]
         end
 

spec/app/models/theme_spec.rb

@@ -41,6 +41,12 @@ describe WPScan::Model::Theme do
       its(:style_uri)   { should eql 'http://www.elegantthemes.com/gallery/divi/' }
       its(:license_uri) { should eql 'http://www.gnu.org/licenses/gpl-2.0.html' }
     end
+
+    context 'when no tags' do
+      let(:fixture) { fixtures.join('no_tags.css') }
+
+      its(:author) { should eql nil }
+    end
   end
 
   describe '#version' do
@@ -224,11 +230,11 @@ describe WPScan::Model::Theme do
           [
             WPScan::Vulnerability.new(
               'First Vuln',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
             ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
           ]
         end
 

spec/app/models/wp_version_spec.rb

@@ -55,31 +55,15 @@ describe WPScan::Model::WpVersion do
         expect(version).to be_vulnerable
       end
 
-      let(:all_vulns) do
-        [
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 1',
-            { wpvulndb: '1' },
-            'SQLI'
-          ),
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 2',
-            { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
-            nil,
-            '3.8.2'
-          )
-        ]
-      end
-
       context 'when a signle vuln' do
-        let(:number) { '3.8.1' }
+        let(:number) { '3.8' }
         let(:db_data) { vuln_api_data_for('wordpresses/38') }
 
         it 'returns the expected result' do
           @expected = [WPScan::Vulnerability.new(
             'WP 3.8 - Vuln 1',
-            { url: %w[url-4], wpvulndb: '3' },
-            'AUTHBYPASS'
+            references: { url: %w[url-4], wpvulndb: '3' },
+            type: 'AUTHBYPASS'
           )]
         end
       end
@@ -92,14 +76,14 @@ describe WPScan::Model::WpVersion do
           @expected = [
             WPScan::Vulnerability.new(
               'WP 3.8.1 - Vuln 1',
-              { wpvulndb: '1' },
-              'SQLI'
+              references: { wpvulndb: '1' },
+              type: 'SQLI',
+              cvss: { score: '5.4', vector: 'VECTOR' }
             ),
             WPScan::Vulnerability.new(
               'WP 3.8.1 - Vuln 2',
-              { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
-              nil,
-              '3.8.2'
+              references: { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
+              fixed_in: '3.8.2'
             )
           ]
         end

spec/cache/.gitignore

@@ -1,4 +1,4 @@
 # Ignore everything in this directory
 *
 # Except this file
-!.gitignore
+!.gitignore

spec/fixtures/db/vuln_api/wordpresses/381.json

@@ -9,7 +9,11 @@
       "id" : 1,
       "vuln_type" : "SQLI",
       "published_date" : null,
-      "fixed_in" : null
+      "fixed_in" : null,
+      "cvss": {
+        "score": "5.4",
+        "vector": "VECTOR"
+      }
      },
      {
       "references" : {

spec/fixtures/dynamic_finders/plugin_version/24liveblog/composer_file/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "liveblog24-live-blogging-tool-cgb-guten-block",
+  "version": "2.0",
+  "private": true,
+  "scripts": {
+    "start": "cgb-scripts start",
+    "build": "cgb-scripts build",
+    "eject": "cgb-scripts eject"
+  },
+  "dependencies": {
+    "cgb-scripts": "1.23.0"
+  }
+}

spec/fixtures/dynamic_finders/plugin_version/ach-updates-manager/translation_file/languages/ach_upn_manager.pot

@@ -0,0 +1,254 @@
+# Copyright 2019
+# This file is distributed under the GNU General Public License v3 or later.
+msgid ""
+msgstr ""
+"Project-Id-Version: ACh Updates Manager v1.0.0\n"
+"POT-Creation-Date: 2019-05-29 10:50+0100\n"
+"PO-Revision-Date: 2019-05-29 10:50+0100\n"
+"Last-Translator: Ali Chopani <Chopaniali@gmail.com>\n"
+"Language-Team: A. Ch <Chopaniali@gmail.com>\n"
+"Report-Msgid-Bugs-To: Ali Chopani <Chopaniali@gmail.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Textdomain-Support: yes"
+"X-Generator: Poedit 2.2\n"
+"X-Poedit-SourceCharset: UTF-8\n"
+"X-Poedit-KeywordsList: __;_e;esc_html_e;esc_html__;_x;\n"
+"X-Poedit-Basepath: ../\n"
+"X-Poedit-SearchPath-0: .\n"
+"X-Poedit-Language: English\n"
+"X-Poedit-Country: UNITED STATES\n"
+"X-Poedit-Bookmarks: \n"
+
+#: ACh-Updates-Manager.php:5
+msgid "The ACh Updates and Notices Manager is an easy way to manage all your WordPress updates and notifications with one click! e.g. Disable all updates or notifications, Disable automatic updates, Hide errors and warnings messages, Update themes and plugins from zip file and etc."
+msgstr ""
+
+#: ACh-Updates-Manager.php:65
+msgid "Thanks for installing %1$s v%2$s plugin. Click <a href="%3$s">here</a> to configure plugin settings."
+msgstr ""
+
+#: ACh-Updates-Manager.php:75
+msgid "Manage"
+msgstr ""
+
+#: ACh-Updates-Manager.php:86
+#: includes/acupnm-settings.php:34
+#: includes/acupnm-settings.php:144
+msgid "Support"
+msgstr ""
+
+#: ACh-Updates-Manager.php:87
+msgid "Donate"
+msgstr ""
+
+#: ACh-Updates-Manager.php:103
+#: includes/acupnm-settings.php:27
+msgid "ACh Updates and Notices Manager"
+msgstr ""
+
+#: ACh-Updates-Manager.php:103
+msgid "Updates Manager"
+msgstr ""
+
+#: includes/acupnm-settings.php:28
+msgid "The ACh Update Manager plugin for WordPress. Manage all your WordPress updates and notifications with one click!"
+msgstr ""
+
+#: includes/acupnm-settings.php:33
+msgid "Options"
+msgstr ""
+
+#: includes/acupnm-settings.php:44
+msgid "&#10004; Disable all WP updates and notifs"
+msgstr ""
+
+#: includes/acupnm-settings.php:53
+msgid "Disable all WordPress core, themes, plugins and translations updates and notifications."
+msgstr ""
+
+#: includes/acupnm-settings.php:57
+msgid "&#10004; Hide all notices from WP dashboard"
+msgstr ""
+
+#: includes/acupnm-settings.php:66
+msgid "Disable all notices from the WordPress dashboard. e.g. errors, updates, warning, rate us, license, dismissible and etc."
+msgstr ""
+
+#: includes/acupnm-settings.php:70
+msgid "&#10004; Disable plugins updates and notifs"
+msgstr ""
+
+#: includes/acupnm-settings.php:79
+msgid "Disable the WordPress plugins updates and notifications."
+msgstr ""
+
+#: includes/acupnm-settings.php:83
+msgid "&#10004; Disable themes updates and notifs"
+msgstr ""
+
+#: includes/acupnm-settings.php:92
+msgid "Disable the WordPress themes updates and notifications."
+msgstr ""
+
+#: includes/acupnm-settings.php:96
+msgid "&#10004; Disable WP core update and notifs"
+msgstr ""
+
+#: includes/acupnm-settings.php:105
+msgid "Disable the WordPress core update and notifications."
+msgstr ""
+
+#: includes/acupnm-settings.php:109
+msgid "&#10004; Hide WordPress core update notice"
+msgstr ""
+
+#: includes/acupnm-settings.php:118
+msgid "Hide WordPress core update notice from WP dashboard."
+msgstr ""
+
+#: includes/acupnm-settings.php:122
+msgid "&#10004; Update theme and plugin from zip"
+msgstr ""
+
+#: includes/acupnm-settings.php:131
+msgid "This feature allows you to update plugins and themes using a zip file. While upgrading, a backup copy of the old theme or plugin is first created. This allows you to install the old version in case of problems with the new version."
+msgstr ""
+
+#: includes/acupnm-settings.php:147
+msgid "If you need assistance, see our help resources."
+msgstr ""
+
+#: includes/acupnm-settings.php:148
+msgid "Please make a search to find help with your problem, or head over to our support forum to ask a question."
+msgstr ""
+
+#: includes/acupnm-settings.php:152
+msgid "Visit my site"
+msgstr ""
+
+#: includes/acupnm-settings.php:155
+msgid "Send email"
+msgstr ""
+
+#: includes/acupnm-settings.php:158
+msgid "Support forum"
+msgstr ""
+
+#: includes/acupnm-settings.php:167
+msgid "About us"
+msgstr ""
+
+#: includes/acupnm-settings.php:170
+msgid "The ACh Updates and Notices Manager is an easy way to manage all your WordPress updates and notifications with one click!"
+msgstr ""
+
+#: includes/acupnm-settings.php:171
+msgid "ACh Updates and Notices Manager was developed by <a class="achupnm-link-text" href="https://ach.li" target="_blank">A. Ch</a> and is <a class="achupnm-link-text" href="https://wordpress.org" target="_blank">available for free</a> on WordPress."
+msgstr ""
+
+#: includes/acupnm-settings.php:172
+msgid "We work hard to give you an exceptional premium products and 5 star support. To show your appreciation you can buy us a coffee or simply by sharing or follow us on social media."
+msgstr ""
+
+#: includes/acupnm-settings.php:176
+msgid "Buy us a coffee"
+msgstr ""
+
+#: includes/acupnm-settings.php:177
+msgid "Like us"
+msgstr ""
+
+#: includes/acupnm-settings.php:178
+msgid "Tweet us"
+msgstr ""
+
+#: includes/acupnm-settings.php:179
+msgid "Rate us"
+msgstr ""
+
+#: includes/acupnm-settings.php:191
+msgid "Save Changes"
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:41
+msgid "Upgrading the plugin&#8230;"
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:42
+msgid "Backing up the old version of the plugin&#8230;"
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:88
+msgid "A backup zip file of the old plugin version can be downloaded <a href="%1$s">here</a>."
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:98
+msgid "Moving the old version of the plugin to a new directory&#8230;"
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:114
+msgid "Unable to find a new directory name to move the old version of the plugin to. No backup will be created."
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:120
+msgid "Moved the old version of the plugin to a new plugin directory named %1$s. This directory should be backed up and removed from the site."
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:122
+msgid "Unable to move the old version of the plugin to a new directory. No backup will be created."
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:142
+msgid "A plugin backup can not be created since a destination path for the backup file could not be found."
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:167
+msgid "A plugin backup can not be created as creation of the zip file failed with the following error: %1$s"
+msgstr ""
+
+#: includes/easy-update/ach-plugin-updater.php:174
+msgid "Plugin Backup - %1$s - %2$s"
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:41
+msgid "Upgrading the theme&#8230;"
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:42
+msgid "Backing up the old version of the theme&#8230;"
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:60
+msgid "A backup zip file of the old theme version can be downloaded <a href="%1$s">here</a>."
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:70
+msgid "Moving the old version of the theme to a new directory&#8230;"
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:91
+msgid "Unable to find a new directory name to move the old version of the theme to. No backup will be created."
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:97
+msgid "Moved the old version of the theme to a new theme directory named %1$s. This directory should be backed up and removed from the site."
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:99
+msgid "Unable to move the old version of the theme to a new directory. No backup will be created."
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:119
+msgid "A theme backup can not be created since a destination path for the backup file could not be found."
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:148
+msgid "A theme backup can not be created as creation of the zip file failed with the following error: %1$s"
+msgstr ""
+
+#: includes/easy-update/ach-theme-updater.php:155
+msgid "Theme Backup - %1$s - %2$s"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/aco-product-labels-for-woocommerce/translation_file/languages/aco-product-labels-for-woocommerce.pot

