Bumps version

README.md

@@ -130,6 +130,11 @@ cli_options:
   api_token: YOUR_API_TOKEN
 ```
 
+## Load APi Token From ENV
+
+The API Token will be automatically loaded from the ENV variable `WPSCAN_API_TOKEN` if present. If the `--api-token` CLI option is also provided, the value from the CLI will be used.
+
+
 ## Enumerating usernames
 
 ```shell

app/controllers/vuln_api.rb

@@ -4,6 +4,8 @@ module WPScan
   module Controller
     # Controller to handle the API token
     class VulnApi < CMSScanner::Controller::Base
+      ENV_KEY = 'WPSCAN_API_TOKEN'
+
       def cli_options
         [
           OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
@@ -11,9 +13,9 @@ module WPScan
       end
 
       def before_scan
-        return unless ParsedCli.api_token
+        return unless ParsedCli.api_token || ENV.key?(ENV_KEY)
 
-        DB::VulnApi.token = ParsedCli.api_token
+        DB::VulnApi.token = ParsedCli.api_token || ENV[ENV_KEY]
 
         api_status = DB::VulnApi.status
 

app/finders/interesting_findings/backup_db.rb

@@ -16,8 +16,7 @@ module WPScan
             target.url(path),
             confidence: 70,
             found_by: DIRECT_ACCESS,
-            interesting_entries: target.directory_listing_entries(path),
+            interesting_entries: target.directory_listing_entries(path)
-            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
           )
         end
       end

app/finders/interesting_findings/debug_log.rb

@@ -11,11 +11,7 @@ module WPScan
 
           return unless target.debug_log?(path)
 
-          Model::DebugLog.new(
+          Model::DebugLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
-            target.url(path),
-            confidence: 100, found_by: DIRECT_ACCESS,
-            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
-          )
         end
       end
     end

app/finders/interesting_findings/duplicator_installer_log.rb

@@ -11,12 +11,7 @@ module WPScan
 
           return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
 
-          Model::DuplicatorInstallerLog.new(
+          Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
-          )
         end
       end
     end

app/finders/interesting_findings/emergency_pwd_reset_script.rb

@@ -15,10 +15,7 @@ module WPScan
           Model::EmergencyPwdResetScript.new(
             target.url(path),
             confidence: /password/i.match?(res.body) ? 100 : 40,
-            found_by: DIRECT_ACCESS,
+            found_by: DIRECT_ACCESS
-            references: {
-              url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
-            }
           )
         end
       end

app/finders/interesting_findings/full_path_disclosure.rb

@@ -16,8 +16,7 @@ module WPScan
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries,
+            interesting_entries: fpd_entries
-            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
           )
         end
       end

app/finders/interesting_findings/mu_plugins.rb

@@ -16,13 +16,7 @@ module WPScan
 
             target.mu_plugins = true
 
-            return Model::MuPlugins.new(
+            return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)')
-              url,
-              confidence: 70,
-              found_by: 'URLs In Homepage (Passive Detection)',
-              to_s: "This site has 'Must Use Plugins': #{url}",
-              references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-            )
           end
           nil
         end
@@ -37,13 +31,7 @@ module WPScan
 
           target.mu_plugins = true
 
-          Model::MuPlugins.new(
+          Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS)
-            url,
-            confidence: 80,
-            found_by: DIRECT_ACCESS,
-            to_s: "This site has 'Must Use Plugins': #{url}",
-            references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
-          )
         end
       end
     end

app/finders/interesting_findings/multisite.rb

@@ -17,13 +17,7 @@ module WPScan
 
           target.multisite = true
 
-          Model::Multisite.new(
+          Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS)
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: 'This site seems to be a multisite',
-            references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
-          )
         end
       end
     end

app/finders/interesting_findings/registration.rb

@@ -20,12 +20,7 @@ module WPScan
 
           target.registration_enabled = true
 
-          Model::Registration.new(
+          Model::Registration.new(res.effective_url, confidence: 100, found_by: DIRECT_ACCESS)
-            res.effective_url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Registration is enabled: #{res.effective_url}"
-          )
         end
       end
     end

app/finders/interesting_findings/tmm_db_migrate.rb

@@ -13,12 +13,7 @@ module WPScan
 
           return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
 
-          Model::TmmDbMigrate.new(
+          Model::TmmDbMigrate.new(url, confidence: 100, found_by: DIRECT_ACCESS)
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            references: { packetstorm: 131_957 }
-          )
         end
       end
     end

app/finders/interesting_findings/upload_directory_listing.rb

@@ -13,12 +13,7 @@ module WPScan
 
           url = target.url(path)
 
-          Model::UploadDirectoryListing.new(
+          Model::UploadDirectoryListing.new(url, confidence: 100, found_by: DIRECT_ACCESS)
-            url,
-            confidence: 100,
-            found_by: DIRECT_ACCESS,
-            to_s: "Upload directory has listing enabled: #{url}"
-          )
         end
       end
     end

app/finders/interesting_findings/upload_sql_dump.rb

@@ -14,11 +14,7 @@ module WPScan
 
           return unless SQL_PATTERN.match?(res.body)
 
