Bumps version

Dev

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
 
     strategy:
       matrix:
-        ruby: [2.4, 2.5, 2.6, 2.7]
+        ruby: [2.5, 2.6, 2.7]
 
     steps:
     - name: Checkout code
@@ -20,14 +20,6 @@ jobs:
       with:
         ruby-version: ${{ matrix.ruby }}
 
-    - name: Restore GEM cache
-      uses: actions/cache@v1
-      with:
-        path: vendor/bundle
-        key: ${{ runner.os }}-${{ matrix.ruby }}-gem-${{ hashFiles('**/wpscan.gemspec') }}
-        restore-keys: |
-          ${{ runner.os }}-${{ matrix.ruby }}-gem-
-
     - name: Install GEMs
       run: |
         gem install bundler

.rubocop.yml

@@ -1,11 +1,16 @@
 require: rubocop-performance
 AllCops:
-  TargetRubyVersion: 2.4
+  NewCops: enable
+  TargetRubyVersion: 2.5
   Exclude:
   - '*.gemspec'
   - 'vendor/**/*'
 Layout/LineLength:
   Max: 120
+Lint/ConstantDefinitionInBlock:
+  Enabled: false
+Lint/MissingSuper:
+  Enabled: false
 Lint/UriEscapeUnescape:
   Enabled: false
 Metrics/AbcSize:
@@ -18,11 +23,13 @@ Metrics/ClassLength:
   Exclude:
   - 'app/controllers/enumeration/cli_options.rb'
 Metrics/CyclomaticComplexity:
-  Max: 8
+  Max: 10
 Metrics/MethodLength:
   Max: 20
   Exclude:
   - 'app/controllers/enumeration/cli_options.rb'
+Metrics/PerceivedComplexity:
+  Max: 11
 Style/ClassVars:
   Enabled: false
 Style/Documentation:

.ruby-version

@@ -1 +1 @@
-2.6.2
+2.7.2

.simplecov

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 
 if ENV['GITHUB_ACTION']
   require 'simplecov-lcov'
@@ -15,4 +16,4 @@ SimpleCov.start do
 
   add_filter '/spec/'
   add_filter 'helper'
-end
+end

Dockerfile

@@ -1,16 +1,16 @@
-FROM ruby:2.6.3-alpine AS builder
-LABEL maintainer="WPScan Team <team@wpscan.org>"
+FROM ruby:2.7.2-alpine AS builder
+LABEL maintainer="WPScan Team <contact@wpscan.com>"
 
-ARG BUNDLER_ARGS="--jobs=8 --without test development"
-
-RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+RUN echo "install: --no-document --no-post-install-message\nupdate: --no-document --no-post-install-message" > /etc/gemrc
 
 COPY . /wpscan
 
 RUN apk add --no-cache git libcurl ruby-dev libffi-dev make gcc musl-dev zlib-dev procps sqlite-dev && \
-  bundle install --system --clean --no-cache --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \
-  # temp fix for https://github.com/bundler/bundler/issues/6680
-  rm -rf /usr/local/bundle/cache
+  bundle config force_ruby_platform true && \
+  bundle config disable_version_check 'true' && \
+  bundle config without "test development" && \
+  bundle config path.system 'true' && \
+  bundle install --gemfile=/wpscan/Gemfile --jobs=8
 
 WORKDIR /wpscan
 RUN rake install --trace
@@ -19,8 +19,9 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle
 
 
-FROM ruby:2.6.3-alpine
-LABEL maintainer="WPScan Team <team@wpscan.org>"
+FROM ruby:2.7.2-alpine
+LABEL maintainer="WPScan Team <contact@wpscan.com>"
+LABEL org.opencontainers.image.source https://github.com/wpscanteam/wpscan
 
 RUN adduser -h /wpscan -g WPScan -D wpscan
 

LICENSE

@@ -27,7 +27,7 @@ Example cases which do not require a commercial license, and thus fall under the
  - Using WPScan to test your own systems.
  - Any non-commercial use of WPScan.
 
-If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.
 
 Free-use Terms and Conditions;
 

README.md

@@ -1,5 +1,5 @@
 <p align="center">
-  <a href="https://wpscan.org/">
+  <a href="https://wpscan.com/">
     <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
   </a>
 </p>
@@ -7,10 +7,10 @@
 <h3 align="center">WPScan</h3>
 
 <p align="center">
-  WordPress Vulnerability Scanner
+  WordPress Security Scanner
   <br>
   <br>
-  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
+  <a href="https://wpscan.com/" title="homepage" target="_blank">WPScan WordPress Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
 </p>
 
 <p align="center">
@@ -31,7 +31,11 @@
 - RubyGems      - Recommended: latest
 - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
 
-### From RubyGems (Recommended)
+### In a Pentesting distribution
+
+When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
+
+### From RubyGems
 
 ```shell
 gem install wpscan
@@ -39,18 +43,6 @@ gem install wpscan
 
 On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
 
-### From sources (NOT Recommended)
-
-Prerequisites: Git
-
-```shell
-git clone https://github.com/wpscanteam/wpscan
-
-cd wpscan/
-
-bundle install && rake install
-```
-
 # Updating
 
 You can update the local database by using ```wpscan --update```
@@ -77,6 +69,8 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
 
 # Usage
 
+Full user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
+
 ```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
 
 If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
@@ -88,7 +82,7 @@ The DB is located at ~/.wpscan/db
 
 ## Vulnerability Database
 
-The WPScan CLI tool uses the [WPVulnDB API](https://wpvulndb.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPVulnDB](https://wpvulndb.com/users/sign_up). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPVulnDB](https://wpvulndb.com/).
+The WPScan CLI tool uses the [WPScan API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan](https://wpscan.com/register). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan](https://wpscan.com/).
 
 ## Load CLI options from file/s
 
@@ -130,6 +124,11 @@ cli_options:
   api_token: YOUR_API_TOKEN
 ```
 
+## Load API Token From ENV (since v3.7.10)
+
+The API Token will be automatically loaded from the ENV variable `WPSCAN_API_TOKEN` if present. If the `--api-token` CLI option is also provided, the value from the CLI will be used.
+
+
 ## Enumerating usernames
 
 ```shell
@@ -177,7 +176,7 @@ Example cases which do not require a commercial license, and thus fall under the
 - Using WPScan to test your own systems.
 - Any non-commercial use of WPScan.
 
-If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.
 
 Free-use Terms and Conditions;
 

app/controllers/core.rb

@@ -8,13 +8,13 @@ module WPScan
       def cli_options
         [OptURL.new(['--url URL', 'The URL of the blog to scan'],
                     required_unless: %i[update help hh version], default_protocol: 'http')] +
-          super.drop(1) + # delete the --url from CMSScanner
+          super.drop(2) + # delete the --url and --force from CMSScanner
           [
             OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                           choices: %w[apache iis nginx],
                           normalize: %i[downcase to_sym],
                           advanced: true),
-            OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
+            OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
             OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
           ]
       end

app/controllers/enumeration/cli_options.rb

@@ -51,7 +51,7 @@ module WPScan
           OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),
           OptChoice.new(
             ['--plugins-detection MODE',
-             'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
+             'Use the supplied mode to enumerate Plugins.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive
           ),
           OptBoolean.new(
@@ -62,8 +62,7 @@ module WPScan
           ),
           OptChoice.new(
             ['--plugins-version-detection MODE',
-             'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
-             'or --plugins-detection modes.'],
+             'Use the supplied mode to check plugins\' versions.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
           ),
           OptInteger.new(

app/controllers/password_attack.rb

@@ -19,31 +19,37 @@ module WPScan
           OptChoice.new(['--password-attack ATTACK',
                          'Force the supplied attack to be used rather than automatically determining one.'],
                         choices: %w[wp-login xmlrpc xmlrpc-multicall],
-                        normalize: %i[downcase underscore to_sym])
+                        normalize: %i[downcase underscore to_sym]),
+          OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
         ]
       end
 
+      def attack_opts
+        @attack_opts ||= {
+          show_progression: user_interaction?,
+          multicall_max_passwords: ParsedCli.multicall_max_passwords
+        }
+      end
+
       def run
         return unless ParsedCli.passwords
 
-        if user_interaction?
-          output('@info',
-                 msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s")
-        end
-
-        attack_opts = {
-          show_progression: user_interaction?,
-          multicall_max_passwords: ParsedCli.multicall_max_passwords
-        }
-
         begin
           found = []
 
-          attacker.attack(users, passwords(ParsedCli.passwords), attack_opts) do |user|
+          if user_interaction?
+            output('@info',
+                   msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s")
+          end
+
+          attacker.attack(users, ParsedCli.passwords, attack_opts) do |user|
             found << user
 
             attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}")
           end
+        rescue Error::NoLoginInterfaceDetected => e
+          # TODO: Maybe output that in JSON as well.
+          output('@notice', msg: e.to_s) if user_interaction?
         ensure
           output('users', users: found)
         end
@@ -65,6 +71,8 @@ module WPScan
 
         case ParsedCli.password_attack
         when :wp_login
+          raise Error::NoLoginInterfaceDetected unless target.login_url
+
           Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
           raise Error::XMLRPCNotDetected unless xmlrpc
@@ -81,8 +89,8 @@ module WPScan
       def xmlrpc_get_users_blogs_enabled?
         if xmlrpc&.enabled? &&
            xmlrpc.available_methods.include?('wp.getUsersBlogs') &&
-           xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
-                 .run.body !~ /XML\-RPC services are disabled/
+           !xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
+                  .run.body.match?(/>\s*405\s*</)
 
           true
         else
@@ -100,8 +108,10 @@ module WPScan
           else
             Finders::Passwords::XMLRPC.new(xmlrpc)
           end
-        else
+        elsif target.login_url
           Finders::Passwords::WpLogin.new(target)
+        else
+          raise Error::NoLoginInterfaceDetected
         end
       end
 
@@ -113,15 +123,6 @@ module WPScan
           acc << Model::User.new(elem.chomp)
         end
       end
-
-      # @param [ String ] wordlist_path
-      #
-      # @return [ Array<String> ]
-      def passwords(wordlist_path)
-        @passwords ||= File.open(wordlist_path).reduce([]) do |acc, elem|
-          acc << elem.chomp
-        end
-      end
     end
   end
 end

app/controllers/vuln_api.rb

@@ -4,20 +4,25 @@ module WPScan
   module Controller
     # Controller to handle the API token
     class VulnApi < CMSScanner::Controller::Base
+      ENV_KEY = 'WPSCAN_API_TOKEN'
+
       def cli_options
         [
-          OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
+          OptString.new(
+            ['--api-token TOKEN',
+             'The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile']
+          )
         ]
       end
 
       def before_scan
-        return unless ParsedCli.api_token
+        return unless ParsedCli.api_token || ENV.key?(ENV_KEY)
 
-        DB::VulnApi.token = ParsedCli.api_token
+        DB::VulnApi.token = ParsedCli.api_token || ENV[ENV_KEY]
 
         api_status = DB::VulnApi.status
 
-        raise Error::InvalidApiToken if api_status['error']
+        raise Error::InvalidApiToken if api_status['status'] == 'forbidden'
         raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
         raise api_status['http_error'] if api_status['http_error']
       end

app/finders/db_exports/known_locations.rb

@@ -40,7 +40,7 @@ module WPScan
         # @return [ Hash ]
         def potential_urls(opts = {})
           urls        = {}
-          domain_name = PublicSuffix.domain(target.uri.host)[/(^[\w|-]+)/, 1]
+          domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
 