@@ -0,0 +1,42 @@
+# Copyright (C) 2020 Acowebs
+# This file is distributed under the same license as the Product Labels For Woocommerce plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Product Labels For Woocommerce 1.0.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/woocomerce-sales-badge\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2020-07-09T05:22:44+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.3.0\n"
+"X-Domain: aco-product-labels-for-woocommerce\n"
+
+#. Plugin Name of the plugin
+#. Description of the plugin
+msgid "Product Labels For Woocommerce"
+msgstr ""
+
+#. Author of the plugin
+msgid "Acowebs"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "http://acowebs.com"
+msgstr ""
+
+#: includes/class-acoplw-backend.php:130
+#: includes/class-acoplw-backend.php:144
+msgid "Badges"
+msgstr ""
+
+#: includes/class-acoplw-backend.php:132
+#: includes/class-acoplw-backend.php:145
+msgid "Product Lists"
+msgstr ""
+
+#: includes/class-acoplw-backend.php:134
+msgid "Settings"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/admin-user-control/translation_file/languages/admin-user-control-ja.po

@@ -0,0 +1,111 @@
+# Copyright (C) 2020 PRESSMAN
+# This file is distributed under the same license as the Admin User Control plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Admin User Control 1.0.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/admin-user-"
+"control\n"
+"POT-Creation-Date: 2020-05-18T02:23:41+00:00\n"
+"PO-Revision-Date: 2020-05-18 11:26+0900\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: ja\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 2.3\n"
+"X-Domain: admin-user-control\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+
+#. Plugin Name of the plugin
+msgid "Admin User Control"
+msgstr "Admin User Control"
+
+#. Description of the plugin
+msgid "Control admin user in administration screens in real time."
+msgstr "管理画面にログインしているユーザーをリアルタイムで制御します。"
+
+#. Author of the plugin
+msgid "PRESSMAN"
+msgstr "PRESSMAN"
+
+#. Author URI of the plugin
+msgid "https://www.pressman.ne.jp"
+msgstr "https://www.pressman.ne.jp"
+
+#: auc-login-monitor.php:22
+msgid "Logged in"
+msgstr "ログイン"
+
+#: auc-maintenance.php:38 auc-maintenance.php:174
+msgid "Maintenance"
+msgstr "メンテナンス"
+
+#: auc-maintenance.php:42 auc-maintenance.php:220
+msgid "maintenance_start_date"
+msgstr "メンテナンス開始日時"
+
+#: auc-maintenance.php:59 auc-maintenance.php:221
+msgid "maintenance_end_date"
+msgstr "メンテナンス終了日時"
+
+#: auc-maintenance.php:114
+msgid "Forced logout after 10 seconds because the maintenance start time"
+msgstr "メンテナンスの開始時刻になったため10秒後に強制ログアウトします"
+
+#: auc-maintenance.php:115
+msgid "Scheduled maintenance end time"
+msgstr "メンテナンス終了予定時間"
+
+#: auc-maintenance.php:175
+msgid "Add New Maintenance"
+msgstr "メンテナンスを追加"
+
+#: auc-maintenance.php:176
+msgid "Edit Maintenance"
+msgstr "メンテナンスの編集"
+
+#: auc-maintenance.php:246
+msgid "Latest maintenance information"
+msgstr "直近のメンテナンス情報"
+
+#: auc-maintenance.php:269
+msgid "Click a title to display a detail."
+msgstr "タイトルをクリックすると詳細が表示されます。"
+
+#: auc-maintenance.php:287
+msgid "No maintenance information"
+msgstr "メンテナンス情報がありません"
+
+#: auc-notification.php:26
+msgid "New notification"
+msgstr "新しいお知らせがあります"
+
+#: auc-notification.php:50
+msgid "Notification"
+msgstr "お知らせ"
+
+#: auc-notification.php:51
+msgid "Add New Notification"
+msgstr "お知らせを追加"
+
+#: auc-notification.php:52
+msgid "Edit Notification"
+msgstr "お知らせの編集"
+
+#: auc-notification.php:70
+msgid "Latest notifications"
+msgstr "直近のお知らせ"
+
+#: auc-notification.php:86
+msgid "Click a title to display a detail. If you read it, mark it as read."
+msgstr ""
+"タイトルをクリックすると詳細が表示されます。読んだら既読にしてください。"
+
+#: auc-notification.php:91
+msgid "Mark as read"
+msgstr "既読にする"
+
+#: auc-notification.php:113
+msgid "There is no notifications"
+msgstr "お知らせがありません"

spec/fixtures/dynamic_finders/plugin_version/advanced-options-for-woocommerce/translation_file/i18n/languages/advanced-options-for-woocommerce-he_IL.po