-          Model::UploadSQLDump.new(
+          Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
-            target.url(path),
-            confidence: 100,
-            found_by: DIRECT_ACCESS
-          )
         end
       end
     end

app/finders/interesting_findings/wp_cron.rb

@@ -11,17 +11,7 @@ module WPScan
 
           return unless res.code == 200
 
-          Model::WPCron.new(
+          Model::WPCron.new(wp_cron_url, confidence: 60, found_by: DIRECT_ACCESS)
-            wp_cron_url,
-            confidence: 60,
-            found_by: DIRECT_ACCESS,
-            references: {
-              url: [
-                'https://www.iplocation.net/defend-wordpress-from-ddos',
-                'https://github.com/wpscanteam/wpscan/issues/1299'
-              ]
-            }
-          )
         end
 
         def wp_cron_url

app/models/interesting_finding.rb

@@ -8,45 +8,110 @@ module WPScan
     end
 
     #
-    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
+    # Some classes are empty for the #type to be correctly displayed (as taken from the self.class from the parent)
     #
     class BackupDB < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://github.com/wpscanteam/wpscan/issues/422'] }
+      end
     end
 
     class DebugLog < InterestingFinding
+      # @ return [ Hash ]
+      def references
+        @references ||= { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
+      end
     end
 
     class DuplicatorInstallerLog < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.exploit-db.com/ghdb/3981/'] }
+      end
     end
 
     class EmergencyPwdResetScript < InterestingFinding
+      def references
+        @references ||= {
+          url: ['https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script']
+        }
+      end
     end
 
     class FullPathDisclosure < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['https://www.owasp.org/index.php/Full_Path_Disclosure'] }
+      end
     end
 
     class MuPlugins < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "This site has 'Must Use Plugins': #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Must_Use_Plugins'] }
+      end
     end
 
     class Multisite < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'This site seems to be a multisite'
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= { url: ['http://codex.wordpress.org/Glossary#Multisite'] }
+      end
     end
 
     class Readme < InterestingFinding
     end
 
     class Registration < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Registration is enabled: #{url}"
+      end
     end
 
     class TmmDbMigrate < InterestingFinding
+      # @return [ Hash ]
+      def references
+        @references ||= { packetstorm: [131_957] }
+      end
     end
 
     class UploadDirectoryListing < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Upload directory has listing enabled: #{url}"
+      end
     end
 
     class UploadSQLDump < InterestingFinding
     end
 
     class WPCron < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "The external WP-Cron seems to be enabled: #{url}"
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= {
+          url: [
+            'https://www.iplocation.net/defend-wordpress-from-ddos',
+            'https://github.com/wpscanteam/wpscan/issues/1299'
+          ]
+        }
+      end
     end
   end
 end

app/models/xml_rpc.rb

@@ -8,7 +8,7 @@ module WPScan
 
       # @return [ Hash ]
       def references
-        {
+        @references ||= {
           url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
           metasploit: [
             'auxiliary/scanner/http/wordpress_ghost_scanner',

lib/wpscan/db/updater.rb

@@ -148,7 +148,7 @@ module WPScan
             create_backup(filename)
             dl_checksum = download(filename)
 
-            raise "#{filename}: checksums do not match" unless dl_checksum == db_checksum
+            raise Error::ChecksumsMismatch, filename unless dl_checksum == db_checksum
 
             updated << filename
           rescue StandardError => e

lib/wpscan/errors/update.rb

@@ -8,5 +8,17 @@ module WPScan
         'Update required, you can not run a scan if a database file is missing.'
       end
     end
+
+    class ChecksumsMismatch < Standard
+      attr_reader :db_file
+
+      def initialize(db_file)
+        @db_file = db_file
+      end
+
+      def to_s
+        "#{db_file}: checksums do not match. Please try again in a few minutes."
+      end
+    end
   end
 end

lib/wpscan/target/platform/wordpress.rb

@@ -48,7 +48,7 @@ module WPScan
         # @param [ Typhoeus::Response ] response
         # @return [ Boolean ]
         def wordpress_from_meta_comments_or_scripts?(response)
-          in_scope_uris(response, '//link/@href|//script/@src|//img/@src') do |uri|
+          in_scope_uris(response, '//link/@href|//script/@src') do |uri|
             return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
           end
 

lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.7.9'
+  VERSION = '3.7.10'
 end

spec/app/controllers/vuln_api_spec.rb

@@ -74,20 +74,40 @@ describe WPScan::Controller::VulnApi do
           context 'when limited requests' do
             let(:requests) { 100 }
 
-            it 'does not raise an error' do
+            it 'sets the token and does not raise an error' do
               expect { controller.before_scan }.to_not raise_error
+
+              expect(WPScan::DB::VulnApi.token).to eql 'token'
             end
 
             context 'when unlimited requests' do
               let(:requests) { 'Unlimited' }
 
-              it 'does not raise an error' do
+              it 'sets the token and does not raise an error' do
                 expect { controller.before_scan }.to_not raise_error
+
+                expect(WPScan::DB::VulnApi.token).to eql 'token'
               end
             end
           end
         end
       end
     end
+
+    context 'when token in ENV' do
+      before do
+        ENV[described_class::ENV_KEY] = 'token-from-env'
+
+        expect(WPScan::DB::VulnApi)
+          .to receive(:status)
+          .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 'Unlimited')
+      end
+
+      it 'sets the token and does not raise an error' do
+        expect { controller.before_scan }.to_not raise_error
+
+        expect(WPScan::DB::VulnApi.token).to eql 'token-from-env'
+      end
+    end
   end
 end