           File.open(opts[:list]).each_with_index do |path, index|
             path.gsub!('{domain_name}', domain_name)

app/finders/interesting_findings.rb

@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
 require_relative 'interesting_findings/backup_db'
 require_relative 'interesting_findings/mu_plugins'
+require_relative 'interesting_findings/php_disabled'
 require_relative 'interesting_findings/registration'
 require_relative 'interesting_findings/tmm_db_migrate'
 require_relative 'interesting_findings/upload_sql_dump'
@@ -26,7 +27,7 @@ module WPScan
           %w[
             Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
             Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-            UploadSQLDump EmergencyPwdResetScript WPCron
+            UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
           ].each do |f|
             finders << InterestingFindings.const_get(f).new(target)
           end

app/finders/interesting_findings/backup_db.rb

@@ -16,8 +16,7 @@ module WPScan
             target.url(path),
             confidence: 70,
             found_by: DIRECT_ACCESS,
-            interesting_entries: target.directory_listing_entries(path),
-            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
+            interesting_entries: target.directory_listing_entries(path)
           )
         end
       end

app/finders/interesting_findings/debug_log.rb

@@ -11,11 +11,7 @@ module WPScan
 
           return unless target.debug_log?(path)
 
-          Model::DebugLog.new(
-            target.url(path),
-            confidence: 100, found_by: DIRECT_ACCESS,
-            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
-          )
+          Model::DebugLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/duplicator_installer_log.rb

@@ -9,14 +9,9 @@ module WPScan
         def aggressive(_opts = {})
           path = 'installer-log.txt'
 
-          return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
+          return unless /DUPLICATOR(-|\s)?(PRO|LITE)?:? INSTALL-LOG/i.match?(target.head_and_get(path).body)
 
-          Model::DuplicatorInstallerLog.new(
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
-          )
+          Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/emergency_pwd_reset_script.rb

@@ -15,10 +15,7 @@ module WPScan
           Model::EmergencyPwdResetScript.new(
             target.url(path),
             confidence: /password/i.match?(res.body) ? 100 : 40,
-            found_by: DIRECT_ACCESS,
-            references: {
-              url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
-            }
+            found_by: DIRECT_ACCESS
           )
         end
       end

app/finders/interesting_findings/full_path_disclosure.rb

@@ -16,8 +16,7 @@ module WPScan
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries,
-            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
+            interesting_entries: fpd_entries
           )
         end
       end

app/finders/interesting_findings/mu_plugins.rb

@@ -7,7 +7,7 @@ module WPScan
       class MuPlugins < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def passive(_opts = {})
-          pattern = %r{#{target.content_dir}/mu\-plugins/}i
+          pattern = %r{#{target.content_dir}/mu-plugins/}i
 
           target.in_scope_uris(target.homepage_res, '(//@href|//@src)[contains(., "mu-plugins")]') do |uri|
             next unless uri.path&.match?(pattern)
@@ -16,13 +16,7 @@ module WPScan
 
             target.mu_plugins = true
 
-            return Model::MuPlugins.new(
-              url,
-              confidence: 70,
-              found_by: 'URLs In Homepage (Passive Detection)',
-              to_s: "This site has 'Must Use Plugins': #{url}",
-              references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-            )
+            return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)')
           end
           nil
         end
@@ -37,13 +31,7 @@ module WPScan
 
           target.mu_plugins = true
 
-          Model::MuPlugins.new(
-            url,
-            confidence: 80,
-            found_by: DIRECT_ACCESS,
-            to_s: "This site has 'Must Use Plugins': #{url}",
-            references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-          )
+          Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/multisite.rb

@@ -12,18 +12,12 @@ module WPScan
           location = res.headers_hash['location']
 
           return unless [200, 302].include?(res.code)
-          return if res.code == 302 && location =~ /wp-login\.php\?action=register/
-          return unless res.code == 200 || res.code == 302 && location =~ /wp-signup\.php/
+          return if res.code == 302 && location&.include?('wp-login.php?action=register')
+          return unless res.code == 200 || res.code == 302 && location&.include?('wp-signup.php')
 
           target.multisite = true
 
-          Model::Multisite.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: 'This site seems to be a multisite',
-            references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
-          )
+          Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/php_disabled.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module InterestingFindings
+      # See https://github.com/wpscanteam/wpscan/issues/1593
+      class PHPDisabled < CMSScanner::Finders::Finder
+        PATTERN = /\$wp_version =/.freeze
+
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path = 'wp-includes/version.php'
+
+          return unless PATTERN.match?(target.head_and_get(path).body)
+
+          Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
+        end
+      end
+    end
+  end
+end

app/finders/interesting_findings/registration.rb

@@ -20,12 +20,7 @@ module WPScan
 
           target.registration_enabled = true
 
-          Model::Registration.new(
-            res.effective_url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Registration is enabled: #{res.effective_url}"
-          )
+          Model::Registration.new(res.effective_url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/tmm_db_migrate.rb

@@ -13,12 +13,7 @@ module WPScan
 
           return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
 
-          Model::TmmDbMigrate.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { packetstorm: 131_957 }
-          )
+          Model::TmmDbMigrate.new(url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/upload_directory_listing.rb

@@ -13,12 +13,7 @@ module WPScan
 
           url = target.url(path)
 
-          Model::UploadDirectoryListing.new(
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Upload directory has listing enabled: #{url}"
-          )
+          Model::UploadDirectoryListing.new(url, confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/upload_sql_dump.rb

@@ -14,11 +14,7 @@ module WPScan
 
           return unless SQL_PATTERN.match?(res.body)
 
-          Model::UploadSQLDump.new(
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS
-          )
+          Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
         end
       end
     end

app/finders/interesting_findings/wp_cron.rb

@@ -11,17 +11,7 @@ module WPScan
 
           return unless res.code == 200
 
-          Model::WPCron.new(
-            wp_cron_url,
-            confidence: 60,
-            found_by: DIRECT_ACCESS,
-            references: {
-              url: [
-                'https://www.iplocation.net/defend-wordpress-from-ddos',
-                'https://github.com/wpscanteam/wpscan/issues/1299'
-              ]
-            }
-          )
+          Model::WPCron.new(wp_cron_url, confidence: 60, found_by: DIRECT_ACCESS)
         end
 
         def wp_cron_url

app/finders/main_theme/css_style_in_homepage.rb

@@ -21,7 +21,7 @@ module WPScan
 
         def passive_from_css_href(res, opts)
           target.in_scope_uris(res, '//link/@href[contains(., "style.css")]') do |uri|
-            next unless uri.path =~ %r{/themes/([^\/]+)/style.css\z}i
+            next unless uri.path =~ %r{/themes/([^/]+)/style.css\z}i
 
             return create_theme(Regexp.last_match[1], uri.to_s, opts)
           end
@@ -33,7 +33,7 @@ module WPScan
             code = tag.text.to_s
             next if code.empty?
 
-            next unless code =~ %r{#{item_code_pattern('themes')}\\?/style\.css[^"'\( ]*}i
+            next unless code =~ %r{#{item_code_pattern('themes')}\\?/style\.css[^"'( ]*}i
 
             return create_theme(Regexp.last_match[1], Regexp.last_match[0].strip, opts)
           end

app/finders/main_theme/urls_in_homepage.rb

@@ -13,7 +13,7 @@ module WPScan
         def passive(opts = {})
           found = []
 
-          slugs = items_from_links('themes', false) + items_from_codes('themes', false)
+          slugs = items_from_links('themes', uniq: false) + items_from_codes('themes', uniq: false)
 
           slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
             found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))

app/finders/passwords/wp_login.rb

@@ -13,7 +13,7 @@ module WPScan
 
         def valid_credentials?(response)
           response.code == 302 &&
-            [*response.headers['Set-Cookie']]&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
+            Array(response.headers['Set-Cookie'])&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
         end
 
         def errored_response?(response)

app/finders/passwords/xml_rpc.rb

@@ -12,11 +12,11 @@ module WPScan
         end
 
         def valid_credentials?(response)
-          response.code == 200 && response.body =~ /blogName/
+          response.code == 200 && response.body.include?('blogName')
         end
 
         def errored_response?(response)
-          response.code != 200 && response.body !~ /login_error/i
+          response.code != 200 && response.body !~ /Incorrect username or password/i
         end
       end
     end

app/finders/passwords/xml_rpc_multicall.rb

@@ -22,8 +22,30 @@ module WPScan
           target.multi_call(methods, cache_ttl: 0).run
         end
 
+        # @param [ IO ] file
+        # @param [ Integer ] passwords_size
+        # @return [ Array<String> ] The passwords from the last checked position in the file until there are
+        #                           passwords_size passwords retrieved
+        def passwords_from_wordlist(file, passwords_size)
+          pwds       = []
+          added_pwds = 0
+
+          return pwds if passwords_size.zero?
+
+          # Make sure that the main code does not call #sysseek or #count etc
+          # otherwise the file descriptor will be set to somwehere else
+          file.each_line(chomp: true) do |line|
+            pwds << line
+            added_pwds += 1
+
+            break if added_pwds == passwords_size
+          end
+
+          pwds
+        end
+
         # @param [ Array<Model::User> ] users
-        # @param [ Array<String> ] passwords
+        # @param [ String ] wordlist_path
         # @param [ Hash ] opts
         # @option opts [ Boolean ] :show_progression
         # @option opts [ Integer ] :multicall_max_passwords
@@ -33,18 +55,22 @@ module WPScan
         # TODO: Make rubocop happy about metrics etc
         #
         # rubocop:disable all
-        def attack(users, passwords, opts = {})
-          wordlist_index         = 0
+        def attack(users, wordlist_path, opts = {})
+          checked_passwords      = 0
+          wordlist               = File.open(wordlist_path)
+          wordlist_size          = wordlist.count
           max_passwords          = opts[:multicall_max_passwords]
           current_passwords_size = passwords_size(max_passwords, users.size)
 
-          create_progress_bar(total: (passwords.size / current_passwords_size.round(1)).ceil,
+          create_progress_bar(total: (wordlist_size / current_passwords_size.round(1)).ceil,
                               show_progression: opts[:show_progression])
 
+          wordlist.sysseek(0) # reset the descriptor to the beginning of the file as it changed with #count
+
           loop do
-            current_users     = users.select { |user| user.password.nil? }
-            current_passwords = passwords[wordlist_index, current_passwords_size]
-            wordlist_index   += current_passwords_size
+            current_users      = users.select { |user| user.password.nil? }
+            current_passwords  = passwords_from_wordlist(wordlist, current_passwords_size)
+            checked_passwords += current_passwords_size
 
             break if current_users.empty? || current_passwords.nil? || current_passwords.empty?
 
@@ -76,16 +102,19 @@ module WPScan
                 break
               end
 
-              progress_bar.total = progress_bar.progress + ((passwords.size - wordlist_index) / current_passwords_size.round(1)).ceil
+              begin
+                progress_bar.total = progress_bar.progress + ((wordlist_size - checked_passwords) / current_passwords_size.round(1)).ceil
+              rescue ProgressBar::InvalidProgressError
+              end
             end
           end
           # Maybe a progress_bar.stop ?
         end
-        # rubocop:disable all
+        # rubocop:enable all
 
         def passwords_size(max_passwords, users_size)
           return 1 if max_passwords < users_size
-          return 0 if users_size == 0
+          return 0 if users_size.zero?
 
           max_passwords / users_size
         end
@@ -94,9 +123,13 @@ module WPScan
         def check_and_output_errors(res)
           progress_bar.log("Incorrect response: #{res.code} / #{res.return_message}") unless res.code == 200
 
-          progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)') if res.body =~ /parse error. not well formed/i
+          if /parse error. not well formed/i.match?(res.body)
+            progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)')
+          end
 
-          progress_bar.log('The requested method is not supported') if res.body =~ /requested method [^ ]+ does not exist/i
+          return unless /requested method [^ ]+ does not exist/i.match?(res.body)
+
+          progress_bar.log('The requested method is not supported')
         end
       end
     end

app/finders/plugin_version/readme.rb

@@ -48,7 +48,7 @@ module WPScan
         #
         # @return [ String, nil ] The version number detected from the stable tag
         def from_stable_tag(body)
-          return unless body =~ /\b(?:stable tag|version):\s*(?!trunk)([0-9a-z\.-]+)/i
+          return unless body =~ /\b(?:stable tag|version):\s*(?!trunk)([0-9a-z.-]+)/i
 
           number = Regexp.last_match[1]
 
@@ -59,7 +59,7 @@ module WPScan
         #
         # @return [ String, nil ] The best version number detected from the changelog section
         def from_changelog_section(body)
-          extracted_versions = body.scan(%r{[=]+\s+(?:v(?:ersion)?\s*)?([0-9\.-]+)[ \ta-z0-9\(\)\.\-\/]*[=]+}i)
+          extracted_versions = body.scan(%r{=+\s+(?:v(?:ersion)?\s*)?([0-9.-]+)[ \ta-z0-9().\-/]*=+}i)
 
           return if extracted_versions.nil? || extracted_versions.empty?
 