@@ -0,0 +1,73 @@
+# Copyright (C) 2020 Condless
+# This file is distributed under the same license as the Advanced Options for WooCommerce plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Advanced Options for WooCommerce 1.0.1\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/advanced-options-"
+"for-woocommerce\n"
+"Language-Team: Condless <info@condless.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2020-04-24 08:53+0300\n"
+"PO-Revision-Date: 2020-04-24 08:55+0300\n"
+"X-Generator: Poedit 2.3\n"
+"X-Domain: advanced-options-for-woocommerce\n"
+"Last-Translator: Condless <info@condless.com>\n"
+"Plural-Forms: nplurals=4; plural=(n==1 ? 0 : n==2 ? 1 : n>10 && n%10==0 ? "
+"2 : 3);\n"
+"Language: he_IL\n"
+
+#. Plugin Name of the plugin
+msgid "Advanced Options for WooCommerce"
+msgstr "אפשרויות מתקדמות לווקומרס"
+
+#. Plugin URI of the plugin
+msgid "https://en.condless.com/advanced-options-for-woocommerce/"
+msgstr "https://www.condless.com/advanced-options-for-woocommerce/"
+
+#. Description of the plugin
+msgid ""
+"WooCommerce plugin for more options and customizations. Simple and Easy to "
+"use."
+msgstr "תוסף לווקומרס לאפשרויות נוספות והתאמה אישית. פשוט וקל לשימוש."
+
+#. Author of the plugin
+msgid "Condless"
+msgstr "Condless"
+
+#. Author URI of the plugin
+msgid "https://www.condless.com/"
+msgstr "https://www.condless.com/"
+
+#: advanced-options-for-woocommerce.php:163
+msgid "contains letters not from the permitted languages"
+msgstr "מכיל אותיות שלא שייכות לשפות המותרות"
+
+#: advanced-options-for-woocommerce.php:200
+msgid "Advanced Options"
+msgstr "אפשרויות מתקדמות"
+
+#: advanced-options-for-woocommerce.php:235
+msgid ""
+"Allow only ASCII chars (which prevent non-English letters) in the checkout "
+"fields"
+msgstr "אפשר רק תווי ASCII (מה שמונע אותיות שלא באנגלית) בשדות התשלום"
+
+#: advanced-options-for-woocommerce.php:241
+msgid ""
+"Display the VAT amount and the product price include & exlude it in single "
+"product page"
+msgstr "הצג את סכום המע\"מ ואת מחיר המוצר איתו ובלעדיו בעמוד מוצר"
+
+#: advanced-options-for-woocommerce.php:247
+msgid "Display for variable products the attribute name instead of"
+msgstr "הצג במוצרים עם וריאיציות את שם התכונה במקום"
+
+#: advanced-options-for-woocommerce.php:253
+msgid "Display only products in"
+msgstr "הצג מוצרים בלבד ב"
+
+#: advanced-options-for-woocommerce.php:259
+msgid "Auto triggered by"
+msgstr "פועל אוטומטית כאשר"

spec/fixtures/dynamic_finders/plugin_version/advanced-wp-table/translation_file/languages/advanced-wp-table.pot

@@ -0,0 +1,54 @@
+# Copyright (C) 2020 Mainul Hassan Main
+# This file is distributed under the GPLv3.
+msgid ""
+msgstr ""
+"Project-Id-Version: Advanced WP Table 1.0.1\n"
+"Report-Msgid-Bugs-To: "
+"https://wordpress.org/support/plugin/advanced-wp-table\n"
+"POT-Creation-Date: 2020-03-15 09:43:34+00:00\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"PO-Revision-Date: 2020-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"X-Generator: grunt-wp-i18n 0.5.4\n"
+"X-Poedit-KeywordsList: "
+"__;_e;_x:1,2c;_ex:1,2c;_n:1,2;_nx:1,2,4c;_n_noop:1,2;_nx_noop:1,2,3c;esc_"
+"attr__;esc_html__;esc_attr_e;esc_html_e;esc_attr_x:1,2c;esc_html_x:1,2c;\n"
+"Language: en\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Poedit-Country: United States\n"
+"X-Poedit-SourceCharset: UTF-8\n"
+"X-Poedit-Basepath: ../\n"
+"X-Poedit-SearchPath-0: .\n"
+"X-Poedit-Bookmarks: \n"
+"X-Textdomain-Support: yes\n"
+
+#. Plugin Name of the plugin/theme
+msgid "Advanced WP Table"
+msgstr ""
+
+#: advanced-wp-table.php:254
+msgid "Advanced WP Table plugin requires WordPress version 5.0 or greater."
+msgstr ""
+
+#: includes/settings.php:25 includes/settings.php:26
+msgid "Tables"
+msgstr ""
+
+#. Plugin URI of the plugin/theme
+msgid "https://wordpress.org/plugins/advanced-wp-table"
+msgstr ""
+
+#. Description of the plugin/theme
+msgid "Create responsive tables using Gutenberg."
+msgstr ""
+
+#. Author of the plugin/theme
+msgid "Mainul Hassan Main"
+msgstr ""
+
+#. Author URI of the plugin/theme
+msgid "https://mainulhassan.info"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/affiliatewp-blocks/composer_file/package.json

@@ -0,0 +1,26 @@
+{
+	"name": "affiliatewp-blocks",
+	"version": "1.0.1",
+	"description": "Blocks for AffiliateWP.",
+	"author": "Sandhills Development, LLC",
+	"license": "GPL-2.0-or-later",
+	"main": "build/index.js",
+	"scripts": {
+		"build": "wp-scripts build",
+		"format:js": "wp-scripts format-js",
+		"lint:css": "wp-scripts lint-style",
+		"lint:js": "wp-scripts lint-js",
+		"start": "wp-scripts start",
+		"packages-update": "wp-scripts packages-update"
+	},
+	"devDependencies": {
+		"@wordpress/scripts": "^7.2.0"
+	},
+	"dependencies": {
+		"@wordpress/icons": "^1.4.0",
+		"@wordpress/url": "^2.14.0",
+		"classnames": "^2.2.6",
+		"lodash": "^4.17.15",
+		"trailing-slash-it": "^0.3.0"
+	}
+}

spec/fixtures/dynamic_finders/plugin_version/ahachat-messenger-marketing/change_log/changelog.txt

@@ -0,0 +1,2 @@
+February 20, 2020 – Version 1.0
+- Version 1.0 Initial Release

spec/fixtures/dynamic_finders/plugin_version/aiaibot/translation_file/languages/aiaibot.pot