spec/fixtures/db/dynamic_finders.yml

@@ -35,6 +35,17 @@ wordpress:
     xpath: //meta[@name="generator"]/@content
     pattern: !ruby/regexp /wordPress (?<v>\d+\.[\.\d]+)/i
     version: true
+  StyleEtag:
+    class: HeaderPattern
+    header: Etag
+    pattern: !ruby/regexp /(?<v>\d+\.[\.\d]+)/i
+    path: wp-admin/load-styles.php
+    version: true
+  ScriptEtag:
+    class: HeaderPattern
+    header: Etag
+    pattern: !ruby/regexp /(?<v>\d+\.[\.\d]+)/i
+    path: wp-admin/load-scripts.php
   OpmlGenerator:
     class: Comment
     path: wp-links-opml.php
@@ -979,6 +990,9 @@ plugins:
   accessible-tag-cloud:
     Readme:
       path: readme.txt
+  accessiblewp-images:
+    Readme:
+      path: readme.txt
   accessibleyoutube:
     Readme:
       path: readme.txt
@@ -1060,6 +1074,9 @@ plugins:
   acclaim-cloud-platform:
     Readme:
       path: readme.txt
+  accommodation-system:
+    Readme:
+      path: readme.txt
   accordion-and-accordion-slider:
     QueryParameter:
       files:
@@ -2376,6 +2393,9 @@ plugins:
   admin-hide-tag-filter:
     Readme:
       path: readme.txt
+  admin-icons-manager:
+    Readme:
+      path: readme.txt
   admin-in-english:
     Readme:
       path: readme.txt
@@ -4504,6 +4524,13 @@ plugins:
   alter:
     Readme:
       path: readme.txt
+  altered-reality:
+    QueryParameter:
+      files:
+      - build/style.css
+      version: true
+    Readme:
+      path: readme.txt
   alternative-theme-switcher:
     Readme:
       path: readme.txt
@@ -7603,6 +7630,9 @@ plugins:
   awesome-weather:
     Readme:
       path: readme.txt
+  awesome-wp-comment-rating:
+    Readme:
+      path: readme.txt
   awesome-wp-slider:
     QueryParameter:
       files:
@@ -11363,6 +11393,9 @@ plugins:
   botblocker:
     Readme:
       path: readme.txt
+  botjuggler:
+    Readme:
+      path: readme.txt
   botmonitoring:
     QueryParameter:
       files:
@@ -11420,6 +11453,9 @@ plugins:
       path: Boxtal/BoxtalConnectWoocommerce/translation/boxtal-connect-fr_FR.po
       pattern: !ruby/regexp '/"Project\-Id\-Version: Boxtal connect (?<v>\d+\.[\.\d]+)/i'
       version: true
+  boxy-woocommerce-custom-redirect-after-checkout:
+    Readme:
+      path: README.txt
   boz-prod-woocommerce-hipay-wallet-pro:
     Readme:
       path: readme.txt
@@ -12033,6 +12069,9 @@ plugins:
   brinkin-banner-exchange:
     Readme:
       path: readme.txt
+  britetechs-companion:
+    Readme:
+      path: readme.txt
   british-embassy-finder:
     Readme:
       path: readme.txt
@@ -13009,6 +13048,14 @@ plugins:
   bunnycdn:
     Readme:
       path: readme.txt
+  bunnycdnbunnyapi:
+    Readme:
+      path: readme.txt
+    ChangeLog:
+      class: BodyPattern
+      path: changelog.txt
+      pattern: !ruby/regexp /^=(?<v>\d+\.[\.\d]+)=(?!.*=\d+\.[\.\d]+=)/mi
+      version: true
   buntify:
     Readme:
       path: readme.txt
@@ -13080,6 +13127,9 @@ plugins:
   business-hours-plugin:
     Readme:
       path: README.txt
+  business-listing-manager:
+    Readme:
+      path: README.txt
   business-master:
     Readme:
       path: readme.txt
@@ -13326,6 +13376,9 @@ plugins:
   bz9-webmaster-tools:
     Readme:
       path: readme.txt
+  c3-random-quotes:
+    Readme:
+      path: readme.txt
   c4d-woo-boost-sales:
     Readme:
       path: readme.txt
@@ -13509,6 +13562,9 @@ plugins:
       path: languages/calendarista-de_DE.po
       pattern: !ruby/regexp '/"Project\-Id\-Version: Calendarista (?<v>\d+\.[\.\d]+)/i'
       version: true
+  calendi:
+    Readme:
+      path: readme.txt
   calendrier-lunaire:
     Readme:
       path: README.txt
@@ -15431,6 +15487,9 @@ plugins:
   checkout-shipping-message-add-on-for-woocommerce:
     Readme:
       path: readme.txt
+  cheerme:
+    Readme:
+      path: readme.txt
   cheetahsender:
     Readme:
       path: readme.txt
@@ -15726,6 +15785,9 @@ plugins:
   cimy-user-manager:
     Readme:
       path: readme.txt
+  cinema-catalog:
+    Readme:
+      path: readme.txt
   cip-dtac-for-give:
     ChangeLog:
       class: BodyPattern
@@ -20875,6 +20937,9 @@ plugins:
       - public/css/customer-chat-for-facebook-public.css
       - public/js/customer-chat-for-facebook-public.js
       version: true
+  customer-email-verification-for-woocommerce:
+    Readme:
+      path: readme.txt
   customerlabs-actionrecorder:
     Readme:
       path:
@@ -21535,6 +21600,9 @@ plugins:
   dawanda-shop-plugin:
     Readme:
       path: readme.txt