@@ -68,11 +68,9 @@ module WPScan
           extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
 
           sorted = extracted_versions.sort do |x, y|
-            begin
-              Gem::Version.new(x) <=> Gem::Version.new(y)
-            rescue StandardError
-              0
-            end
+            Gem::Version.new(x) <=> Gem::Version.new(y)
+          rescue StandardError
+            0
           end
 
           sorted.last

app/finders/theme_version/style.rb

@@ -30,7 +30,7 @@ module WPScan
 
         # @return [ Version ]
         def style_version
-          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z\.-]+)/i
+          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z.-]+)/i
 
           Model::Version.new(
             Regexp.last_match[1],

app/finders/users.rb

@@ -6,7 +6,8 @@ require_relative 'users/oembed_api'
 require_relative 'users/rss_generator'
 require_relative 'users/author_id_brute_forcing'
 require_relative 'users/login_error_messages'
-require_relative 'users/yoast_seo_author_sitemap.rb'
+require_relative 'users/author_sitemap'
+require_relative 'users/yoast_seo_author_sitemap'
 
 module WPScan
   module Finders
@@ -22,6 +23,7 @@ module WPScan
             Users::WpJsonApi.new(target) <<
             Users::OembedApi.new(target) <<
             Users::RSSGenerator.new(target) <<
+            Users::AuthorSitemap.new(target) <<
             Users::YoastSeoAuthorSitemap.new(target) <<
             Users::AuthorIdBruteForcing.new(target) <<
             Users::LoginErrorMessages.new(target)

app/finders/users/author_sitemap.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Users
+      # Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains
+      # the usernames of accounts who made a post
+      class AuthorSitemap < CMSScanner::Finders::Finder
+        # @param [ Hash ] opts
+        #
+        # @return [ Array<User> ]
+        def aggressive(_opts = {})
+          found = []
+
+          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
+            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
+
+            next unless username && !username.strip.empty?
+
+            found << Model::User.new(username,
+                                     found_by: found_by,
+                                     confidence: 100,
+                                     interesting_entries: [sitemap_url])
+          end
+
+          found
+        end
+
+        # @return [ String ] The URL of the sitemap
+        def sitemap_url
+          @sitemap_url ||= target.url('wp-sitemap-users-1.xml')
+        end
+      end
+    end
+  end
+end

app/finders/users/login_error_messages.rb

@@ -37,7 +37,7 @@ module WPScan
           # usernames from the potential Users found
           unames = opts[:found].map(&:username)
 
-          [*opts[:list]].each { |uname| unames << uname.chomp }
+          Array(opts[:list]).each { |uname| unames << uname.chomp }
 
           unames.uniq
         end

app/finders/users/rss_generator.rb

@@ -13,7 +13,7 @@ module WPScan
           urls.each do |url|
             res = Browser.get_and_follow_location(url)
 
-            next unless res.code == 200 && res.body =~ /<dc\:creator>/i
+            next unless res.code == 200 && res.body =~ /<dc:creator>/i
 
             potential_usernames = []
 

app/finders/users/wp_json_api.rb

@@ -21,7 +21,7 @@ module WPScan
           loop do
             current_page += 1
 
-            res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
+            res = Browser.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
 
             total_pages ||= res.headers['X-WP-TotalPages'].to_i
 

app/finders/users/yoast_seo_author_sitemap.rb

@@ -5,27 +5,7 @@ module WPScan
     module Users
       # The YOAST SEO plugin has an author-sitemap.xml which can leak usernames
       # See https://github.com/wpscanteam/wpscan/issues/1228
-      class YoastSeoAuthorSitemap < CMSScanner::Finders::Finder
-        # @param [ Hash ] opts
-        #
-        # @return [ Array<User> ]
-        def aggressive(_opts = {})
-          found = []
-
-          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
-            username = user_tag.text.to_s[%r{/author/([^\/]+)/}, 1]
-
-            next unless username && !username.strip.empty?
-
-            found << Model::User.new(username,
-                                     found_by: found_by,
-                                     confidence: 100,
-                                     interesting_entries: [sitemap_url])
-          end
-
-          found
-        end
-
+      class YoastSeoAuthorSitemap < AuthorSitemap
         # @return [ String ] The URL of the author-sitemap
         def sitemap_url
           @sitemap_url ||= target.url('author-sitemap.xml')

app/finders/wp_items/urls_in_page.rb

@@ -9,7 +9,7 @@ module WPScan
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
         # @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page
-        def items_from_links(type, uniq = true)
+        def items_from_links(type, uniq: true)
           found = []
           xpath = format(
             '(//@href|//@src|//@data-src)[contains(., "%s")]',
@@ -31,7 +31,7 @@ module WPScan
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
         # @return [Array<String> ] The plugins/themes detected in the javascript/style of the homepage
-        def items_from_codes(type, uniq = true)
+        def items_from_codes(type, uniq: true)
           found = []
 
           page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
@@ -55,7 +55,7 @@ module WPScan
         #
         # @return [ Regexp ]
         def item_code_pattern(type)
-          @item_code_pattern ||= %r{["'\( ]#{item_url_pattern(type)}([^\\\/\)"']+)}i
+          @item_code_pattern ||= %r{["'( ]#{item_url_pattern(type)}([^\\/)"']+)}i
         end
 
         # @param [ String ] type
@@ -66,9 +66,9 @@ module WPScan
           item_url = type == 'plugins' ? target.plugins_url : target.content_url
 
           url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
-          item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
+          item_dir = %r{(?:#{url}|\\?/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
 
-          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i
+          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?/}i
         end
       end
     end

app/models/interesting_finding.rb

@@ -7,46 +7,144 @@ module WPScan
       include References
     end
 
-    #
-    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
-    #
     class BackupDB < InterestingFinding
+      def to_s
+        @to_s ||= "A backup directory has been found: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://github.com/wpscanteam/wpscan/issues/422'] }
+      end
     end
 
     class DebugLog < InterestingFinding
+      def to_s
+        @to_s ||= "Debug Log found: #{url}"
+      end
+
+      # @ return [ Hash ]
+      def references
+        @references ||= { url: ['https://codex.wordpress.org/Debugging_in_WordPress'] }
+      end
     end
 
     class DuplicatorInstallerLog < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.exploit-db.com/ghdb/3981/'] }
+      end
     end
 
     class EmergencyPwdResetScript < InterestingFinding
+      def references
+        @references ||= {
+          url: ['https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script']
+        }
+      end
     end
 
     class FullPathDisclosure < InterestingFinding
+      def to_s
+        @to_s ||= "Full Path Disclosure found: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.owasp.org/index.php/Full_Path_Disclosure'] }
+      end
     end
 
     class MuPlugins < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "This site has 'Must Use Plugins': #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Must_Use_Plugins'] }
+      end
     end
 
     class Multisite < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'This site seems to be a multisite'
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Glossary#Multisite'] }
+      end
     end
 
     class Readme < InterestingFinding
+      def to_s
+        @to_s ||= "WordPress readme found: #{url}"
+      end
     end
 
     class Registration < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Registration is enabled: #{url}"
+      end
     end
 
     class TmmDbMigrate < InterestingFinding
+      def to_s
+        @to_s ||= "ThemeMakers migration file found: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { packetstorm: [131_957] }
+      end
     end
 
     class UploadDirectoryListing < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Upload directory has listing enabled: #{url}"
+      end
     end
 
     class UploadSQLDump < InterestingFinding
+      def to_s
+        @to_s ||= "SQL Dump found: #{url}"
+      end
     end
 
     class WPCron < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "The external WP-Cron seems to be enabled: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= {
+          url: [
+            'https://www.iplocation.net/defend-wordpress-from-ddos',
+            'https://github.com/wpscanteam/wpscan/issues/1299'
+          ]
+        }
+      end
+    end
+
+    class PHPDisabled < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'PHP seems to be disabled'
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= {
+          url: ['https://github.com/wpscanteam/wpscan/issues/1593']
+        }
+      end
     end
   end
 end

app/models/plugin.rb

@@ -38,7 +38,7 @@ module WPScan
 
       # @return [ Array<String> ]
       def potential_readme_filenames
-        @potential_readme_filenames ||= [*(DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)]
+        @potential_readme_filenames ||= Array((DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super))
       end
     end
   end

app/models/theme.rb

@@ -45,7 +45,7 @@ module WPScan
       # @return [ Theme ]
       def parent_theme
         return unless template
-        return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
+        return unless style_body =~ /^@import\surl\(["']?([^"')]+)["']?\);\s*$/i
 
         opts = detection_opts.merge(
           style_url: url(Regexp.last_match[1]),
@@ -101,7 +101,7 @@ module WPScan
       #
       # @return [ String ]
       def parse_style_tag(body, tag)
-        value = body[/#{Regexp.escape(tag)}:[\t ]*([^\r\n\*]+)/i, 1]
+        value = body[/\b#{Regexp.escape(tag)}:[\t ]*([^\r\n*]+)/, 1]
 
         value && !value.strip.empty? ? value.strip : nil
       end

app/models/timthumb.rb

@@ -40,9 +40,9 @@ module WPScan
       def rce_132_vuln
         Vulnerability.new(
           'Timthumb <= 1.32 Remote Code Execution',
-          { exploitdb: ['17602'] },
-          'RCE',
-          '1.33'
+          references: { exploitdb: ['17602'] },
+          type: 'RCE',
+          fixed_in: '1.33'
         )
       end
 
@@ -50,12 +50,12 @@ module WPScan
       def rce_webshot_vuln
         Vulnerability.new(
           'Timthumb <= 2.8.13 WebShot Remote Code Execution',
-          {
+          references: {
             url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
             cve: '2014-4663'
           },
-          'RCE',
-          '2.8.14'
+          type: 'RCE',
+          fixed_in: '2.8.14'
         )
       end
 

app/models/wp_item.rb

@@ -39,7 +39,7 @@ module WPScan
 
         @vulnerabilities = []
 
-        [*db_data['vulnerabilities']].each do |json_vuln|
+        Array(db_data['vulnerabilities']).each do |json_vuln|
           vulnerability = Vulnerability.load_from_json(json_vuln)
           @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
         end

app/models/wp_version.rb

@@ -53,7 +53,7 @@ module WPScan
 
         @vulnerabilities = []
 