@@ -0,0 +1,61 @@
+# Copyright (C) 2020 aiaibot
+# This file is distributed under the same license as the aiaibot plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: aiaibot 1.0.3\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/aiaibot\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2020-05-20T09:25:54+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.4.0\n"
+"X-Domain: aiaibot\n"
+
+#. Plugin Name of the plugin
+#. Author of the plugin
+msgid "aiaibot"
+msgstr ""
+
+#. Plugin URI of the plugin
+msgid "https://wordpress.org/plugins/aiaibot/"
+msgstr ""
+
+#. Description of the plugin
+msgid "Integrate your aiaibot chatbot."
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://app.aiaibot.com"
+msgstr ""
+
+#: admin/class-aiaibot-admin.php:84
+msgid "Integration Code"
+msgstr ""
+
+#: admin/class-aiaibot-admin.php:92
+msgid "Enabled"
+msgstr ""
+
+#: admin/class-aiaibot-admin.php:112
+msgid "Implement your chatbot on your Wordpress page"
+msgstr ""
+
+#: admin/class-aiaibot-admin.php:123
+msgid "Config id is not valid."
+msgstr ""
+
+#: admin/class-aiaibot-admin.php:147
+msgid "Chatbot Integration Settings"
+msgstr ""
+
+#. translators: %s: url to the app.aiaibot
+#: admin/class-aiaibot-admin.php:155
+msgid "Get the integration code on %s."
+msgstr ""
+
+#: admin/class-aiaibot-admin.php:157
+msgid "Publish Chatbot"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/anwp-post-grid-for-elementor/change_log/changelog.txt

@@ -0,0 +1,7 @@
+== Changelog ==
+
+= 0.5.1 - 2020-04-14 =
+* fixed performance problem on sites with large amount of posts
+
+= 0.5.0 - 2020-04-14 =
+* Initial public release

spec/fixtures/dynamic_finders/plugin_version/apcu-manager/change_log/CHANGELOG.md

@@ -0,0 +1,7 @@
+# Changelog
+All notable changes to **APCu Manager** are documented in this *changelog*.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and **APCu Manager** adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0] - 2020-01-09
+### Initial release

spec/fixtures/dynamic_finders/plugin_version/apijoin-gumroad/composer_file/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "agu-apijoin",
+  "version": "1.0.0",
+  "description": "test",
+  "main": "index.js",
+  "scripts": {
+    "build": "wp-scripts build",
+    "check-engines": "wp-scripts check-engines",
+    "check-licenses": "wp-scripts check-licenses",
+    "format:js": "wp-scripts format-js",
+    "lint:css": "wp-scripts lint-style",
+    "lint:js": "wp-scripts lint-js",
+    "lint:md:docs": "wp-scripts lint-md-docs",
+    "lint:md:js": "wp-scripts lint-md-js",
+    "lint:pkg-json": "wp-scripts lint-pkg-json",
+    "packages-update": "wp-scripts packages-update",
+    "start": "wp-scripts start",
+    "test:e2e": "wp-scripts test-e2e",
+    "test:unit": "wp-scripts test-unit-js"
+  },
+  "author": "Miguras",
+  "license": "ISC",
+  "dependencies": {
+    "@wordpress/scripts": "^7.1.0",
+    "css-loader": "^3.4.2",
+    "html-react-parser": "^0.10.3",
+    "image-webpack-loader": "^6.0.0",
+    "react-responsive-carousel": "^3.1.51",
+    "react-slick": "^0.25.2",
+    "react-smart-slider": "^0.1.2",
+    "slick-carousel": "^1.8.1",
+    "style-loader": "^1.1.3",
+    "styled-jsx-plugin-stylelint": "^0.1.0",
+    "webpack": "^4.41.6"
+  },
+  "devDependencies": {
+    "file-loader": "^5.1.0",
+    "svgo": "^1.3.2",
+    "svgo-loader": "^2.2.1"
+  }
+}

spec/fixtures/dynamic_finders/plugin_version/ar-contactus/changelog/changelog.txt

@@ -0,0 +1,292 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+##[1.8.4] - 2020-05-21
+### Added
+- Button icon size option
+- Button appearing animation option
+- Menu sidebar style
+- Menu popup animation
+- Menu sidebar animation
+- Menu items animation
+- Plugin core updated
+
+##[1.8.3] - 2020-05-19
+### Added
+- Deactivation plugin for current domain
+- PhpLive integration
+- Paldesk integration
+
+##[1.8.2] - 2020-05-15
+### Fixed
+- Small issues
+
+##[1.8.1] - 2020-05-11
+### Added
+- Output filtration
+- Server config values validation
+
+##[1.8.0] - 2020-05-06
+### Added
+- Option to choose who can access callback list
+
+### Fixed
+- Security improvements
+
+##[1.7.9] - 2020-04-09
+### Fixed
+- Skype integration
+- FreshChat integration
+
+##[1.7.8] - 2020-02-07
+### Fixed
+- Tawk.to appearance issue
+
+##[1.7.7] - 2020-01-29
+### Added
+- FreshChat integration
+
+##[1.7.6] - 2020-01-20
+### Fixed
+- Zoho SalesIQ chat integration fix
+
+##[1.7.5] - 2020-01-14
+### Added
+- Zoho SalesIQ chat integration
+
+##[1.7.4] - 2019-12-18
+### Fixed
+- Name validation unicode languages
+
+##[1.7.3] - 2019-12-15
+### Fixed
+- Name validation unicode languages
+
+##[1.7.2] - 2019-12-13
+### Added
+- Name field validation options
+- Email field to callback form
+- Email field to callback requests table
+- Updated translations
+
+### Fixed
+- Email subject translation
+
+##[1.7.1] - 2019-12-04
+### Fixed
+- Activation issue
+
+##[1.7.0] - 2019-11-30
+### Fixed
+- Fixed JivoSite issue
+
+##[1.6.9] - 2019-11-22
+### Fixed
+- Fixed Tawk.to issue
+
+##[1.6.8] - 2019-09-30
+### Fixed
+- Fixed JivoSite issue
+
+##[1.6.7] - 2019-09-25
+### Fixed
+- HTML code in GDRP Title
+
+##[1.6.6] - 2019-09-03
+### Added
+- Tidio Integration
+- Jivosite integration
+- Added comments functionality to callback requests
+- Updated translation template
+- Updated Russian translation
+- Added Google Analytics integration
+
+### Fixed
+- Callback requests admin table mobile view
+
+##[1.6.4] - 2019-08-05
+### Fixed
+- LiveZilla integration
+
+##[1.6.3] - 2019-07-31
+### Added
+- Name and referer fileds to email notification
+- Name and referer fileds to webpush notification
+- Name and referer fileds to sms notification
+- Name and referer fileds to telegram notification
+- Export callback requests to CSV file
+- Delay initialization
+- Disable initialization
+- Open menu after timeout automatically
+
+##[1.6.2] - 2019-06-01
+### Fixed
+- Crisp integration issue
+- Callback customer name field
+
+##[1.6.1] - 2019-05-27
+### Added 
+- Custom popup item type - allows to open popup with text/html content by clicking menu item
+- Name field to callback form
+- Activation functionality
+
+##[1.5.9] - 2019-05-01
+### Added 
+- Background and color option for shortcode
+
+### Fixed
+- Exporting data issue on some PHP versions
+- Button and menu z-index
+- Modal conflict with SimpleModal
+- Safari item editing/adding
+
+##[1.5.8] - 2019-04-29
+### Added 
+- GDPR checkbox
+
+##[1.5.7] - 2019-04-25
+### Added
+- WooCommerce StoreFront theme integration to mobile footer
+- New Menu style - icons without background
+- 1-click auto update
+- LiveZilla integration
+- StoreFront theme compliant - now you can add "contact-us" button to storefront mobile footer
+
+### Fixed
+- LiveChat Pro integration issue
+- Update issue
+- Generate css after import
+
+##[1.5.5] - 2019-04-08
+### Added
+- LiveChat Pro integration
+- Close callback popup timeout
+- Menu items subtitles
+- Option to display menu item for all users or registred users or unregistred users only
+- FontAwesome icons support
+
+### Fixed
+- Performance improved
+
+##[1.5.3] - 2019-04-02
+### Added
+- New icons 
+
+### Fixed
+- Skype WebControl integration
+- UI bootstrap conflicts
+
+##[1.5.2] - 2019-03-14
+### Added
+- Predefinded Brand Colors selector
+
+### Fixed
+- Landscape responsive 
+- Layout fixes
+
+##[1.5.1] - 2019-02-26
+### Added
+- Menu width option
+- Callback request form width option
+
+##[1.5.0] - 2019-02-24
+### Added
+- LiveChat integration (livechatinc.com)
+- SmartSupp integratin
+- All button settings now can be set separately for descktop and mobile versions
+- All menu settings now can be set separately for descktop and mobile versions
+- All prompts settings now can be set separately for descktop and mobile versions
+- Pause between main button animation loops
+- Icon type option to menu settings
+- Lines options to menu settings
+- Header options to menu settings
+- Header close button options to menu settings
+- Shadow size/opacity to menu settings 
+- Export option (for exporting all module data)
+- Import option (for impoting all module data)
+- Prompt position option
+- Russian translation
+- Light design updates
+
+### Fixed
+- TextDomain loading
+- Html email bug
+- RTL bug
+- Improved responsivness
+- Email adress validation
+
+##[1.3.9] - 2019-02-01
+### Added
+- Live helper chat integration
+
+### Fixed
+- Callback mobile form layout
+- Zalo chat validation error
+- Callback is not running custom JS code
+
+##[1.3.8] - 2019-01-30
+### Added
+- OneSignal integration to receive webpush on callback request
+- Link target option
+- Option to control when display prompt messages again after visitor closed them
+- Shortcodes for menu items
+
+##[1.3.7] - 2019-01-26
+### Fixed
+- create_function deprecated in php 7.2
+- load plugin text domain
+
+##[1.3.5] - 2019-01-18
+### Added
+- LinkedIn icon
+- Instagram icon
+- Zendesk icon
+- Zendesk chat support
+- Sandbox mode
+- Html mail support
+- Main button mode option (callback only or menu)
+- Zalo integration
+
+### Fixed
+- Problem with ajaxUrl on some WP versions
+- CSS fixes
+- Tawk.to hidding issue
+
+##[1.3.3] - 2019-01-03
+### Added
+- Zalo icon
+
+### Fixed
+- Fixed bootstrap conflicts
+
+##[1.3.2] - 2018-10-09
+### Fixed
+- Fixed innoDB tables creation
+
+##[1.3.1] - 2018-09-25
+### Added
+- More icons
+- Telegram bot 
+- Change main button feature
+- Phone mask feature
+- Crisp integration
+- Tawk.to integration
+- Hashtags commands
+
+##[1.3.0] - 2018-08-02
+### Added
+- Skype Web Control integration
+- Zendesk chat integration
+- VK community messages integration
+- Facebook customer chat integration
+- Prompt messages feature
+
+##[1.2.0] - 2018-07-21
+### Added
+- Menu size
+- Main button size
+- Twilio integration
+
+
+##[1.0.0] - 2018-06-19
+- First released version