+  daycounts-up-to-date:
+    Readme:
+      path: README.txt
   daylife:
     Readme:
       path: readme.txt
@@ -23054,6 +23122,9 @@ plugins:
   discordian-date:
     Readme:
       path: readme.txt
+  discordian-date-function:
+    Readme:
+      path: readme.txt
   discounts-for-thecartpress:
     Readme:
       path: readme.txt
@@ -23434,6 +23505,9 @@ plugins:
   do-you-read-widget:
     Readme:
       path: readme.txt
+  do-you-want-cookies:
+    Readme:
+      path: readme.txt
   doaj-export:
     Readme:
       path: readme.txt
@@ -26781,6 +26855,9 @@ plugins:
   embed-article:
     Readme:
       path: readme.txt
+  embed-audiobakers:
+    Readme:
+      path: readme.txt
   embed-block-for-tiktok:
     Readme:
       path: readme.txt
@@ -27373,6 +27450,9 @@ plugins:
       - public/css/epic-spinners-public.css
       - public/js/epic-spinners-public.js
       version: true
+  epicpay-woocommerce-payment-gateway:
+    Readme:
+      path: readme.txt
   epicwin-subscribers:
     Readme:
       path: readme.txt
@@ -28261,6 +28341,14 @@ plugins:
   expandable-menus:
     Readme:
       path: readme.txt
+  expandable-paywall:
+    QueryParameter:
+      files:
+      - public/css/expandable-paywall-public.css
+      - public/js/expandable-paywall-public.js
+      version: true
+    Readme:
+      path: README.txt
   expandcollapse-funk:
     Readme:
       path: readme.txt
@@ -28471,6 +28559,9 @@ plugins:
   extensions-for-elementor:
     Readme:
       path: readme.txt
+  extensions-for-pressbooks:
+    Readme:
+      path: readme.txt
   extensions-for-two-factor:
     QueryParameter:
       files:
@@ -28759,6 +28850,9 @@ plugins:
       - js/main.js
       - js/style1.js
       version: true
+  face-recognition-wp:
+    Readme:
+      path: readme.txt
   facebadge-master-wp:
     Readme:
       path: readme.txt
@@ -30909,6 +31003,24 @@ plugins:
   flower:
     Readme:
       path: readme.txt
+  flower-delivery-by-florist-one:
+    Comment:
+      xpath: //comment()[contains(., "flower-delivery-by-florist-one")]
+      pattern: !ruby/regexp /\/florist\-one\-flower\-delivery\-public\-old\-browser\.css\?ver=(?<v>\d+\.[\.\d]+)/i
+      version: true
+    QueryParameter:
+      files:
+      - public/css/slicknav.css
+      - public/css/florist-one-flower-delivery-public.css
+      - public/js/jquery.validate.js
+      - public/js/jquery.slicknav.min.js
+      - public/js/jquery.history.js
+      - public/js/resizeSensor.js
+      - public/js/elementQueries.js
+      - public/js/florist-one-flower-delivery-public.js
+      version: true
+    Readme:
+      path: README.txt
   flowpaper-lite-pdf-flipbook:
     Readme:
       path: readme.txt
@@ -31608,6 +31720,9 @@ plugins:
       version: true
     Readme:
       path: readme.txt
+  formito:
+    Readme:
+      path: readme.txt
   formlift:
     QueryParameter:
       files:
@@ -34124,6 +34239,9 @@ plugins:
   go-dark:
     Readme:
       path: readme.txt
+  go-dash:
+    Readme:
+      path: readme.txt
   go-fetch-jobs-wp-job-manager:
     TranslationFile:
       class: BodyPattern
@@ -35265,6 +35383,9 @@ plugins:
   grassblade-xapi-gamipress:
     Readme:
       path: readme.txt
+  grassblade-xapi-learnpress:
+    Readme:
+      path: readme.txt
   grassblade-xapi-wp-courseware:
     Readme:
       path: readme.txt
@@ -37084,6 +37205,9 @@ plugins:
   hide-and-catch-email:
     Readme:
       path: readme.txt
+  hide-archive-label:
+    Readme:
+      path: README.txt
   hide-categories:
     Readme:
       path: readme.txt
@@ -38337,6 +38461,12 @@ plugins:
   i-fulfilment-integration:
     Readme:
       path: readme.txt
+  i-like:
+    QueryParameter:
+      files:
+      - assets/js/i-like-ajax.js
+      - assets/js/main.js
+      version: true
   i-make-plugins:
     Readme:
       path: readme.txt
@@ -39773,6 +39903,9 @@ plugins:
   infoblast-sms-follower:
     Readme:
       path: readme.txt
+  infobvandevliet-nl:
+    Readme:
+      path: readme.txt
   infogalore-file-folders:
     QueryParameter:
       files:
@@ -42650,6 +42783,9 @@ plugins:
       - public/css/kelkoo-group-shopping-public.css
       - public/js/kelkoo-group-shopping-public.js
       version: true
+  kelkoogroup-sales-tracking:
+    Readme:
+      path: readme.txt
   keltos-tarot-plugin:
     Readme:
       path: readme.txt
@@ -43388,6 +43524,9 @@ plugins:
   kontera-official:
     Comment:
       pattern: !ruby/regexp /Kontera (?:ContentLink|Ads Inserted by Wordpress Plugin)/i