-        [*db_data['vulnerabilities']].each do |json_vuln|
+        Array(db_data['vulnerabilities']).each do |json_vuln|
           @vulnerabilities << Vulnerability.load_from_json(json_vuln)
         end
 

app/models/xml_rpc.rb

@@ -8,7 +8,7 @@ module WPScan
 
       # @return [ Hash ]
       def references
-        {
+        @references ||= {
           url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
           metasploit: [
             'auxiliary/scanner/http/wordpress_ghost_scanner',

app/views/cli/password_attack/users.erb

@@ -2,7 +2,7 @@
 <% if @users.empty? -%>
 <%= notice_icon %> No Valid Passwords Found.
 <% else -%>
-<%= notice_icon %> Valid Combinations Found:
+<%= critical_icon %> Valid Combinations Found:
 <% @users.each do |user| -%>
  | Username: <%= user.username %>, Password: <%= user.password %>
 <% end -%>

app/views/cli/vuln_api/status.erb

@@ -1,13 +1,13 @@
 <% unless @status.empty? -%>
 <% if @status['http_error'] -%>
-<%= critical_icon %> WPVulnDB API, <%= @status['http_error'].to_s %>
+<%= critical_icon %> WPScan DB API, <%= @status['http_error'].to_s %>
 <% else -%>
-<%= info_icon %> WPVulnDB API OK
+<%= info_icon %> WPScan DB API OK
  | Plan: <%= @status['plan'] %>
  | Requests Done (during the scan): <%= @api_requests %>
  | Requests Remaining: <%= @status['requests_remaining'] %>
 <% end -%>
 <% else -%>
-<%= warning_icon %> No WPVulnDB API Token given, as a result vulnerability data has not been output.
-<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
+<%= warning_icon %> No WPScan API Token given, as a result vulnerability data has not been output.
+<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
 <% end -%>

app/views/cli/vulnerability.erb

@@ -1,4 +1,7 @@
  | <%= critical_icon %> Title: <%= @v.title %>
+<% if @v.cvss -%>
+ |     CVSS: <%= @v.cvss[:score] %> (<%= @v.cvss[:vector] %>)
+<% end -%>
 <% if @v.fixed_in -%>
  |     Fixed in: <%= @v.fixed_in %>
 <% end -%>

app/views/json/finding.erb

@@ -19,6 +19,9 @@
   <% vulns.each_with_index do |v, index| -%>
   {
     "title": <%= v.title.to_json %>,
+    <% if v.cvss -%>
+    "cvss": <%= v.cvss.to_json %>,
+    <% end -%>
     "fixed_in": <%= v.fixed_in.to_json %>,
     "references": <%= v.references.to_json %>
   }<% unless index == last_index -%>,<% end -%>

app/views/json/vuln_api/status.erb

@@ -8,6 +8,6 @@
 "requests_remaining": <%= @status['requests_remaining'].to_json %>
 <% end -%>
 <% else -%>
-"error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"
+"error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpscan.com/register"
 <% end -%>
 },

lib/wpscan/browser.rb

@@ -7,7 +7,7 @@ module WPScan
 
     # @return [ String ]
     def default_user_agent
-      @default_user_agent ||= "WPScan v#{VERSION} (https://wpscan.org/)"
+      @default_user_agent ||= "WPScan v#{VERSION} (https://wpscan.com/wordpress-security-scanner)"
     end
   end
 end

lib/wpscan/db/dynamic_finders/base.rb

@@ -31,7 +31,7 @@ module WPScan
 
           finder_configs(
             finder_class,
-            Regexp.last_match[1] == 'aggressive'
+            aggressive: Regexp.last_match[1] == 'aggressive'
           )
         end
 

lib/wpscan/db/dynamic_finders/plugin.rb

@@ -16,7 +16,7 @@ module WPScan
         # @param [ Symbol ] finder_class
         # @param [ Boolean ] aggressive
         # @return [ Hash ]
-        def self.finder_configs(finder_class, aggressive = false)
+        def self.finder_configs(finder_class, aggressive: false)
           configs = {}
 
           return configs unless allowed_classes.include?(finder_class)

lib/wpscan/db/dynamic_finders/wordpress.rb

@@ -24,7 +24,7 @@ module WPScan
         # @param [ Symbol ] finder_class
         # @param [ Boolean ] aggressive
         # @return [ Hash ]
-        def self.finder_configs(finder_class, aggressive = false)
+        def self.finder_configs(finder_class, aggressive: false)
           configs = {}
 
           return configs unless allowed_classes.include?(finder_class)

lib/wpscan/db/updater.rb

@@ -139,24 +139,22 @@ module WPScan
         updated = []
 
         FILES.each do |filename|
-          begin
-            db_checksum = remote_file_checksum(filename)
+          db_checksum = remote_file_checksum(filename)
 
-            # Checking if the file needs to be updated
-            next if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
+          # Checking if the file needs to be updated
+          next if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
 
-            create_backup(filename)
-            dl_checksum = download(filename)
+          create_backup(filename)
+          dl_checksum = download(filename)
 
-            raise "#{filename}: checksums do not match" unless dl_checksum == db_checksum
+          raise Error::ChecksumsMismatch, filename unless dl_checksum == db_checksum
 
-            updated << filename
-          rescue StandardError => e
-            restore_backup(filename)
-            raise e
-          ensure
-            delete_backup(filename) if File.exist?(backup_file_path(filename))
-          end
+          updated << filename
+        rescue StandardError => e
+          restore_backup(filename)
+          raise e
+        ensure
+          delete_backup(filename) if File.exist?(backup_file_path(filename))
         end
 
         File.write(last_update_file, Time.now)

lib/wpscan/db/vuln_api.rb

@@ -4,7 +4,7 @@ module WPScan
   module DB
     # WPVulnDB API
     class VulnApi
-      NON_ERROR_CODES = [200, 401].freeze
+      NON_ERROR_CODES = [200, 403].freeze
 
       class << self
         attr_accessor :token
@@ -12,7 +12,7 @@ module WPScan
 
       # @return [ Addressable::URI ]
       def self.uri
-        @uri ||= Addressable::URI.parse('https://wpvulndb.com/api/v3/')
+        @uri ||= Addressable::URI.parse('https://wpscan.com/api/v3/')
       end
 
       # @param [ String ] path
@@ -26,7 +26,7 @@ module WPScan
         # Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
         res = Typhoeus.get(uri.join(path), default_request_params.merge(params))
 
-        return {} if res.code == 404 # This is for API inconsistencies when dots in path
+        return {} if res.code == 404 || res.code == 429
         return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
 
         raise Error::HTTP, res
@@ -34,6 +34,8 @@ module WPScan
         retries ||= 0
 
         if (retries += 1) <= 3
+          @default_request_params[:headers]['X-Retry'] = retries
+
           sleep(1)
           retry
         end
@@ -68,7 +70,7 @@ module WPScan
       # @return [ Hash ]
       # @note Those params can not be overriden by CLI options
       def self.default_request_params
-        Browser.instance.default_connect_request_params.merge(
+        @default_request_params ||= Browser.instance.default_connect_request_params.merge(
           headers: {
             'User-Agent' => Browser.instance.default_user_agent,
             'Authorization' => "Token token=#{token}"

lib/wpscan/errors/update.rb

@@ -8,5 +8,17 @@ module WPScan
         'Update required, you can not run a scan if a database file is missing.'
       end
     end
+
+    class ChecksumsMismatch < Standard
+      attr_reader :db_file
+
+      def initialize(db_file)
+        @db_file = db_file
+      end
+
+      def to_s
+        "#{db_file}: checksums do not match. Please try again in a few minutes."
+      end
+    end
   end
 end

lib/wpscan/errors/wordpress.rb

@@ -29,5 +29,11 @@ module WPScan
         ' use the --scope option or make sure the --url value given is the correct one'
       end
     end
+
+    class NoLoginInterfaceDetected < Standard
+      def to_s
+        'Could not find a login interface to perform the password attack against'
+      end
+    end
   end
 end

lib/wpscan/finders/dynamic_finder/finder.rb

@@ -17,7 +17,7 @@ module WPScan
         end
 
         # Needed to have inheritance of the @child_class_constants
-        # If inheritance is not needed, then the #child_class_constant can be used in the classe definition, ie
+        # If inheritance is not needed, then the #child_class_constant can be used in the class definition, ie
         #   child_class_constant :FILES, PATTERN: /aaa/i
         # @return [ Hash ]
         def self.child_class_constants
@@ -56,9 +56,7 @@ module WPScan
 
           homepage_result = find(target.homepage_res, opts)
 
-          if homepage_result
-            return homepage_result unless homepage_result.is_a?(Array) && homepage_result.empty?
-          end
+          return homepage_result unless homepage_result.nil? || homepage_result.is_a?(Array) && homepage_result&.empty?
 
           find(target.error_404_res, opts)
         end

lib/wpscan/finders/dynamic_finder/version/config_parser.rb

@@ -11,7 +11,7 @@ module WPScan
 
           def self.child_class_constants
             @child_class_constants ||= super.merge(
-              PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 70
+              PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[.\d]+)/, CONFIDENCE: 70
             )
           end
 
@@ -21,13 +21,11 @@ module WPScan
             parsers = ALLOWED_PARSERS.include?(self.class::PARSER) ? [self.class::PARSER] : ALLOWED_PARSERS
 
             parsers.each do |parser|
-              begin
-                parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
+              parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
 
-                return parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
-              rescue StandardError
-                next
-              end
+              return parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
+            rescue StandardError
+              next
             end
 
             nil # Make sure nil is returned in case none of the parsers managed to parse the body correctly

lib/wpscan/finders/dynamic_finder/version/query_parameter.rb

@@ -9,7 +9,7 @@ module WPScan
           # @return [ Hash ]
           def self.child_class_constants
             @child_class_constants ||= super().merge(
-              XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)\=(?<v>\d+\.[\.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
+              XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)=(?<v>\d+\.[.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
             )
           end
 

lib/wpscan/finders/dynamic_finder/version/xpath.rb

@@ -9,7 +9,7 @@ module WPScan
           # @return [ Hash ]
           def self.child_class_constants
             @child_class_constants ||= super().merge(
-              XPATH: nil, PATTERN: /\A(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 60
+              XPATH: nil, PATTERN: /\A(?<v>\d+\.[.\d]+)/, CONFIDENCE: 60
             )
           end
 

lib/wpscan/finders/dynamic_finder/wp_version.rb

@@ -33,7 +33,7 @@ module WPScan
 
           # @return [ Hash ]
           def self.child_class_constants
-            @child_class_constants ||= super().merge(PATTERN: /ver\=(?<v>\d+\.[\.\d]+)/i)
+            @child_class_constants ||= super().merge(PATTERN: /ver=(?<v>\d+\.[.\d]+)/i)
           end
         end
 

lib/wpscan/helper.rb

@@ -13,7 +13,7 @@ end
 #
 # @return [ Symbol ]
 def classify_slug(slug)
-  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
+  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
   classified = "D_#{classified}" if /\d/.match?(classified[0])
 
   classified.to_sym

lib/wpscan/references.rb

@@ -2,7 +2,7 @@
 
 module WPScan
   # References module (which should be included along with the CMSScanner::References)
-  # to allow the use of the wpvulndb reference
+  # to allow the use of the wpvulndb reference.
   module References
     extend ActiveSupport::Concern
 
@@ -27,7 +27,7 @@ module WPScan
     end
 
     def wpvulndb_url(id)
-      "https://wpvulndb.com/vulnerabilities/#{id}"
+      "https://wpscan.com/vulnerability/#{id}"
     end
   end
 end

lib/wpscan/target.rb

@@ -19,13 +19,13 @@ module WPScan
     # @return [ Boolean ]
     def vulnerable?
       [@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e|
-        [*e].each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation
+        Array(e).each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation
       end
 
-      return true unless [*@config_backups].empty?
-      return true unless [*@db_exports].empty?
+      return true unless Array(@config_backups).empty?
+      return true unless Array(@db_exports).empty?
 