spec/fixtures/dynamic_finders/plugin_version/attachment-usage/translation_file/languages/attachment-usage-de_DE.po

@@ -0,0 +1,316 @@
+# Copyright (C) 2020 Konstantin Kröpfl
+# This file is distributed under the same license as the Attachment Usage plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Attachment Usage 1.0.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/attachment-usage\n"
+"POT-Creation-Date: 2020-07-01 17:28+0200\n"
+"PO-Revision-Date: 2020-07-01 17:28+0200\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.12\n"
+"X-Domain: attachment-usage\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Plugin Name of the plugin
+msgid "Attachment Usage"
+msgstr ""
+
+#. Plugin URI of the plugin
+msgid "https://wordpress.org/plugins/attachment-usage/"
+msgstr ""
+
+#. Description of the plugin
+msgid ""
+"This plugin shows the usage of attachments (posts, widgets, products) on the "
+"website."
+msgstr ""
+"Dieses Plugin zeigt die Verwendung von Anhängen (Beiträge, Widgets, "
+"Produkten) auf der Website an."
+
+#. Author of the plugin
+msgid "Konstantin Kröpfl"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "#"
+msgstr ""
+
+#: admin/class-attachment-usage-admin.php:135
+#: admin/classes/attachment-list-table.php:13
+#: includes/class-attachment-usage.php:214
+msgid "Attachment Usages"
+msgstr "Anhang-Verwendung"
+
+#: admin/class-attachment-usage-admin.php:155
+msgid "No valid Ajax request"
+msgstr "keine gültige Ajax Anfrage"
+
+#: admin/class-attachment-usage-admin.php:163
+msgid "No valid Attachment Id sent"
+msgstr "keine gültige Anhangs-Id übermittelt"
+
+#: admin/classes/attachment-item-usage-db-controller.php:67
+#: admin/classes/attachment-list-table.php:29
+msgid "found"
+msgstr "gefunden"
+
+#: admin/classes/attachment-item-usage-db-controller.php:69
+#: admin/classes/attachment-list-table.php:27
+msgid "not-found"
+msgstr "nicht gefunden"
+
+#: admin/classes/fetch-button-content-helper.php:18
+#: admin/js/attachment-usage-media-library-behavior.js:62
+msgid "Fetch Attachment Usage"
+msgstr "Anhang aktualisieren"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:25
+msgid "(in widget)"
+msgstr "(in Widget)"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:26
+msgid "Widgets"
+msgstr ""
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:31
+msgid "(in product category)"
+msgstr "(in Produktkategorie)"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:32
+msgid "Product Category"
+msgstr "Produktkategorie"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:37
+msgid "(in product gallery)"
+msgstr "(in Produktgalerie)"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:38
+msgid "Product Attachment"
+msgstr "Produktanhang"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:43
+msgid "(in product content)"
+msgstr "(in Produktinhalt)"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:44
+msgid "Product Content"
+msgstr "Produktinhalt"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:49
+msgid "(in post content)"
+msgstr "(in Beitragsinhalt)"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:50
+msgid "Post Content"
+msgstr "Beitraginhalt"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:55
+msgid "(in page content)"
+msgstr "(in Seiteninhalt)"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:56
+msgid "Page Content"
+msgstr "Seiteninhalt"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:61
+msgid "(thumbnail)"
+msgstr "(Miniaturbild)"
+
+#: admin/classes/output_setting/attachment-output-setting-factory.php:62
+msgid "Post Attachment"
+msgstr "Beitraganhang"
+
+#: admin/classes/result_builder/result-builder-controller.php:36
+msgid "Attachment not found"
+msgstr "Anhang nicht gefunden"
+
+#: admin/settings_page/elements/validators/email-validator.php:9
+msgid "No valid Email"
+msgstr "keine gültige E-Mail"
+
+#: admin/settings_page/elements/validators/file-validator.php:9
+msgid "The entered data is no valid attachment id"
+msgstr "keine gültige Anhangs-Id"
+
+#: admin/settings_page/elements/validators/number-validator.php:9
+msgid "The entered data is not valid - just numbers"
+msgstr "Daten sind nicht gültig - nur Zahlen"
+
+#: admin/settings_page/elements/validators/string-validator.php:12
+msgid "The entered data is not valid - just text"
+msgstr "Daten sind nicht gültig - nur Text"
+
+#: admin/settings_page/pages/attachment_usage_page/options.php:8
+msgid "Attachment Usage Settings"
+msgstr "Attachment Usage Einstellungen"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:15
+msgid ""
+"On this page you can modify the appearance and the way how the plugin does "
+"the lookup. The relevant pages (media upload pages) are referred as:<br> <a "
+"href=\"%1$s\" target=\"_blank\">Media Grid</a> & <a href=\"%2$s\" target="
+"\"_blank\">Media List</a>"
+msgstr ""
+"Auf dieser Seite kann man die Erscheinung und die Art wie das Plugin nach "
+"Daten sucht bearbeiten. Die relevanten Seiten (Medienübersichtsseiten) "
+"werden folgendermaßen bezeichnet: <br> <a href=\"%1$s\" target=\"_blank"
+"\">Medien-Grid</a> & <a href=\"%2$s\" target=\"_blank\">Medien-Liste</a>"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:25
+msgid "General Settings"
+msgstr "Generelle Einstellungen"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:29
+msgid ""
+"This section provides general settings, which impacts only the appearance of "
+"the usage status."
+msgstr ""
+"Dieser Abschnitt bietet generelle Einstellungen, welche lediglich die "
+"Erscheinungsweise des Plugins verändert."
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:38
+msgid "Performance Settings"
+msgstr "Performance Einstellungen"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:42
+msgid ""
+"This section provides settings for performance, which might have a "
+"significant impact on the loading time of the media upload pages.</br> If "
+"you have a rather small site (little number of pages, a few attachments) you "
+"will not notice a huge difference by switching between the options."
+msgstr ""
+"Dieser Abschnitt bietet Performance-Einstellungen, welche sich "
+"möglicherweise spürbar auf die Ladezeit der Medienbibliothek auf der \"Media "
+"Upload\" Seite ausüben kann.</br>Falls eine eher kleine Website (geringe "
+"Anzahl von Seiten, wenig hochgeladen Anhänge) vorhanden ist, werden die "
+"Änderung kaum spürbar sein."
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:56
+msgid "Display Attachment Usage Color"
+msgstr "Farbanzeige für Anhang-Verwendung"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:62
+msgid ""
+"By enabling this option, the media grid items will have a colored border "
+"depending on their usage. Red implies nothing found, whereas green shows an "
+"usage"
+msgstr ""
+"Nach Aktivierung erhalten die Kacheln eine farbige Umrandung in Abhängigkeit "
+"ihrer Verwendung. Rot steht für nicht gefunden, wohingegen Grün eine "
+"Verwendung signalisiert."
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:69
+msgid "Display color"
+msgstr "Farbe anzeigen"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:70
+msgid "Hide color"
+msgstr "Farbe nicht anzeigen"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:78
+msgid "Filter attachment list by usage"
+msgstr "Anhänge nach Verwendung sortieren"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:84
+msgid ""
+"By enabling this option, the media list view will contain a sortable column, "
+"which allows to sort the attachments by their usage status (found/not-"
+"found). This can be helpful to get an overview about not used attachments.</"
+"br> Furthermore it is important to note that by enabling this option the "
+"process of saving the relevant information changes and this can lead to "
+"longer loading times on the media upload pages depending on the overall "
+"amount of attachments and size of the website."
+msgstr ""
+"Nach Aktivierung enthält die Medien-Liste eine sortierbare Spalte, welche es "
+"ermöglicht Anhänge nach deren Verwendung (gefunden/nicht gefunden) zu "
+"sortieren. Dies kann hilfreich sein um einen Überblick über nicht verwendete "
+"Anhänge zu erhalten. </br> Zusätzlich ist es wichtig anzumerken, dass durch "
+"Verwendung dieser Option sich der Prozess wie Daten in der Datenbank "
+"gespeichert werden verändert und dies unter Umständen zu längeren Ladezeiten "
+"auf der Medienübersichtsseite führen kann. Dies ist auch von der Anzahl der "
+"Anhänge und der Größe der Website abhängig."
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:96
+msgid "Make media column sortable"
+msgstr "Medienspalte sortierbar machen"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:97
+msgid "Do not make media column sortable"
+msgstr "Medienspalte nicht sortierbar machen"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:105
+msgid "Sync Attachment Usage on media upload site"
+msgstr "Synchronisierung der Anhang-Verwendung auf Medienübersichtsseite"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:111
+msgid ""
+"By enabling this option, the attachment relevant data will be fetched as "
+"soon as the media upload pages is opened. By disabling this option, a button "
+"on the page will trigger the lookup process when clicked."
+msgstr ""
+"Nach Aktivierung werden die Verwendungen der Anhänge beim Laden der "
+"Medienübersichtsseite aktualisiert. Nach Deaktivierung wird ein Button für "
+"die Aktualisierung auf der Medienübersichtsseite angezeigt."
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:119
+msgid "Auto-sync attachments usage on page visit"
+msgstr ""
+"automatische Synchronisierung der Anhänge beim Aufruf der "
+"Medienübersichtsseite"
+
+#: admin/settings_page/pages/attachment_usage_page/page_elements.php:120
+msgid "Do not auto-sync attachments usage"
+msgstr ""
+"keine automatische Synchronisierung der Anhänge beim Aufruf der "
+"Medienübersichtsseite"
+
+#: admin/settings_page/setting-string-helper.php:8
+msgid "Field \"%s\" is required"
+msgstr "Feld \"%s\" ist verpflichtend"
+
+#: admin/settings_page/setting-string-helper.php:9
+msgid "Do not change value of field \"%s\""
+msgstr "ändere nicht den Wert von Feld \"%s\""
+
+#: admin/settings_page/setting-string-helper.php:19
+msgid "Field is required"
+msgstr "Feld ist verpflichtend"
+
+#: admin/settings_page/setting-string-helper.php:20
+msgid "Do not change value of field"
+msgstr "Ändere nicht den Wert des Feldes"
+
+#: admin/settings_page/templates/pages/menu_page.php:16
+#: admin/settings_page/templates/pages/tabbed_menu_page.php:31
+msgid "Fields marked with * are required"
+msgstr "Felder mit einem * sind verpflichtend"
+
+#: admin/settings_page/templates/pages/menu_page.php:19
+msgid "Save Settings"
+msgstr "Einstellungen speichen"
+
+#: admin/settings_page/templates/settings/fields/file.php:7
+msgid "Upload File"
+msgstr "Datei hochladen"
+
+#: admin/settings_page/templates/settings/fields/file.php:14
+msgid "Remove File"
+msgstr "Datei entfernen"
+
+#: admin/settings_page/templates/settings/fields/image.php:8
+msgid "Upload Image"
+msgstr "Bild hochladen"
+
+#: admin/settings_page/templates/settings/fields/image.php:11
+msgid "Remove Image"
+msgstr "Bild entfernen"
+
+#: admin/js/attachment-usage-media-frame.js:19
+#: admin/js/attachment-usage-media-frame.js:25
+msgid "Choose Attachment"
+msgstr "Anhang entfernen"

spec/fixtures/dynamic_finders/plugin_version/attribute-stock-for-woocommerce/translation_file/languages/attribute-stock-for-woocommerce.pot