+  kontxt:
+    Readme:
+      path: README.txt
   kontxt-semantic-engine:
     Readme:
       path: README.txt
@@ -47116,6 +47255,9 @@ plugins:
   mailchimp-comment-optin:
     Readme:
       path: readme.txt
+  mailchimp-for-formcraft:
+    Readme:
+      path: readme.txt
   mailchimp-for-paypal-shopping-cart:
     Readme:
       path: readme.txt
@@ -48440,6 +48582,9 @@ plugins:
       path: i18n/languages/mg-wc-stripe.pot
       pattern: !ruby/regexp /"Project\-Id\-Version:\ mg wc Stripe (?<v>\d+\.[\.\d]+)/i
       version: true
+  mh-osoitekortti:
+    Readme:
+      path: readme.txt
   mh-pusher:
     QueryParameter:
       files:
@@ -49697,18 +49842,30 @@ plugins:
       path: changelog.txt
       pattern: !ruby/regexp /Version (?<v>\d+\.[\.\d]+)/i
       version: true
+  mycred-for-gd-star-rating:
+    Readme:
+      path: readme.txt
+  mycred-for-rating-form:
+    Readme:
+      path: readme.txt
   mycred-for-totalpoll:
     Readme:
       path: readme.txt
   mycred-for-wp-postviews:
     Readme:
       path: readme.txt
+  mycred-h5p:
+    Readme:
+      path: readme.txt
   mycred-learndash:
     Readme:
       path: readme.txt
   mycred-lifterlms-integration:
     Readme:
       path: readme.txt
+  mycred-retro:
+    Readme:
+      path: readme.txt
   myego2go-verified-login-for-woocommerce:
     QueryParameter:
       files:
@@ -50407,6 +50564,9 @@ plugins:
   ni-woocommerce-stock:
     Readme:
       path: readme.txt
+  ni-youtube-video-gallery:
+    Readme:
+      path: readme.txt
   nice-infoboxes:
     QueryParameter:
       files:
@@ -50689,6 +50849,11 @@ plugins:
       path: changelog.md
       pattern: !ruby/regexp /\#\# (?<v>\d+\.[\.\d]+)/
       version: true
+  notify-comment-reply:
+    Readme:
+      path:
+      - readme.txt
+      - README.md
   notify-connect-par-jm-crea:
     MetaTag:
       class: Xpath
@@ -51009,6 +51174,9 @@ plugins:
       files:
       - js/ow-frontend.js
       version: true
+  odise:
+    Readme:
+      path: readme.txt
   oembed-travis:
     TranslationFile:
       class: BodyPattern
@@ -51182,6 +51350,9 @@ plugins:
       path: CHANGELOG.md
       pattern: !ruby/regexp /\#\# (?<v>\d+\.[\.\d]+)/
       version: true
+  one-click-coming-soon:
+    Readme:
+      path: readme.txt
   one-click-demo-import:
     TranslationFile:
       class: BodyPattern
@@ -52275,11 +52446,17 @@ plugins:
     Readme:
       path: readme.txt
   paypal-for-woocommerce:
+    Readme:
+      path: readme.txt
     TranslationFile:
       class: BodyPattern
       path: i18n/languages/paypal-for-woocommerce-en_US.po
       pattern: !ruby/regexp /ject\-Id\-Version:\ PayPal for WooCommerce (?<v>\d+\.[\.\d]+)/i
       version: true
+    Comment:
+      xpath: //comment()[contains(., "www.angelleye.com/product/woocommerce-paypal-plugin")]
+      pattern: !ruby/regexp /installed PayPal for WooCommerce v(?<v>\d+\.[\.\d]+)/i
+      version: true
   paypal-ipn:
     QueryParameter:
       files:
@@ -52647,6 +52824,14 @@ plugins:
   photo-image-gallery:
     Readme:
       path: readme.txt
+  photo-roll:
+    QueryParameter:
+      files:
+      - public/css/instantgram-public.css
+      - public/js/instantgram-public.js
+      version: true
+    Readme:
+      path: README.txt
   photo-swipe:
     QueryParameter:
       files:
@@ -54260,6 +54445,9 @@ plugins:
   pricetable-wp:
     Readme:
       path: readme.txt
+  pricex-lite:
+    Readme:
+      path: readme.txt
   pricing-table:
     Readme:
       path: readme.txt
@@ -58118,6 +58306,9 @@ plugins:
   security-site:
     Readme:
       path: readme.txt
+  sedox-performance-vehicle-catalogue:
+    Readme:
+      path: readme.txt
   seers-cookie-consent-banner-privacy-policy:
     Readme:
       path: readme.txt
@@ -58600,6 +58791,11 @@ plugins:
       - assets/css/jquery.dropdown.min.css
       - themes/ld30/assets/js/learndash.js
       version: true
+    TranslationFile:
+      class: BodyPattern
+      path: languages/learndash.pot
+      pattern: !ruby/regexp '/Project\-Id\-Version: LearnDash LMS (?<v>\d+\.[\.\d]+)/i'
+      version: true
   sh-slideshow:
     Readme:
       path: readme.txt
@@ -58813,6 +59009,9 @@ plugins:
       version: true
     Readme:
       path: readme.txt
+  shiga-custom-login-by-corelabs:
+    Readme:
+      path: readme.txt
   shika365-payment-gateway-for-woocommerce:
     Readme:
       path: readme.txt
@@ -60395,6 +60594,9 @@ plugins:
       path: changelog.txt