-      [*@users].each { |u| return true if u.password }
+      Array(@users).each { |u| return true if u.password }
 
       false
     end

lib/wpscan/target/platform/wordpress.rb

@@ -11,9 +11,10 @@ module WPScan
       module WordPress
         include CMSScanner::Target::Platform::PHP
 
-        WORDPRESS_PATTERN      = %r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i.freeze
-        WP_JSON_OEMBED_PATTERN = %r{/wp\-json/oembed/}i.freeze
-        WP_ADMIN_AJAX_PATTERN  = %r{\\?/wp\-admin\\?/admin\-ajax\.php}i.freeze
+        WORDPRESS_PATTERN        = %r{/(?:(?:wp-content/(?:themes|(?:mu-)?plugins|uploads))|wp-includes)/}i.freeze
+        WORDPRESS_HOSTED_PATTERN = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
+        WP_JSON_OEMBED_PATTERN   = %r{/wp-json/oembed/}i.freeze
+        WP_ADMIN_AJAX_PATTERN    = %r{\\?/wp-admin\\?/admin-ajax\.php}i.freeze
 
         # These methods are used in the associated interesting_findings finders
         # to keep the boolean state of the finding rather than re-check the whole thing again
@@ -48,7 +49,7 @@ module WPScan
         # @param [ Typhoeus::Response ] response
         # @return [ Boolean ]
         def wordpress_from_meta_comments_or_scripts?(response)
-          in_scope_uris(response, '//link/@href|//script/@src|//img/@src') do |uri|
+          in_scope_uris(response, '//link/@href|//script/@src') do |uri|
             return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
           end
 
@@ -103,11 +104,8 @@ module WPScan
           return true if /\.wordpress\.com$/i.match?(uri.host)
 
           unless content_dir
-            pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
-            xpath   = '(//@href|//@src)[contains(., "wp.com")]'
-
-            uris_from_page(homepage_res, xpath) do |uri|
-              return true if uri.to_s.match?(pattern)
+            uris_from_page(homepage_res, '(//@href|//@src)[contains(., "wp.com")]') do |uri|
+              return true if uri.to_s.match?(WORDPRESS_HOSTED_PATTERN)
             end
           end
 
@@ -139,15 +137,19 @@ module WPScan
         # the first time the method is called, and the effective_url is then used
         # if suitable, otherwise the default wp-login will be.
         #
-        # @return [ String ] The URL to the login page
+        # If the login_uri CLI option has been provided, it will be returne w/o redirection check.
+        #
+        # @return [ String, false ] The URL to the login page or false if not detected
         def login_url
-          return @login_url if @login_url
+          return @login_url unless @login_url.nil?
+          return @login_url = url(ParsedCli.login_uri) if ParsedCli.login_uri
 
           @login_url = url('wp-login.php')
 
           res = Browser.get_and_follow_location(@login_url)
 
-          @login_url = res.effective_url if res.effective_url =~ /wp\-login\.php\z/i && in_scope?(res.effective_url)
+          @login_url = res.effective_url if res.effective_url =~ /wp-login\.php\z/i && in_scope?(res.effective_url)
+          @login_url = false if res.code == 404
 
           @login_url
         end

lib/wpscan/target/platform/wordpress/custom_directories.rb

@@ -104,7 +104,7 @@ module WPScan
           return @sub_dir unless @sub_dir.nil?
 
           # url_pattern is from CMSScanner::Target
-          pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
+          pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp-includes/)}i
           xpath = '(//@src|//@href|//@data-src)[contains(., "xmlrpc.php") or contains(., "wp-includes/")]'
 
           [homepage_res, error_404_res].each do |page_res|
@@ -124,9 +124,9 @@ module WPScan
         def url(path = nil)
           return @uri.to_s unless path
 
-          if %r{wp\-content/plugins}i.match?(path)
+          if %r{wp-content/plugins}i.match?(path)
             path = +path.gsub('wp-content/plugins', plugins_dir)
-          elsif /wp\-content/i.match?(path)
+          elsif /wp-content/i.match?(path)
             path = +path.gsub('wp-content', content_dir)
           elsif path[0] != '/' && sub_dir
             path = "#{sub_dir}/#{path}"

lib/wpscan/typhoeus/response.rb

@@ -7,7 +7,8 @@ module Typhoeus
     #
     # @return [ Boolean ]
     def from_vuln_api?
-      effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) && !effective_url.include?('/status')
+      effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) &&
+        !effective_url.start_with?(WPScan::DB::VulnApi.uri.join('status').to_s)
     end
   end
 end

lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.7.9'
+  VERSION = '3.8.13'
 end

lib/wpscan/vulnerability.rb

@@ -18,9 +18,10 @@ module WPScan
 
       new(
         json_data['title'],
-        references,
-        json_data['vuln_type'],
-        json_data['fixed_in']
+        references: references,
+        type: json_data['vuln_type'],
+        fixed_in: json_data['fixed_in'],
+        cvss: json_data['cvss']&.symbolize_keys
       )
     end
   end

spec/app/controllers/core_spec.rb

@@ -52,9 +52,10 @@ describe WPScan::Controller::Core do
       %i[apache iis nginx].each do |server|
         context "when #{server}" do
           let(:cli_args) { "#{super()} --server #{server}" }
+          let(:servers)  { [:Apache, nil, :IIS, :Nginx] }
 
           it "loads the #{server.capitalize} module and returns :#{server}" do
-            @stubbed_server = [:Apache, nil, :IIS, :Nginx].sample
+            @stubbed_server = servers.sample
             @expected       = server == :iis ? :IIS : server.to_s.camelize.to_sym
           end
         end
@@ -70,7 +71,7 @@ describe WPScan::Controller::Core do
         let(:cli_args) { "#{super()} --no-update" }
 
         it 'raises an error' do
-          expect { core.update_db_required? }. to raise_error(WPScan::Error::MissingDatabaseFile)
+          expect { core.update_db_required? }.to raise_error(WPScan::Error::MissingDatabaseFile)
         end
       end
 

spec/app/controllers/password_attack_spec.rb

@@ -1,5 +1,24 @@
 # frozen_string_literal: true
 
+XMLRPC_FAILED_BODY = '
+<?xml version="1.0" encoding="UTF-8"?>
+<methodResponse>
+  <fault>
+    <value>
+      <struct>
+        <member>
+          <name>faultCode</name>
+          <value><int>405</int></value>
+        </member>
+        <member>
+          <name>faultString</name>
+          <value><string>%s</string></value>
+        </member>
+      </struct>
+    </value>
+  </fault>
+</methodResponse>'
+
 describe WPScan::Controller::PasswordAttack do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
@@ -15,13 +34,13 @@ describe WPScan::Controller::PasswordAttack do
 
     it 'contains to correct options' do
       expect(controller.cli_options.map(&:to_sym))
-        .to eq(%i[passwords usernames multicall_max_passwords password_attack])
+        .to eq(%i[passwords usernames multicall_max_passwords password_attack login_uri])
     end
   end
 
   describe '#users' do
     context 'when no --usernames' do
-      it 'calles target.users' do
+      it 'calls target.users' do
         expect(controller.target).to receive(:users)
         controller.users
       end
@@ -40,10 +59,6 @@ describe WPScan::Controller::PasswordAttack do
     end
   end
 
-  describe '#passwords' do
-    xit
-  end
-
   describe '#run' do
     context 'when no --passwords is supplied' do
       it 'does not run the attacker' do
@@ -85,20 +100,34 @@ describe WPScan::Controller::PasswordAttack do
       end
 
       context 'when wp.getUsersBlogs method listed' do
-        before { expect(xmlrpc).to receive(:available_methods).and_return(%w[wp.getUsersBlogs m2]) }
+        before do
+          expect(xmlrpc).to receive(:available_methods).and_return(%w[wp.getUsersBlogs m2])
+
+          stub_request(:post, xmlrpc.url).to_return(body: body)
+        end
 
         context 'when wp.getUsersBlogs method disabled' do
-          it 'returns false' do
-            stub_request(:post, xmlrpc.url).to_return(body: 'XML-RPC services are disabled on this site.')
+          context 'when blog is in EN' do
+            let(:body) { format(XMLRPC_FAILED_BODY, 'XML-RPC services are disabled on this site.') }
 
-            expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
+            it 'returns false' do
+              expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
+            end
+          end
+
+          context 'when blog is in FR' do
+            let(:body) { format(XMLRPC_FAILED_BODY, 'Les services XML-RPC sont désactivés sur ce site.') }
+
+            it 'returns false' do
+              expect(controller.xmlrpc_get_users_blogs_enabled?).to be false
+            end
           end
         end
 
         context 'when wp.getUsersBlogs method enabled' do
-          it 'returns true' do
-            stub_request(:post, xmlrpc.url).to_return(body: 'Incorrect username or password.')
+          let(:body) { 'Incorrect username or password.' }
 
+          it 'returns true' do
             expect(controller.xmlrpc_get_users_blogs_enabled?).to be true
           end
         end
@@ -107,15 +136,34 @@ describe WPScan::Controller::PasswordAttack do
   end
 
   describe '#attacker' do
+    before do
+      allow(controller.target).to receive(:sub_dir)
+      controller.target.instance_variable_set(:@login_url, nil)
+    end
+
     context 'when --password-attack provided' do
       let(:cli_args) { "#{super()} --password-attack #{attack}" }
 
       context 'when wp-login' do
+        before { stub_request(:get, controller.target.url('wp-login.php')).to_return(status: status) }
+
         let(:attack) { 'wp-login' }
 
-        it 'returns the correct object' do
-          expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
-          expect(controller.attacker.target).to be_a WPScan::Target
+        context 'when available' do
+          let(:status) { 200 }
+
+          it 'returns the correct object' do
+            expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
+            expect(controller.attacker.target).to be_a WPScan::Target
+          end
+        end
+
+        context 'when not available (404)' do
+          let(:status) { 404 }
+
+          it 'raises an error' do
+            expect { controller.attacker }.to raise_error(WPScan::Error::NoLoginInterfaceDetected)
+          end
         end
       end
 
@@ -172,11 +220,26 @@ describe WPScan::Controller::PasswordAttack do
 
     context 'when automatic detection' do
       context 'when xmlrpc_get_users_blogs_enabled? is false' do
-        it 'returns the WpLogin' do
+        before do
           expect(controller).to receive(:xmlrpc_get_users_blogs_enabled?).and_return(false)
+          stub_request(:get, controller.target.url('wp-login.php')).to_return(status: status)
+        end
 
-          expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
-          expect(controller.attacker.target).to be_a WPScan::Target
+        context 'when wp-login available' do
+          let(:status) { 200 }
+
+          it 'returns the WpLogin' do
+            expect(controller.attacker).to be_a WPScan::Finders::Passwords::WpLogin
+            expect(controller.attacker.target).to be_a WPScan::Target
+          end
+        end
+
+        context 'when wp-login.php not available' do
+          let(:status) { 404 }
+
+          it 'raises an error' do
+            expect { controller.attacker }.to raise_error(WPScan::Error::NoLoginInterfaceDetected)
+          end
         end
       end
 

spec/app/controllers/vuln_api_spec.rb

@@ -7,6 +7,7 @@ describe WPScan::Controller::VulnApi do
 
   before do
     WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
+    WPScan::DB::VulnApi.instance_variable_set(:'@default_request_params', nil)
   end
 
   describe '#cli_options' do
@@ -27,7 +28,7 @@ describe WPScan::Controller::VulnApi do
       let(:cli_args) { "#{super()} --api-token token" }
 
       context 'when the token is invalid' do
-        before { expect(WPScan::DB::VulnApi).to receive(:status).and_return('error' => 'HTTP Token: Access denied.') }
+        before { expect(WPScan::DB::VulnApi).to receive(:status).and_return('status' => 'forbidden') }
 
         it 'raise an InvalidApiToken error' do
           expect { controller.before_scan }.to raise_error(WPScan::Error::InvalidApiToken)
@@ -74,20 +75,40 @@ describe WPScan::Controller::VulnApi do
           context 'when limited requests' do
             let(:requests) { 100 }
 
-            it 'does not raise an error' do
+            it 'sets the token and does not raise an error' do
               expect { controller.before_scan }.to_not raise_error
+
+              expect(WPScan::DB::VulnApi.token).to eql 'token'
             end
 
             context 'when unlimited requests' do
               let(:requests) { 'Unlimited' }
 
-              it 'does not raise an error' do
+              it 'sets the token and does not raise an error' do
                 expect { controller.before_scan }.to_not raise_error
+
+                expect(WPScan::DB::VulnApi.token).to eql 'token'
               end
             end
           end
         end
       end
     end
+
+    context 'when token in ENV' do
+      before do
+        ENV[described_class::ENV_KEY] = 'token-from-env'
+
+        expect(WPScan::DB::VulnApi)
+          .to receive(:status)
+          .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 'Unlimited')
+      end
+
+      it 'sets the token and does not raise an error' do
+        expect { controller.before_scan }.to_not raise_error
+
+        expect(WPScan::DB::VulnApi.token).to eql 'token-from-env'
+      end
+    end
   end
 end

spec/app/finders/db_exports/known_locations_spec.rb

@@ -12,7 +12,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
       allow(target).to receive(:sub_dir).and_return(false)
     end
 