@@ -0,0 +1,479 @@
+# Copyright (C) 2020 Mewz
+# This file is distributed under the same license as the Attribute Stock for WooCommerce plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Attribute Stock for WooCommerce 1.0.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/attribute-stock-for-woocommerce\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2020-01-07T12:52:16+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.4.0\n"
+"X-Domain: attribute-stock-for-woocommerce\n"
+
+#. Plugin Name of the plugin
+msgid "Attribute Stock for WooCommerce"
+msgstr ""
+
+#. Plugin URI of the plugin
+msgid "https://wordpress.org/plugins/attribute-stock-for-woocommerce/"
+msgstr ""
+
+#. Description of the plugin
+msgid "Take control of your product stock with flexible attribute-based stock. Easily track product addons, parts, ingredients, combos, and much more!"
+msgstr ""
+
+#. Author of the plugin
+msgid "Mewz"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://mewz.dev/"
+msgstr ""
+
+#: src/Actions/Admin/AttributeList.php:45
+#: src/Actions/Admin/AttributeTermList.php:62
+msgid "Edit stock"
+msgstr ""
+
+#: src/Actions/Admin/AttributeList.php:51
+#: src/Actions/Admin/AttributeTermList.php:76
+msgid "List stock items"
+msgstr ""
+
+#: src/Actions/Admin/AttributeTermList.php:31
+#: src/Actions/Admin/AttributeTermList.php:34
+#: src/Actions/Admin/StockList.php:29
+#: src/Components/StockReport.php:16
+#: templates/admin/attributes/edit-associated.php:25
+msgid "Stock"
+msgstr ""
+
+#: src/Actions/Admin/AttributeTermList.php:62
+msgid "Edit attribute-level stock"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:17
+#: src/Actions/Admin/PluginSupport.php:54
+#: src/Actions/Admin/PluginSupport.php:56
+msgid "Documentation"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:20
+msgid "Unlock PRO"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:41
+#: src/Actions/Admin/PluginSupport.php:43
+msgid "Help & Support"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:44
+msgid "Need assistance setting up your attribute stock? Found a bug and want to report it? Just feel like chatting? Get in touch!"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:46
+msgid "Priority support"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:47
+msgid "Community forum"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:57
+msgid "Want to learn more about Attribute Stock for WooCommerce? Check out the official online documentation."
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:59
+msgid "Online documentation"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:66
+#: src/Actions/Admin/PluginSupport.php:68
+msgid "Manage License"
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:69
+msgid "View your PRO license, migrate a license, update payment information or cancel your subscription."
+msgstr ""
+
+#: src/Actions/Admin/PluginSupport.php:71
+msgid "Member dashboard"
+msgstr ""
+
+#: src/Actions/Admin/ReportStock.php:22
+msgid "Attribute Stock"
+msgstr ""
+
+#: src/Actions/Admin/ReportStockPro.php:19
+#: src/Actions/Admin/StockList.php:28
+#: templates/admin/attributes/edit-associated.php:24
+#: templates/admin/stock/panel-inventory.php:7
+msgid "SKU"
+msgstr ""
+
+#: src/Actions/Admin/ReportStockPro.php:21
+#: src/Actions/Admin/StockList.php:27
+msgid "Actions"
+msgstr ""
+
+#: src/Actions/Admin/ReportStockPro.php:34
+msgid "Edit attribute stock"
+msgstr ""
+
+#: src/Actions/Admin/StockBulkActions.php:26
+msgid "Enable"
+msgstr ""
+
+#: src/Actions/Admin/StockBulkActions.php:30
+msgid "Disable"
+msgstr ""
+
+#: src/Actions/Admin/StockBulkActions.php:73
+msgid "%d attribute stock enabled."
+msgid_plural "%d attribute stocks enabled."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Actions/Admin/StockBulkActions.php:75
+msgid "%d attribute stock disabled."
+msgid_plural "%d attribute stocks disabled."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Actions/Admin/StockBulkActions.php:81
+msgid "No disabled attribute stocks to enable."
+msgstr ""
+
+#: src/Actions/Admin/StockBulkActions.php:83
+msgid "No enabled attribute stocks to disable."
+msgstr ""
+
+#: src/Actions/Admin/StockBulkActions.php:93
+msgid "%d attribute stock updated."
+msgid_plural "%d attribute stocks updated."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Actions/Admin/StockBulkActions.php:94
+msgid "%d attribute stock not updated, somebody is editing it."
+msgid_plural "%d attribute stocks not updated, somebody is editing them."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Actions/Admin/StockBulkActions.php:95
+msgid "%d attribute stock permanently deleted."
+msgid_plural "%d attribute stocks permanently deleted."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Actions/Admin/StockBulkActions.php:96
+msgid "%d attribute stock moved to the Trash."
+msgid_plural "%d attribute stocks moved to the Trash."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Actions/Admin/StockBulkActions.php:97
+msgid "%d attribute stock restored from the Trash."
+msgid_plural "%d attribute stocks restored from the Trash."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Actions/Admin/StockEdit.php:45
+msgid "Status"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:46
+msgid "Stock details"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:64
+msgid "Inventory"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:65
+msgid "Attributes"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:66
+msgid "Settings"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:122
+#: src/Actions/Admin/StockEdit.php:125
+#: src/Actions/Admin/StockEdit.php:127
+#: src/Actions/Admin/StockEdit.php:135
+msgid "Attribute stock updated."
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:123
+msgid "Attribute stock field updated."
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:124
+msgid "Attribute stock field deleted."
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:126
+msgid "Revision restored."
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:128
+msgid "Attribute stock saved."
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:129
+msgid "Attribute stock submitted."
+msgstr ""
+
+#. translators: %s: date
+#: src/Actions/Admin/StockEdit.php:132