       pattern: !ruby/regexp /(?<v>\d+\.[\.\d]+)/
       version: true
+  sliced-invoices-formidable-forms:
+    Readme:
+      path: README.txt
   slicewp:
     QueryParameter:
       files:
@@ -61106,6 +61308,9 @@ plugins:
       version: true
     Readme:
       path: readme.txt
+  social-photo-blocks:
+    Readme:
+      path: readme.txt
   social-pixel:
     Readme:
       path: readme.txt
@@ -61541,6 +61746,14 @@ plugins:
   split-order-for-woocommerce:
     Readme:
       path: readme.txt
+  spoken-search:
+    QueryParameter:
+      files:
+      - assets/css/ss2t.min.css
+      - assets/js/ss2t-bundle.min.js
+      version: true
+    Readme:
+      path: readme.txt
   spoken-word:
     QueryParameter:
       files:
@@ -62140,6 +62353,9 @@ plugins:
   stranger-questions-faq:
     Readme:
       path: readme.txt
+  stratum:
+    Readme:
+      path: readme.txt
   stray-quotes:
     TranslationFile:
       class: BodyPattern
@@ -62764,6 +62980,12 @@ plugins:
   sync-ac-with-wp:
     Readme:
       path: readme.txt
+  sync-post-with-other-site:
+    TranslationFile:
+      class: BodyPattern
+      path: languages/sps_text_domain-en_US.po
+      pattern: !ruby/regexp '/\-Id\-Version: Sync Post With Other Site v(?<v>\d+\.[\.\d]+)/i'
+      version: true
   sync-qcloud-cos:
     Readme:
       path: readme.txt
@@ -63290,6 +63512,9 @@ plugins:
       path: changelog.txt
       pattern: !ruby/regexp /= (?<v>\d+\.[\.\d]+) =/i
       version: true
+  templately:
+    Readme:
+      path: README.txt
   templates-add-on-woo-onepage:
     Readme:
       path: readme.txt
@@ -63836,6 +64061,9 @@ plugins:
       files:
       - css/style.css
       version: true
+  threatpoint-api:
+    Readme:
+      path: readme.txt
   three-d-cube:
     QueryParameter:
       files:
@@ -65234,6 +65462,9 @@ plugins:
   ultimate-blog-layouts:
     Readme:
       path: readme.txt
+  ultimate-bootstrap-blocks:
+    Readme:
+      path: readme.md
   ultimate-bulk-seo-noindex-nofollow:
     QueryParameter:
       files:
@@ -66588,6 +66819,11 @@ plugins:
       - css/vessel.css
       - js/vessel.js
       version: true
+  vforce-extensions:
+    Readme:
+      path:
+      - README.txt
+      - README.md
   vi-member-content:
     Readme:
       path: readme.txt
@@ -71380,6 +71616,9 @@ plugins:
   wp-add-rel-ugc-to-comments:
     Readme:
       path: readme.txt
+  wp-adf-ly-dashboard-and-integration:
+    Readme:
+      path: README.txt
   wp-admin-bar-hide-mh:
     Readme:
       path: readme.txt
@@ -71768,6 +72007,9 @@ plugins:
       files:
       - css/carousel.min.css
       version: true
+  wp-branches-for-post:
+    Readme:
+      path: README.txt
   wp-brand-identity-lite:
     TranslationFile:
       class: BodyPattern
@@ -71915,6 +72157,9 @@ plugins:
       path: languages/wp-child-theme-generator.pot
       pattern: !ruby/regexp '/ct\-Id\-Version: WP Child Theme Generator (?<v>\d+\.[\.\d]+)/i'
       version: true
+  wp-china-yes:
+    Readme:
+      path: readme.txt
   wp-chords:
     Readme:
       path: readme.txt
@@ -72676,6 +72921,9 @@ plugins:
       - assets/js/jquery-timepicker/bootstrap-datepicker.js
       - assets/js/common.min.js
       version: true
+  wp-event-partners:
+    Readme:
+      path: README.txt
   wp-eventpress:
     QueryParameter:
       files:
@@ -73598,6 +73846,11 @@ plugins:
       path: lang/wp-licenses.pot
       pattern: !ruby/regexp '/"Project\-Id\-Version: WP\-licenses (?<v>\d+\.[\.\d]+)/i'
       version: true
+  wp-light-heatmap:
+    QueryParameter:
+      files:
+      - public/css/wp_light_heatmap-public.css
+      version: true
   wp-lightbox-2:
     Readme:
       path: readme.txt
@@ -74181,11 +74434,22 @@ plugins:
       version: true
     Readme:
       path: readme.md
+  wp-notepad:
+    Readme:
+      path: readme.txt
   wp-notes-widget:
     QueryParameter:
       files:
       - public/css/wp-notes-public.css
       version: true
+  wp-notice-blocker:
+    Readme:
+      path: readme.txt
+    ComposerFile:
+      class: ConfigParser
+      path: package.json
+      key: version
+      version: true
   wp-notification-bars:
     Readme:
       path: readme.txt
@@ -75124,6 +75388,9 @@ plugins:
       path: languages/wp-seedbank.pot
       pattern: !ruby/regexp '/"Project\-Id\-Version: WP\-SeedBank (?<v>\d+\.[\.\d]+)/i'
       version: true
+  wp-sendfox:
+    Readme:
+      path: readme.txt
   wp-sendsms:
     Readme:
       path: Readme.txt