-    it 'replace {domain_name} by its value' do
+    it 'replaces {domain_name} by its value' do
       expect(finder.potential_urls(opts).keys).to eql %w[
         http://ex.lo/aa/ex.sql
         http://ex.lo/aa/wordpress.sql
@@ -27,7 +27,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
       context "when #{sub_domain} sub-domain" do
         let(:url) { "https://#{sub_domain}.domain.tld" }
 
-        it 'replace {domain_name} by its correct value' do
+        it 'replaces {domain_name} by its correct value' do
           expect(finder.potential_urls(opts).keys).to include "#{url}/domain.sql"
         end
       end
@@ -36,7 +36,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
     context 'when multi-level tlds' do
       let(:url) { 'https://something.com.tr' }
 
-      it 'replace {domain_name} by its correct value' do
+      it 'replaces {domain_name} by its correct value' do
         expect(finder.potential_urls(opts).keys).to include 'https://something.com.tr/something.sql'
       end
     end
@@ -44,7 +44,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
     context 'when multi-level tlds and sub-domain' do
       let(:url) { 'https://dev.something.com.tr' }
 
-      it 'replace {domain_name} by its correct value' do
+      it 'replaces {domain_name} by its correct value' do
         expect(finder.potential_urls(opts).keys).to include 'https://dev.something.com.tr/something.sql'
       end
     end
@@ -52,10 +52,18 @@ describe WPScan::Finders::DbExports::KnownLocations do
     context 'when some weird stuff' do
       let(:url) { 'https://098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.com' }
 
-      it 'replace {domain_name} by its correct value' do
+      it 'replaces {domain_name} by its correct value' do
         expect(finder.potential_urls(opts).keys).to include "#{url}/domain-test.sql"
       end
     end
+
+    context 'when a non standard URL' do
+      let(:url) { 'http://dc-2' }
+
+      it 'replaces {domain_name} by its correct value' do
+        expect(finder.potential_urls(opts).keys).to include "#{url}/dc-2.sql"
+      end
+    end
   end
 
   describe '#aggressive' do

spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb

@@ -35,15 +35,47 @@ describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
       end
 
       context 'when the body matches' do
-        let(:body) { File.read(fixtures.join(filename)) }
-
-        it 'returns the InterestingFinding' do
+        after do
           expect(finder.aggressive).to eql WPScan::Model::DuplicatorInstallerLog.new(
             log_url,
             confidence: 100,
             found_by: described_class::DIRECT_ACCESS
           )
         end
+
+        context 'when old versions of the file' do
+          let(:body) { File.read(fixtures.join('old.txt')) }
+
+          it 'returns the InterestingFinding' do
+            # handled in after loop above
+          end
+        end
+
+        context 'when newest versions of the file' do
+          context 'when PRO format 1' do
+            let(:body) { File.read(fixtures.join('pro.txt')) }
+
+            it 'returns the InterestingFinding' do
+              # handled in after loop above
+            end
+          end
+
+          context 'when PRO format 2' do
+            let(:body) { File.read(fixtures.join('pro2.txt')) }
+
+            it 'returns the InterestingFinding' do
+              # handled in after loop above
+            end
+          end
+
+          context 'when LITE' do
+            let(:body) { File.read(fixtures.join('lite.txt')) }
+
+            it 'returns the InterestingFinding' do
+              # handled in after loop above
+            end
+          end
+        end
       end
     end
   end

spec/app/finders/interesting_findings/emergency_pwd_reset_script_spec.rb

@@ -4,7 +4,7 @@ describe WPScan::Finders::InterestingFindings::EmergencyPwdResetScript do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:file_url)   { url + 'emergency.php' }
+  let(:file_url)   { "#{url}emergency.php" }
   let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'emergency_pwd_reset_script') }
 
   before do

spec/app/finders/interesting_findings/php_disabled_spec.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+describe WPScan::Finders::InterestingFindings::PHPDisabled do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
+  let(:url)        { 'http://ex.lo/' }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'php_disabled') }
+  let(:file_path)  { 'wp-includes/version.php' }
+  let(:file_url)   { target.url(file_path) }
+
+  describe '#aggressive' do
+    before do
+      expect(target).to receive(:sub_dir).at_least(1).and_return(false)
+      expect(target).to receive(:head_or_get_params).and_return(method: :head)
+    end
+
+    context 'when not a 200' do
+      it 'return nil' do
+        stub_request(:head, file_url).to_return(status: 404)
+
+        expect(finder.aggressive).to eql nil
+      end
+    end
+
+    context 'when a 200' do
+      before do
+        stub_request(:head, file_url)
+        stub_request(:get, file_url).to_return(body: body)
+      end
+
+      context 'when the body does not match' do
+        let(:body) { '' }
+
+        its(:aggressive) { should be_nil }
+      end
+
+      context 'when the body matches' do
+        let(:body) { File.read(fixtures.join('version.php')) }
+
+        it 'returns the PHPDisabled' do
+          expect(finder.aggressive).to eql WPScan::Model::PHPDisabled.new(
+            file_url,
+            confidence: 100,
+            found_by: described_class::DIRECT_ACCESS
+          )
+        end
+      end
+    end
+  end
+end

spec/app/finders/interesting_findings/upload_sql_dump_spec.rb

@@ -4,7 +4,7 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:dump_url)   { url + 'wp-content/uploads/dump.sql' }
+  let(:dump_url)   { "#{url}wp-content/uploads/dump.sql" }
   let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'upload_sql_dump') }
   let(:wp_content) { 'wp-content' }
 

spec/app/finders/interesting_findings_spec.rb

@@ -10,7 +10,7 @@ describe WPScan::Finders::InterestingFindings::Base do
       %w[
         Readme DebugLog FullPathDisclosure
         Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-        UploadSQLDump
+        UploadSQLDump PHPDisabled
       ]
     end
 

spec/app/finders/medias/attachment_brute_forcing_spec.rb

@@ -13,8 +13,8 @@ describe WPScan::Finders::Medias::AttachmentBruteForcing do
   describe '#target_urls' do
     it 'returns the expected urls' do
       expect(finder.target_urls(range: (1..2))).to eql(
-        url + '?attachment_id=1' => 1,
-        url + '?attachment_id=2' => 2
+        "#{url}?attachment_id=1" => 1,
+        "#{url}?attachment_id=2" => 2
       )
     end
   end

spec/app/finders/passwords/xml_rpc_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+describe WPScan::Finders::Passwords::XMLRPC do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Model::XMLRPC.new(url) }
+  let(:url)        { 'http://ex.lo/xmlrpc.php' }
+
+  RESPONSE_403_BODY = '<?xml version="1.0" encoding="UTF-8"?>
+    <methodResponse>
+      <fault>
+        <value>
+          <struct>
+            <member>
+              <name>faultCode</name>
+              <value><int>403</int></value>
+            </member>
+            <member>
+              <name>faultString</name>
+              <value><string>Incorrect username or password.</string></value>
+            </member>
+          </struct>
+        </value>
+      </fault>
+    </methodResponse>'
+
+  describe '#attack' do
+    let(:wordlist_path) { FINDERS_FIXTURES.join('passwords.txt').to_s }
+
+    context 'when no valid credentials' do
+      before do
+        stub_request(:post, url).to_return(status: status, body: RESPONSE_403_BODY)
+
+        finder.attack(users, wordlist_path)
+      end
+
+      let(:users) { %w[admin].map { |username| WPScan::Model::User.new(username) } }
+
+      context 'when status = 200' do
+        let(:status) { 200 }
+
+        its('progress_bar.log') { should be_empty }
+      end
+
+      context 'when status = 403' do
+        let(:status) { 403 }
+
+        its('progress_bar.log') { should be_empty }
+      end
+    end
+  end
+end

spec/app/finders/plugin_version/readme_spec.rb

@@ -109,7 +109,7 @@ describe WPScan::Finders::PluginVersion::Readme do
         'a-lead-capture-contact-form-and-tab-button-by-awebvoicecom' => '3.1',
         'backup-scheduler' => '1.5.9',
         'release_date_slash' => '1.0.4'
-      }. each do |file, version_number|
+      }.each do |file, version_number|
         context "whith #{file}.txt" do
           it 'returns the expected version' do
             @file = "#{file}.txt"

spec/app/finders/users/author_id_brute_forcing_spec.rb

@@ -13,8 +13,8 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do
   describe '#target_urls' do
     it 'returns the correct URLs' do
       expect(finder.target_urls(range: (1..2))).to eql(
-        url + '?author=1' => 1,
-        url + '?author=2' => 2
+        "#{url}?author=1" => 1,
+        "#{url}?author=2" => 2
       )
     end
   end

spec/app/finders/users/author_sitemap_spec.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+describe WPScan::Finders::Users::AuthorSitemap do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Target.new(url) }
+  let(:url)        { 'http://wp.lab/' }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'author_sitemap') }
+
+  describe '#aggressive' do
+    before do
+      allow(target).to receive(:sub_dir).and_return(false)
+
+      stub_request(:get, finder.sitemap_url).to_return(body: body)
+    end
+
+    context 'when not an XML response' do
+      let(:body) { '' }
+
+      its(:aggressive) { should eql([]) }
+    end
+
+    context 'when an XML response' do
+      context 'when no usernames disclosed' do
+        let(:body) { File.read(fixtures.join('no_usernames.xml')) }
+
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when usernames disclosed' do
+        let(:body) { File.read(fixtures.join('usernames.xml')) }
+
+        it 'returns the expected array of users' do
+          users = finder.aggressive
+
+          expect(users.size).to eql 2
+
+          expect(users.first.username).to eql 'admin'
+          expect(users.first.confidence).to eql 100
+          expect(users.first.interesting_entries).to eql ['http://wp.lab/wp-sitemap-users-1.xml']
+
+          expect(users.last.username).to eql 'author'
+          expect(users.last.confidence).to eql 100
+          expect(users.last.interesting_entries).to eql ['http://wp.lab/wp-sitemap-users-1.xml']
+        end
+      end
+    end
+  end
+end

spec/app/finders/users_spec.rb

@@ -8,7 +8,7 @@ describe WPScan::Finders::Users::Base do
   describe '#finders' do
     it 'contains the expected finders' do
       expect(user.finders.map { |f| f.class.to_s.demodulize })
-        .to eq %w[AuthorPosts WpJsonApi OembedApi RSSGenerator YoastSeoAuthorSitemap
+        .to eq %w[AuthorPosts WpJsonApi OembedApi RSSGenerator AuthorSitemap YoastSeoAuthorSitemap
                   AuthorIdBruteForcing LoginErrorMessages]
     end
   end

spec/app/finders/wp_version/readme_spec.rb

@@ -5,7 +5,7 @@ describe WPScan::Finders::WpVersion::Readme do
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
   let(:fixtures)   { FINDERS_FIXTURES.join('wp_version', 'readme') }
-  let(:readme_url) { url + 'readme.html' }
+  let(:readme_url) { "#{url}readme.html" }
 
   describe '#aggressive' do
     before { stub_request(:get, readme_url).to_return(body: File.read(fixtures.join(file))) }

spec/app/models/plugin_spec.rb

@@ -202,11 +202,11 @@ describe WPScan::Model::Plugin do
           [
             WPScan::Vulnerability.new(
               'First Vuln <= 6.3.10 - LFI',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
             ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
           ]
         end
 

spec/app/models/theme_spec.rb

@@ -41,6 +41,12 @@ describe WPScan::Model::Theme do
       its(:style_uri)   { should eql 'http://www.elegantthemes.com/gallery/divi/' }
       its(:license_uri) { should eql 'http://www.gnu.org/licenses/gpl-2.0.html' }
     end
+
+    context 'when no tags' do
+      let(:fixture) { fixtures.join('no_tags.css') }
+
+      its(:author) { should eql nil }
+    end
   end
 
   describe '#version' do
@@ -224,11 +230,11 @@ describe WPScan::Model::Theme do
           [
             WPScan::Vulnerability.new(
               'First Vuln',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
             ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
           ]
         end
 

spec/app/models/wp_version_spec.rb

@@ -55,31 +55,15 @@ describe WPScan::Model::WpVersion do
         expect(version).to be_vulnerable
       end
 