+msgid "Attribute stock scheduled for: %s."
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:151
+#: src/Actions/Admin/StockEdit.php:177
+msgid "Back to attribute stock"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:155
+msgid "Back to \"%s\" attribute term"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:157
+msgid "Back to attribute term"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:162
+msgid "Back to \"%s\" attribute terms"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:164
+msgid "Back to attribute terms"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:169
+msgid "Back to \"%s\" attribute"
+msgstr ""
+
+#: src/Actions/Admin/StockEdit.php:171
+msgid "Back to attribute"
+msgstr ""
+
+#: src/Actions/Admin/StockList.php:30
+#: templates/admin/stock/panel-inventory.php:29
+msgid "Notes"
+msgstr ""
+
+#: src/Actions/Admin/StockList.php:31
+#: templates/admin/stock/metabox-status.php:21
+msgid "Created"
+msgstr ""
+
+#: src/Actions/Admin/StockList.php:105
+#: src/Actions/Admin/StockListFilters.php:22
+#: templates/admin/attributes/edit-associated.php:39
+msgid "Disabled"
+msgstr ""
+
+#: src/Actions/Admin/StockListActions.php:40
+msgid "Duplicate"
+msgstr ""
+
+#: src/Actions/Admin/StockListActions.php:91
+msgid "Sorry, this attribute stock item does not exist. Perhaps it was deleted?"
+msgstr ""
+
+#: src/Actions/Admin/StockListActions.php:95
+msgid "Sorry, you are not allowed to do that."
+msgstr ""
+
+#: src/Actions/Admin/StockListFilters.php:21
+#: templates/admin/stock/metabox-status.php:10
+msgid "Enabled"
+msgstr ""
+
+#: src/Actions/Admin/StockListFilters.php:112
+msgid "\"Any\""
+msgstr ""
+
+#: src/Actions/StockNotifications.php:45
+msgid "Attribute out of stock"
+msgstr ""
+
+#: src/Actions/StockNotifications.php:46
+#: src/Actions/StockNotificationsPro.php:18
+msgid "%s is out of stock."
+msgstr ""
+
+#: src/Actions/StockNotifications.php:62
+msgid "Attribute low in stock"
+msgstr ""
+
+#: src/Actions/StockNotifications.php:63
+#: src/Actions/StockNotificationsPro.php:27
+msgid "%s is low in stock. There is %d left."
+msgid_plural "%s is low in stock. There are %d left."
+msgstr[0] ""
+msgstr[1] ""
+
+#: src/Components/StockReport.php:15
+#: templates/admin/attributes/edit-associated.php:23
+msgid "Title"
+msgstr ""
+
+#: src/Components/StockReport.php:90
+msgid "No low in stock attributes found."
+msgstr ""
+
+#: src/Components/StockReport.php:94
+msgid "No out of stock attributes found."
+msgstr ""
+
+#: src/Components/StockReport.php:98
+msgid "No most stocked attributes found."
+msgstr ""
+
+#: src/Plugin/Loader.php:34
+#: src/Plugin/LoaderPro.php:32
+msgid "WooCommerce attribute stock items."
+msgstr ""
+
+#: src/Plugin/Loader.php:36
+#: src/Plugin/LoaderPro.php:34
+msgctxt "post type general name"
+msgid "Attribute Stock"
+msgstr ""
+
+#: src/Plugin/Loader.php:37
+#: src/Plugin/LoaderPro.php:35
+msgctxt "post type singular name"
+msgid "Attribute Stock"
+msgstr ""
+
+#: src/Plugin/Loader.php:38
+#: src/Plugin/LoaderPro.php:36
+msgctxt "mewz_attribute_stock"
+msgid "Add New"
+msgstr ""
+
+#: templates/admin/attributes/add-fields.php:13
+#: templates/admin/attributes/edit-associated.php:60
+#: templates/admin/attributes/edit-fields.php:26
+msgid "Unlock Pro"
+msgstr ""
+
+#: templates/admin/attributes/add-fields.php:18
+#: templates/admin/attributes/edit-fields.php:32
+msgid "Enable stock management at the attribute level."
+msgstr ""
+
+#: templates/admin/attributes/add-fields.php:20
+#: templates/admin/attributes/edit-fields.php:34
+msgid "Enable stock management at the attribute term level."
+msgstr ""
+
+#: templates/admin/attributes/add-fields.php:33
+#: templates/admin/attributes/edit-fields.php:51
+msgid "Current stock quantity of this attribute."
+msgstr ""
+
+#: templates/admin/attributes/add-fields.php:35
+#: templates/admin/attributes/edit-fields.php:53
+msgid "Current stock quantity of this attribute term."
+msgstr ""
+
+#: templates/admin/attributes/edit-associated.php:16
+msgid "Associated stock"
+msgstr ""
+
+#: templates/admin/attributes/edit-fields.php:24
+msgid "Configure"
+msgstr ""
+
+#: templates/admin/stock/metabox-status.php:34
+msgid "Update Stock"
+msgstr ""
+
+#: templates/admin/stock/metabox-status.php:34
+msgid "Create Stock"
+msgstr ""
+
+#: templates/admin/stock/panel-inventory.php:10
+msgid "Unique identifier for stock keeping. Optional."
+msgstr ""
+
+#: templates/admin/stock/panel-inventory.php:16
+msgid "Stock quantity"
+msgstr ""
+
+#: templates/admin/stock/panel-inventory.php:23
+msgid "Current stock quantity of this attribute stock item."
+msgstr ""
+
+#: templates/admin/stock/panel-inventory.php:33
+msgid "Internal notes about this attribute stock item."
+msgstr ""
+
+#: templates/admin/stock/panel-settings.php:14
+msgid "All product types"
+msgstr ""
+
+#: templates/admin/stock/panel-settings.php:15
+msgid "Product type(s) to match against. All other product types will be ignored by this attribute stock. Leave blank to match all valid product types."
+msgstr ""
+
+#: templates/admin/stock/panel-settings.php:29
+msgid "When stock reaches this amount or less, you will be notified by email (if enabled)."
+msgstr ""
+
+#: templates/admin/stock/panel-settings.php:38
+msgid "Limits available stock quantity of associated products."
+msgstr ""
+
+#: templates/admin/stock/panel-settings.php:38
+msgid "Learn more"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Add match"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Drag to re-order"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Remove match set"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Attribute..."
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Any %s"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Term..."
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Remove attribute"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Add attribute"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Quantity multiplier"
+msgstr ""
+
+#: assets/dist/admin/stock-edit.js:12
+msgid "Set how much stock is reduced when a matching product is purchased. Decimal values are also allowed."
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/automatically-add-product-to-cart/change_log/changelog.txt