spec/fixtures/dynamic_finders/expected.yml

@@ -36,6 +36,16 @@ wordpress:
     found_by: Meta Generator (Passive Detection)
     interesting_entries:
     - 'http://wp.lab/, Match: ''WordPress 3.8.1'''
+  StyleEtag:
+    number: 3.8.1
+    found_by: Style Etag (Aggressive Detection)
+    interesting_entries:
+    - 'http://wp.lab/wp-admin/load-styles.php, Match: ''3.8.1'''
+  ScriptEtag:
+    number: 3.8.1
+    found_by: Script Etag (Aggressive Detection)
+    interesting_entries:
+    - 'http://wp.lab/wp-admin/load-scripts.php, Match: ''3.8.1'''
   OpmlGenerator:
     number: 4.0
     found_by: Opml Generator (Aggressive Detection)
@@ -2234,6 +2244,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/altapay-for-woocommerce/changelog.txt, Match:
         ''= 1.7.2'''
+  altered-reality:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/altered-reality/build/style.css?ver=1.0.0
+      confidence: 10
   altruly-simple-diy-fundraising-for-charities-and-nonprofits:
     QueryParameter:
       number: 1.0.0
@@ -6391,6 +6408,12 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess,
         Match: ''#   BULLETPROOF 2.9'''
+  bunnycdnbunnyapi:
+    ChangeLog:
+      number: 1.0.0
+      found_by: Change Log (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/bunnycdnbunnyapi/changelog.txt, Match: ''=1.0.0='''
   buscape-wp-related-products:
     TranslationFile:
       number: '1.0'
@@ -13545,6 +13568,14 @@ plugins:
       found_by: Meta Tag (Passive Detection)
       interesting_entries:
       - 'http://wp.lab/, Match: ''3.5.5;1'''
+  expandable-paywall:
+    QueryParameter:
+      number: 1.1.2
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/expandable-paywall/public/css/expandable-paywall-public.css?ver=1.1.2
+      - http://wp.lab/wp-content/plugins/expandable-paywall/public/js/expandable-paywall-public.js?ver=1.1.2
+      confidence: 20
   expivi:
     TranslationFile:
       number: '0.1'
@@ -14703,6 +14734,25 @@ plugins:
       found_by: Javascript Var (Passive Detection)
       interesting_entries:
       - 'http://wp.lab/, Match: ''eams","plugin_ver":"3.0.10"};'''
+  flower-delivery-by-florist-one:
+    Comment:
+      number: 1.11.1
+      found_by: Comment (Passive Detection)
+      interesting_entries:
+      - 'http://wp.lab/, Match: ''/florist-one-flower-delivery-public-old-browser.css?ver=1.11.1'''
+    QueryParameter:
+      number: 1.11.1
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/css/slicknav.css?ver=1.11.1
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/css/florist-one-flower-delivery-public.css?ver=1.11.1
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/jquery.validate.js?ver=1.11.1
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/jquery.slicknav.min.js?ver=1.11.1
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/jquery.history.js?ver=1.11.1
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/resizeSensor.js?ver=1.11.1
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/elementQueries.js?ver=1.11.1
+      - http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/florist-one-flower-delivery-public.js?ver=1.11.1
+      confidence: 80
   fluentform:
     JavascriptComment:
       number: 1.3.4
@@ -18147,6 +18197,14 @@ plugins:
       interesting_entries:
       - http://wp.lab/wp-content/plugins/i-chat/js/jquery.cookie.js?ver=1.0.0
       confidence: 10
+  i-like:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/i-like/assets/js/i-like-ajax.js?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/i-like/assets/js/main.js?ver=1.0.0
+      confidence: 20
   i-order-terms:
     TranslationFile:
       number: 1.5.0
@@ -26864,6 +26922,11 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/paypal-for-woocommerce/i18n/languages/paypal-for-woocommerce-en_US.po,
         Match: ''ject-Id-Version: PayPal for WooCommerce 1.4.7'''
+    Comment:
+      number: 2.1.12
+      found_by: Comment (Passive Detection)
+      interesting_entries:
+      - 'http://wp.lab/, Match: ''installed PayPal for WooCommerce v2.1.12'''
   paypal-ipn:
     QueryParameter:
       number: 1.1.2
@@ -27176,6 +27239,14 @@ plugins:
       - http://wp.lab/wp-content/plugins/photo-gallery-with-responsive/assets/css/pgr-custom.css?ver=1.1
       - http://wp.lab/wp-content/plugins/photo-gallery-with-responsive/assets/js/catfilter.js?ver=1.1
       confidence: 50
+  photo-roll:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/photo-roll/public/css/instantgram-public.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/photo-roll/public/js/instantgram-public.js?ver=1.0.0
+      confidence: 20
   photo-swipe:
     QueryParameter:
       number: 4.1.1.1
@@ -32562,6 +32633,12 @@ plugins:
       - http://wp.lab/wp-content/plugins/sfwd-lms/themes/ld30/assets/js/learndash.js?ver=3.1.2
       - http://wp.lab/wp-content/plugins/sfwd-lms/themes/legacy/templates/learndash_pager.min.js?ver=3.1.2
       confidence: 90
+    TranslationFile:
+      number: 3.1.3
+      found_by: Translation File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/sfwd-lms/languages/learndash.pot, Match: ''Project-Id-Version:
+        LearnDash LMS 3.1.3'''
   shadowbox:
     Comment:
       number: '0.2'
@@ -35209,6 +35286,14 @@ plugins:
       interesting_entries:
       - http://wp.lab/wp-content/plugins/splash-popup-for-woocommerce/js/frontend.js?ver=1.0.9
       confidence: 10
+  spoken-search:
+    QueryParameter:
+      number: '1.0'
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/spoken-search/assets/css/ss2t.min.css?ver=1.0
+      - http://wp.lab/wp-content/plugins/spoken-search/assets/js/ss2t-bundle.min.js?ver=1.0
+      confidence: 20
   spoken-word:
     QueryParameter:
       number: 1.0.0
@@ -36330,6 +36415,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/sympose/languages/sympose.pot, Match: ''"Project-Id-Version:
         Sympose 1.0.0'''
+  sync-post-with-other-site:
+    TranslationFile:
+      number: 1.0.0
+      found_by: Translation File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/sync-post-with-other-site/languages/sps_text_domain-en_US.po,
+        Match: ''-Id-Version: Sync Post With Other Site v1.0.0'''
   synchi:
     TranslationFile:
       number: '5.1'
@@ -46054,6 +46146,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/wp-licenses/lang/wp-licenses.pot, Match:
         ''"Project-Id-Version: WP-licenses 0.0.7'''
+  wp-light-heatmap:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/wp-light-heatmap/public/css/wp_light_heatmap-public.css?ver=1.0.0
+      confidence: 10
   wp-like-box:
     QueryParameter:
       number: '1.0'
@@ -46591,6 +46690,12 @@ plugins:
       interesting_entries:
       - http://wp.lab/wp-content/plugins/wp-notes-widget/public/css/wp-notes-public.css?ver=1.0.3
       confidence: 10
+  wp-notice-blocker:
+    ComposerFile:
+      number: '1.0'
+      found_by: Composer File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/wp-notice-blocker/package.json, Match: ''1.0'''
   wp-nutrition-facts:
     Comment:
       number: 1.0.2

spec/fixtures/dynamic_finders/plugin_version/bunnycdnbunnyapi/change_log/changelog.txt

@@ -0,0 +1,19 @@
+== CHANGELOG ==
+
+=1.0.0=
+Initial setup
+bunnyapi ::
+WP default upload paths
+setup paths
+bunnyapi_callback_css
+bunnyapi_img_shortcode($atts)
+bunnyapi_dnsprefetch()
+load classes--
+inc:: bunnyapiFunctions
+inc-- bunnyapi_api_key(),bunnyapi_validate_apikey(),bunnyapi_clear_cache(),bunnyapi_delete_all(),bunnyapi_delete_files($files),bunnyapi_copy_all($folder),bunnyapi_force_push($folder),bunnyapi_upload_files($files),bunnyapi_is_gutenberg_active(),bunnyapi_setbunnyhost(),bunnyapi_currenturl(),bunnyapi_api_call(),bunnyhost(),bunnyapi_convert_year_month_url(),bunnyapi_check_https(),bunnyapi_is_200(),bunnyapi_full_validation_apikey()
+inc:: bunnyapiSettings
+inc-- getOptions(),getOption($option),validateSettings($data),cleanHostname($hostname),initialize(),bunnyapi_options_page(),js:{deleteall(),clearcache(),copyall(),pushall(),downloadall(),setHost()}
+inc:: bunnyapiMedia
+inc-- function($editor_id),bunnyapi_CustomMediaUI(),bunnyapi_media_urls(),bunnyapi_getLabel(),bunnyapi_getUrl(),bunnyapi_render(),__construct(),bunnyapi_submenu(),bunnyapi_adminBar(),bunnyapi_mediaButton(),bunnyapi_mediaButtonScript(),bunnyapi_indexButton(),bunnyapi_h2Button()
+BunnyAPI auto-detection hostname configuration 
+BunnyAPI Settings screen: Update BunnyAPI Settings, Clear Cache, Download BunnyCDN Media, Push WP Media Library, Copy BunnyCDN Media, and Delete All BunnyCDN Media

spec/fixtures/dynamic_finders/plugin_version/comment_passive_all.html

@@ -107,7 +107,7 @@ Ahalogy wordpress plugin [version 2.1.0] is installed but Client ID not set
 