-      let(:all_vulns) do
-        [
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 1',
-            { wpvulndb: '1' },
-            'SQLI'
-          ),
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 2',
-            { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
-            nil,
-            '3.8.2'
-          )
-        ]
-      end
-
       context 'when a signle vuln' do
-        let(:number) { '3.8.1' }
+        let(:number) { '3.8' }
         let(:db_data) { vuln_api_data_for('wordpresses/38') }
 
         it 'returns the expected result' do
           @expected = [WPScan::Vulnerability.new(
             'WP 3.8 - Vuln 1',
-            { url: %w[url-4], wpvulndb: '3' },
-            'AUTHBYPASS'
+            references: { url: %w[url-4], wpvulndb: '3' },
+            type: 'AUTHBYPASS'
           )]
         end
       end
@@ -92,14 +76,14 @@ describe WPScan::Model::WpVersion do
           @expected = [
             WPScan::Vulnerability.new(
               'WP 3.8.1 - Vuln 1',
-              { wpvulndb: '1' },
-              'SQLI'
+              references: { wpvulndb: '1' },
+              type: 'SQLI',
+              cvss: { score: '5.4', vector: 'VECTOR' }
             ),
             WPScan::Vulnerability.new(
               'WP 3.8.1 - Vuln 2',
-              { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
-              nil,
-              '3.8.2'
+              references: { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
+              fixed_in: '3.8.2'
             )
           ]
         end

spec/fixtures/db/vuln_api/wordpresses/381.json

@@ -9,7 +9,11 @@
       "id" : 1,
       "vuln_type" : "SQLI",
       "published_date" : null,
-      "fixed_in" : null
+      "fixed_in" : null,
+      "cvss": {
+        "score": "5.4",
+        "vector": "VECTOR"
+      }
      },
      {
       "references" : {

spec/fixtures/dynamic_finders/plugin_version/24liveblog/composer_file/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "liveblog24-live-blogging-tool-cgb-guten-block",
+  "version": "2.0",
+  "private": true,
+  "scripts": {
+    "start": "cgb-scripts start",
+    "build": "cgb-scripts build",
+    "eject": "cgb-scripts eject"
+  },
+  "dependencies": {
+    "cgb-scripts": "1.23.0"
+  }
+}

spec/fixtures/dynamic_finders/plugin_version/abandoned-contact-form-7/translation_file/languages/abandoned-forms-contact-form-7.pot

@@ -0,0 +1,338 @@
+# Copyright (C) 2020 ZealousWeb Technologies
+# This file is distributed under the same license as the Abandoned Contact Form 7 plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Abandoned Contact Form 7 1.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/abandoned-forms-contact-form-7\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2020-08-17T07:23:53+02:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.4.0\n"
+"X-Domain: cf7-abandoned-form\n"
+
+#. Plugin Name of the plugin
+msgid "Abandoned Contact Form 7"
+msgstr ""
+
+#. Description of the plugin
+msgid "Abandoned Contact Form 7 provides an ability to track the data from Contact Form 7 even if the user does not submit the form."
+msgstr ""
+
+#. Author of the plugin
+msgid "ZealousWeb Technologies"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://www.zealousweb.com"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:112
+msgid "Form Data"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:113
+#: inc/admin/class.cf7af.admin.action.php:508
+msgid "User Email"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:114
+#: inc/admin/class.cf7af.admin.action.php:515
+msgid "User IP"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:115
+msgid "is Enable Send Mail"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:116
+msgid "Number of Send Mail"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:117
+#: inc/admin/class.cf7af.admin.filter.php:227
+msgid "Submitted Date"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:169
+#: inc/admin/class.cf7af.admin.action.php:541
+msgid "Yes"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:170
+#: inc/admin/class.cf7af.admin.action.php:542
+msgid "No"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:219
+msgid "Abandoned Form Data"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:288
+#: inc/admin/class.cf7af.admin.action.php:552
+msgid "Action"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:290
+msgid "To enable this button please allow mail notification from detail page"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:291
+msgid "Disable"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:381
+msgid "Select Forms"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:387
+msgid "Export CSV"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:424
+#: inc/admin/class.cf7af.admin.action.php:425
+#: inc/admin/template/cf7af.notification.settings.template.php:34
+msgid "Mail Notification Settings"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:433
+#: inc/admin/class.cf7af.admin.action.php:434
+#: inc/admin/class.cf7af.admin.action.php:549
+#: inc/admin/class.cf7af.admin.filter.php:224
+msgid "Send Mail"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:451
+msgid "Please select form to export."
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:466
+msgid "No Abandoned data Found"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:501
+msgid "CF7 Form Name"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:522
+msgid "Other Form Detail"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.action.php:538
+msgid "Disable Mail Notification"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.filter.php:92
+msgid "Abandoned Form Settings"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.filter.php:222
+msgid "Abandoned User's Email"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.filter.php:223
+msgid "IP Address"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.filter.php:225
+msgid "Number of Emails Sent"
+msgstr ""
+
+#: inc/admin/class.cf7af.admin.filter.php:226
+msgid "Fail Counter"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:13
+#: inc/admin/template/cf7af.send.mail.template.php:37
+msgid "Nonce check failed."
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:26
+msgid "Settings saved."
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:28
+msgid "Settings are not saved."
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:36
+#: inc/admin/template/cf7af.send.mail.template.php:96
+msgid "Use {email} to insert the email into the mail body"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:37
+#: inc/admin/template/cf7af.send.mail.template.php:97
+msgid "Use {contact_form} to insert the form name into the mail body"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:38
+#: inc/admin/template/cf7af.send.mail.template.php:98
+msgid "Use {link} to insert the page contact link into the mail body"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:61
+#: inc/admin/template/cf7af.send.mail.template.php:175
+msgid "Subject"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:80
+#: inc/admin/template/cf7af.send.mail.template.php:196
+msgid "Email Body"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:101
+msgid "Save"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:114
+msgid "<h3>Subject</h3><p>Please enter the subject for send mail.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.notification.settings.template.php:116
+msgid "<h3>Email Body </h3><p>It's a body content of mail which reflect on sent mail.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:73
+msgid "Error on Send Mail."
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:84
+msgid "Send Mail Suceessfully to Abandoned User."
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:86
+msgid "Mail has not send."
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:92
+msgid "Send Mail to Abandoned User Entry"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:120
+msgid "User Email Address (To)"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:139
+msgid "From Name"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:157
+msgid "From Email Address"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:212
+msgid "Send"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:226
+msgid "<h3>User Email Address (To)</h3><p>This is an Abandoned user&apos;s email ID which will receive the email.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:228
+msgid "<h3>From Name</h3><p>This is a default  &apos;Name&apos; which is get from website general settings but if you use SMTP settings then From Name used from SMTP settings page.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:230
+msgid "<h3>From Email Address</h3><p>This is a default &apos;Email Address&apos; which is get from website general settings but if you use SMTP settings then From Email used from SMTP settings page.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:232
+msgid "<h3>Subject</h3><p>This is the subject which is used in email.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.send.mail.template.php:234
+msgid "<h3>Email Body</h3><p>This is an email body content which are reflect on email body.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.template.php:23
+msgid "Enable Abandoned"
+msgstr ""
+
+#: inc/admin/template/cf7af.template.php:34
+#: inc/admin/template/cf7af.template.php:41
+msgid "Select Email Field"
+msgstr ""
+
+#: inc/admin/template/cf7af.template.php:67
+msgid "<h3>Enable/Disable Abandoned</h3><p>You can enable/disable Abandoned form functionality.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7af.template.php:69
+msgid "<h3>Select Email Field</h3><p>Select the email field for tracking Abandoned user</p>"
+msgstr ""
+
+#: inc/class.cf7af.php:92
+msgid "Support"
+msgstr ""
+
+#: inc/class.cf7af.php:94
+msgid "Document"
+msgstr ""
+
+#: inc/class.cf7af.php:345
+#: inc/class.cf7af.php:356
+msgid "Abandoned Users"
+msgstr ""
+
+#: inc/class.cf7af.php:346
+msgid "Abandoned User Detail"
+msgstr ""
+
+#: inc/class.cf7af.php:347
+msgid "All Abandoned Users"
+msgstr ""
+
+#: inc/class.cf7af.php:348
+msgid "Edit Abandoned User"
+msgstr ""
+
+#: inc/class.cf7af.php:349
+msgid "Search Abandoned User"
+msgstr ""
+
+#: inc/class.cf7af.php:350
+msgid "View Abandoned User"
+msgstr ""
+
+#: inc/class.cf7af.php:351
+msgid "No Abandoned User found"
+msgstr ""
+
+#: inc/class.cf7af.php:352
+msgid "No Abandoned User found in Trash"
+msgstr ""
+
+#: inc/class.cf7af.php:400
+msgid "You are so close!"
+msgstr ""
+
+#: inc/class.cf7af.php:402
+msgid "Hello"
+msgstr ""
+
+#: inc/class.cf7af.php:403
+msgid "Contact into:"
+msgstr ""
+
+#: inc/class.cf7af.php:404
+msgid "We noticed you left something behind."
+msgstr ""
+
+#: inc/class.cf7af.php:405
+msgid "No need to worry, you can still visit the page from where you left accidentally."
+msgstr ""
+
+#: inc/class.cf7af.php:406
+msgid "Use the following link to make submissions."
+msgstr ""
+
+#: inc/class.cf7af.php:408
+msgid "Thanks!"
+msgstr ""
+
+#: inc/class.cf7af.php:424
+msgid "<b>Abandoned Contact Form 7 :</b> Contact Form 7 is not active! Please install <a target=\"_blank\" href=\"https://wordpress.org/plugins/contact-form-7/\">Contact Form 7</a>."
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/accept-2checkout-payments-using-contact-form-7/translation_file/languages/accept-2checkout-payments-using-contact-form-7.pot