@@ -0,0 +1,3 @@
+Version 1.0 
+- 	First Release
+-   A new version of Automatically add product to cart plug-in.

spec/fixtures/dynamic_finders/plugin_version/ayecode-connect/translation_file/languages/ayecode-connect-en_US.po

@@ -0,0 +1,143 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: AyeCode Connect 1.0.3\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2020-02-22 09:23+0000\n"
+"PO-Revision-Date: 2020-02-22 09:23+0000\n"
+"Last-Translator: \n"
+"Language-Team: AyeCode Ltd <contact@ayecode.io>\n"
+"Language: en_US\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-KeywordsList: __;__ngettext:1,2;__ngettext_noop:1,2;_c;_e;_ex:1,2c;"
+"_n:1,2;_n_noop:1,2;_nc:4c,1,2;_nx:4c,1,2;_nx_noop:4c,1,2;_x:1,2c;esc_attr__;"
+"esc_attr_e;esc_attr_x:1,2c;esc_html__;esc_html_e;esc_html_x:1,2c;gettext;"
+"gettext_noop\n"
+"X-Poedit-Basepath: ..\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Poedit-SourceCharset: UTF-8\n"
+"X-Generator: Poedit 1.8.7.1\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: ayecode-connect.php:75
+msgid "Settings"
+msgstr ""
+
+#: includes/class-ayecode-connect-remote-actions.php:411
+msgid "Download source not valid."
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:201
+msgid "Plugin and theme update notifications must be enabled first"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:261
+msgid "Something went wrong, try refreshing the page and trying again."
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:262
+msgid "Are you sure you with to disconnect your site?"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:300
+msgid ""
+"One click addon installs, live documentation search, support right from your "
+"WordPress Dashboard"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:308
+#, php-format
+msgid "You are connected to AyeCode Connect as user: %s"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:315
+msgid "Plugin and theme update notifications"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:318
+#: includes/class-ayecode-connect-settings.php:336
+#: includes/class-ayecode-connect-settings.php:361
+msgid "Loading..."
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:333
+msgid "One click addon installs, no more licence keys"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:366
+msgid "Disconnect site"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:373
+msgid ""
+"By clicking the <b>Connect Site</b> button, you agree to our <a "
+"href='https://ayecode.io/terms-and-conditions/' target='_blank' class='text-"
+"muted' ><u>Terms of Service</u></a> and to share details with AyeCode Ltd"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:376
+msgid "Connect Site"
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:384
+msgid ""
+"It looks like you might be running on localhost, AyeCode Connect will only "
+"work on a live website."
+msgstr ""
+
+#: includes/class-ayecode-connect-settings.php:395
+msgid "AycCode Ltd are the creators of:"
+msgstr ""
+
+#: includes/class-ayecode-connect.php:298
+msgid "Invalid Registration Data"
+msgstr ""
+
+#: includes/class-ayecode-connect.php:302
+msgid "Invalid Secret"
+msgstr ""
+
+#: includes/class-ayecode-connect.php:559
+#, php-format
+msgid "Domain `%1$s` just failed is_usable_domain check as it is empty."
+msgstr ""
+
+#: includes/class-ayecode-connect.php:589
+#, php-format
+msgid ""
+"Domain `%1$s` just failed is_usable_domain check as it is in the forbidden "
+"array."
+msgstr ""
+
+#: includes/class-ayecode-connect.php:604
+#, php-format
+msgid ""
+"Domain `%1$s` just failed is_usable_domain check as it uses an invalid top "
+"level domain."
+msgstr ""
+
+#: includes/class-ayecode-connect.php:696
+#: includes/class-ayecode-connect.php:712
+#: includes/class-ayecode-connect.php:931
+msgid "Missing Authorization Header."
+msgstr ""
+
+#: includes/class-ayecode-connect.php:718
+#: includes/class-ayecode-connect.php:937
+#: includes/class-ayecode-connect.php:943
+msgid "Invalid Authorization Header."
+msgstr ""
+
+#: includes/class-ayecode-connect.php:725
+msgid "Missing blog token."
+msgstr ""
+
+#: includes/class-ayecode-connect.php:730
+#: includes/class-ayecode-connect.php:951
+msgid "You are not authorized to do that."
+msgstr ""
+
+#: includes/class-ayecode-connect.php:1002
+msgid "Specify an action"
+msgstr ""