@@ -0,0 +1,426 @@
+# Copyright (C) 2020 ZealousWeb Technologies
+# This file is distributed under the same license as the Accept 2Checkout Payments Using Contact Form 7 plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Accept 2Checkout Payments Using Contact Form 7 1.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/accept-2checkout-payments-using-contact-form-7-free\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2020-10-21T15:36:36+02:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.4.0\n"
+"X-Domain: accept-2checkout-payments-using-contact-form-7\n"
+
+#. Plugin Name of the plugin
+msgid "Accept 2Checkout Payments Using Contact Form 7"
+msgstr ""
+
+#. Description of the plugin
+msgid "This plugin will integrate 2checkout payment gateway for making your payments through Contact Form 7."
+msgstr ""
+
+#. Author of the plugin
+msgid "ZealousWeb Technologies"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://www.zealousweb.com"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.action.php:81
+msgid "From Data"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.action.php:82
+#: inc/admin/class.cf72ch.admin.action.php:329
+msgid "Do you need help for configuration?"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.action.php:283
+msgid "Select Forms"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:53
+msgid "2checkout"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:101
+#: inc/admin/template/cf72ch.template.php:114
+msgid "Document Link"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:104
+msgid "Support Link"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:140
+msgid "Invoice ID"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:141
+msgid "Order ID"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:142
+msgid "Transaction Status"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:143
+msgid "Total Amount"
+msgstr ""
+
+#: inc/admin/class.cf72ch.admin.filter.php:144
+msgid "Submitted Date"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:79
+msgid "Sandbox"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:80
+msgid "Live"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:113
+msgid "To use 2Checkout option, first you need to create and save form tags."
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:123
+msgid "Enable/Disable"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:133
+msgid "Enable Debug Mode"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:143
+msgid "Payment Mode "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:160
+msgid "2Checkout Order Item Name *"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:171
+msgid "Merchant Code "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:182
+msgid "Secret Key "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:193
+msgid "Amount Field Name "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:199
+msgid "Select field name for amount"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:212
+msgid "Quantity Field Name (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:218
+msgid "Select field name for quantity"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:231
+msgid "Customer Email "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:237
+msgid "Select field name for customer email"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:251
+msgid "Select Currency"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:270
+msgid "Return Success URL (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:276
+#: inc/admin/template/cf72ch.template.php:296
+msgid "Select page"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:290
+msgid "Return Cancel URL (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:314
+msgid "Customer Billing Details"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:323
+msgid "Billing First Name Field "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:329
+msgid "Select field name for billing first name"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:342
+msgid "Billing Last Name Field "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:348
+msgid "Select field name for billing last name"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:361
+msgid "Billing Address Field "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:367
+msgid "Select field name for billing address"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:380
+msgid "Billing City Field "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:386
+msgid "Select field name for billing city name"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:399
+msgid "Billing State Field "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:405
+msgid "Select field name for billing state name"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:418
+msgid "Billing Zipcode Field "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:424
+msgid "Select field name for billing Zipcode name"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:438
+msgid "Billing Country Field "
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:444
+msgid "Select field name for billing country name"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:479
+msgid "<h3>Merchant Code</h3><p>Get Merchant Code from <a href=\"#\" target=\"_blank\">here</a></p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:483
+msgid "<h3>Order Item Name</h3><p>Set Order Item Name</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:487
+msgid "<h3>Secret Key</h3><p>Get Secret Key from <a href=\"#\" target=\"_blank\">here</a></p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:491
+msgid "<h3>Select Currency</h3><p>Select the currency.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:495
+msgid "<h3>Amount Field</h3><p>Select field from where amount value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:499
+msgid "<h3>Quantity Field</h3><p>Select field from where quantity value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:503
+msgid "<h3>Customer Email Field</h3><p>Select field from where customer email value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:507
+msgid "<h3>Success Return URL Field </h3><p>Select page and redirect customer after succesfully payment done.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:511
+msgid "<h3>Cancel Return URL Field  </h3><p>Select page and redirect customer after cancel payment process or payment not done.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:515
+msgid "<h3>Billing First Name Field</h3><p>Select field from where billing first name value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:519
+msgid "<h3>Billing Last Name Field</h3><p>Select field from where billing last name value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:523
+msgid "<h3>Billing Address Field</h3><p>Select field from where billing address value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:527
+msgid "<h3>Billing City Field</h3><p>Select field from where billing city value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:531
+msgid "<h3>Billing State Field</h3><p>Select field from where billing state value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:535
+msgid "<h3>Billing ZipCode Field</h3><p>Select field from where billing zipcode value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/admin/template/cf72ch.template.php:539
+msgid "<h3>Billing Country Field</h3><p>Select field from where billing country value needs to be retrieved.</p><p><b>Note: </b> Save the FORM details to view the list of fields.</p>"
+msgstr ""
+
+#: inc/class.cf72ch.php:108
+msgid "<strong><a href=\"https://wordpress.org/plugins/contact-form-7/\" target=\"_blank\">Contact Form 7</a></strong> is required to use <strong>%s</strong>."
+msgstr ""
+
+#: inc/class.cf72ch.php:135
+#: inc/class.cf72ch.php:136
+#: inc/class.cf72ch.php:141
+msgid "2Checkout Payment Details"
+msgstr ""
+
+#: inc/class.cf72ch.php:137
+msgid "Transaction Detail"
+msgstr ""
+
+#: inc/class.cf72ch.php:182
+msgid "2Checkout"
+msgstr ""
+
+#: inc/class.cf72ch.php:189
+msgid "2Checkout Country"
+msgstr ""
+
+#: inc/class.cf72ch.php:292
+msgid "Generate a form-tag for to display 2Checkout payment form"
+msgstr ""
+
+#: inc/class.cf72ch.php:301
+#: inc/class.cf72ch.php:353
+msgid "Name"
+msgstr ""
+
+#: inc/class.cf72ch.php:317
+#: inc/class.cf72ch.php:368
+msgid "Insert Tag"
+msgstr ""
+
+#: inc/class.cf72ch.php:324
+#: inc/class.cf72ch.php:375
+msgid "To use the value input through this field in a mail field, you need to insert the corresponding mail-tag (%s) into the field on the Mail tab."
+msgstr ""
+
+#: inc/class.cf72ch.php:344
+msgid "Generate a form-tag for to display 2Checkout Country"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:232
+msgid "2checkout creadit card info not there, please contact admin"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:241
+msgid "2checkout API credentials are missing"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:249
+msgid "Account not configured properly, please contact admin"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:599
+#: inc/lib/class.cf72ch.lib.php:612
+msgid "Due to Some technical issue, please try again!"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:653
+msgid "Response :"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:665
+msgid "Payment Successfully Done."
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:667
+msgid "Payment is in process from 2 checkout side."
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:672
+msgid "Transaction Amount :"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:676
+msgid "Invoice No :"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:680
+msgid "Payment Status :"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:720
+#: inc/lib/class.cf72ch.lib.php:1319
+#: inc/lib/class.cf72ch.lib.php:1353
+msgid "Card Number"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:723
+msgid "Expiry Date And Year"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:726
+#: inc/lib/class.cf72ch.lib.php:1328
+#: inc/lib/class.cf72ch.lib.php:1384
+msgid "CVV"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:729
+msgid "Correct CVV Number"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:732
+#: inc/lib/class.cf72ch.lib.php:1331
+#: inc/lib/class.cf72ch.lib.php:1344
+msgid "Card Holder Name"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:735
+msgid "Correct Expiry Month And Year"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:793
+msgid "One or more fields have an error. Please check and try again."
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:801
+msgid "Please enter amount or valid amount."
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:803
+msgid "The field is required."
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:1316
+msgid "Card Verification Number (CVV)"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:1322
+msgid "MM"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:1325
+msgid "YY"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:1334
+msgid "Pay via 2Checkout. Accept Credit Cards, Debit Cards"
+msgstr ""
+
+#: inc/lib/class.cf72ch.lib.php:1363
+msgid "Expiration Date"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/accept-authorize-net-payments-using-contact-form-7/translation_file/languages/contact-form-7-authorize-net-addon.pot

@@ -0,0 +1,232 @@
+# Copyright (C) 2019 ZealousWeb Technologies
+# This file is distributed under the same license as the Contact Form 7 - Authorize.NET Add-on plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Contact Form 7 - Authorize.NET Add-on 1.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/contact-form-7-authorize-net-addon\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-08-26T13:43:18+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.2.0\n"
+"X-Domain: contact-form-7-authorize-net-addon\n"
+
+#. Plugin Name of the plugin
+msgid "Contact Form 7 - Authorize.NET Add-on"
+msgstr ""
+
+#. Description of the plugin
+msgid "This plugin will integrate Authorize.NET payment gateway for making your payments through Contact Form 7."
+msgstr ""
+
+#. Author of the plugin
+msgid "ZealousWeb Technologies"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://www.zealousweb.com"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.action.php:213
+msgid "From Data"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.action.php:214
+msgid "Do you need help for configuration?"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.action.php:390
+msgid "All Forms"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.action.php:438
+msgid "Please select Form to export."
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:113
+msgid "Enable Authorize.Net Payment Form"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:123
+msgid "Enable Test API Mode"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:134
+msgid "Enable Debug Mode"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:144
+msgid "Sandbox Login ID (required)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:155
+msgid "Sandbox Transaction Key (required)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:166
+msgid "Live Login ID (required)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:177
+msgid "Live Transaction Key (required)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:188
+msgid "Amount Field Name (required)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:199
+msgid "Quantity Field Name (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:209
+msgid "Customer Email Field Name (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:219
+msgid "Description Field Name (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:229
+msgid "Select Currency"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:248
+msgid "Success Return URL (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:253
+#: inc/admin/template/cf7adn.template.php:272
+msgid "Select page"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:267
+msgid "Cancel Return URL (Optional)"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:295
+msgid "Customer Details"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:304
+msgid "First Name"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:314
+msgid "Last Name"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:324
+msgid "Company Name"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:334
+msgid "Address"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:344
+msgid "City"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:354
+msgid "State"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:364
+msgid "Zip Code"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:374
+msgid "Country"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:416
+msgid "<h3>Sandbox mode</h3><p>Check the Authorize.Net testing guide <a href=\"https://developer.authorize.net/hello_world/testing_guide/\" target=\"_blank\">here</a>.This will display \"sandbox mode\" warning on checkout.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:429
+msgid "<h3>Get Your Sandbox Login ID</h3><p>Get it from <a href=\"https://sandbox.authorize.net\" target=\"_blank\"> Sandbox Authorize.net</a> then <strong> Account > Security Settings > API  Credentials & Keys </strong> page  in your Authorize.Net account.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:442
+msgid "<h3>Get Your Sandbox Transaction Key</h3><p>Get it from <a href=\"https://sandbox.authorize.net\" target=\"_blank\"> Sandbox Authorize.net</a> then <strong>Account > Security Settings > API Credentials & Keys </strong> page in your Authorize.Net account. For security reasons, you cannot view your Transaction Key, but you will be able to generate a new one. </p>"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:455
+msgid "<h3>Get Your Live Login ID</h3><p>Get it from <a href=\"https://account.authorize.net\" target=\"_blank\">Authorize.net</a> then <strong>Account > Security Settings > API Credentials & Keys </strong> page  in your Authorize.Net account.</p>"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:468
+msgid "<h3>Get Your Live Transaction Key</h3><p>Get it from <a href=\"https://account.authorize.net\" target=\"_blank\">Authorize.net</a> then <strong> Account > Security Settings > API Credentials & Keys </strong> page in your Authorize.Net account. For security reasons, you cannot view your Transaction Key, but you will be able to generate a new one. </p>"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:481
+msgid "<h3>Add Amount Name</h3><p>Add here the Name of amount field</p>"
+msgstr ""
+
+#: inc/admin/template/cf7adn.template.php:494
+msgid "<h3>Select Currency</h3><p>Select the currency which is selected from your authorize.net merchant account.<br/><strong>Note:</strong>Authorize.net dont provide multiple currencies for single account</p>"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.filter.php:55
+#: inc/class.cf7adn.php:95
+msgid "Authorize.Net"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.filter.php:114
+msgid "Form ID"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.filter.php:115
+msgid "Transaction Status"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.filter.php:116
+msgid "Total Amount"
+msgstr ""
+
+#: inc/admin/class.cf7adn.admin.filter.php:117
+msgid "Submitted Date"
+msgstr ""
+
+#: inc/lib/class.cf7adn.lib.php:564
+#: inc/lib/class.cf7adn.lib.php:569
+msgid "Something goes wrong! Please try again."
+msgstr ""
+
+#: inc/lib/class.cf7adn.lib.php:608
+msgid "Transaction Amount :"
+msgstr ""
+
+#: inc/lib/class.cf7adn.lib.php:612
+msgid "Payment Status :"
+msgstr ""
+
+#: inc/lib/class.cf7adn.lib.php:616
+msgid "Transaction Id :"
+msgstr ""
+
+#: inc/lib/class.cf7adn.lib.php:625
+msgid "ERROR :  Invalid response"
+msgstr ""
+
+#: inc/lib/class.cf7adn.lib.php:628
+msgid "Response :"
+msgstr ""
+
+#: inc/class.cf7adn.php:118
+#: inc/class.cf7adn.php:119
+#: inc/class.cf7adn.php:123
+msgid "Authorize.Net Add-on"
+msgstr ""
+
+#: inc/class.cf7adn.php:271
+msgid "Button Name"
+msgstr ""
+
+#: inc/class.cf7adn.php:272
+msgid "Make Payment"
+msgstr ""