 <!-- cc-child-pages -->
 <!--[if lt IE 8]>
-<link rel='stylesheet' id='ccchildpagesiecss-css'  href='http://wp.local/WpVersionFinder/wordpress/wp-content/plugins/cc-child-pages/includes/css/styles.ie.css?ver=1.36' type='text/css' media='all' />
+<link rel='stylesheet' id='ccchildpagesiecss-css'  href='http://wp.lab/wp-content/plugins/cc-child-pages/includes/css/styles.ie.css?ver=1.36' type='text/css' media='all' />
 <![endif]-->
 
 
@@ -619,7 +619,7 @@ If above timestamp is not current time, this page is cached.</p> -->
 
 <!-- movingboxes-wp -->
 <!--[if lte IE 9]>
-<link rel='stylesheet' id='mb-ie-style-css'  href='http://wp.local/WpVersionFinder/wordpress/wp-content/plugins/movingboxes-wp/templates/default/css/movingboxes-ie.css?ver=0.4.2' type='text/css' media='screen' />
+<link rel='stylesheet' id='mb-ie-style-css'  href='http://wp.lab/wp-content/plugins/movingboxes-wp/templates/default/css/movingboxes-ie.css?ver=0.4.2' type='text/css' media='screen' />
 <![endif]-->
 
 
@@ -819,7 +819,7 @@ If above timestamp is not current time, this page is cached.</p> -->
 
 <!-- voxpress -->
 <!--[if lte IE 8]>
-<link rel='stylesheet' id='ubivox-style-public-ie8-css'  href='http://wp.local/WpVersionFinder/wordpress/wp-content/plugins/voxpress/styles/ubivox.public.ie8.css?ver=1.1.5' type='text/css' media='' />
+<link rel='stylesheet' id='ubivox-style-public-ie8-css'  href='http://wp.lab/wp-content/plugins/voxpress/styles/ubivox.public.ie8.css?ver=1.1.5' type='text/css' media='' />
 <![endif]-->
 
 
@@ -850,7 +850,7 @@ If above timestamp is not current time, this page is cached.</p> -->
 
 <!-- wp-elusive-iconfont -->
 <!--[if lte IE 7]>
-<link rel='stylesheet' id='elusive-webfont-ie7-css'  href='http://wp.local/WpVersionFinder/wordpress/wp-content/plugins/wp-elusive-iconfont/assets/css/elusive-webfont-ie7.css?ver=1.0' type='text/css' media='all' />
+<link rel='stylesheet' id='elusive-webfont-ie7-css'  href='http://wp.lab/wp-content/plugins/wp-elusive-iconfont/assets/css/elusive-webfont-ie7.css?ver=1.0' type='text/css' media='all' />
 <![endif]-->
 
 
@@ -1171,7 +1171,7 @@ s0.parentNode.insertBefore(s1,s0);
 
 <!-- age-okay -->
 <!--[if lt IE 10]>
-<link rel='stylesheet' id='age_okay_ie9_css-css'  href='http://wp.local/wp-content/plugins/age-okay/public/css/age-okay-public-ie9-min.css?ver=1.0.0-F' media='all' />
+<link rel='stylesheet' id='age_okay_ie9_css-css'  href='http://wp.lab/wp-content/plugins/age-okay/public/css/age-okay-public-ie9-min.css?ver=1.0.0-F' media='all' />
 <![endif]-->
 
 
@@ -1179,4 +1179,11 @@ s0.parentNode.insertBefore(s1,s0);
 <!-- This site uses the Google Analytics by ExactMetrics plugin v6.0.1 - Using Analytics tracking - https://www.exactmetrics.com/ -->
 
 
+<!-- flower-delivery-by-florist-one -->
+<!--[if lte IE 9]>
+<link rel='stylesheet' id='old-browser-css'  href='http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/css/florist-one-flower-delivery-public-old-browser.css?ver=1.11.1' media='all' />
+<![endif]-->
 
+
+<!-- paypal-for-woocommerce -->
+<!-- This site has installed PayPal for WooCommerce v2.1.12 - https://www.angelleye.com/product/woocommerce-paypal-plugin/ -->

spec/fixtures/dynamic_finders/plugin_version/query_parameter_passive_all.html

@@ -738,6 +738,10 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/alt-tags-for-images/public/js/cnc-image-alt-tags-public.js?ver=1.0.0"></script>
 
 
+<!-- altered-reality -->
+<link rel="stylesheet" id="altered-reality-style-css" href="http://wp.lab/wp-content/plugins/altered-reality/build/style.css?ver=1.0.0" media="all">
+
+
 <!-- altruly-simple-diy-fundraising-for-charities-and-nonprofits -->
 <link rel="stylesheet" id="altruly-simple-diy-fundraising-for-charities-and-nonprofits-css" href="http://wp.lab/wp-content/plugins/altruly-simple-diy-fundraising-for-charities-and-nonprofits/public/css/altruly-simple-diy-fundraising-for-charities-and-nonprofits-public.css?ver=1.0.0" type="text/css" media="all">
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/altruly-simple-diy-fundraising-for-charities-and-nonprofits/public/js/altruly-simple-diy-fundraising-for-charities-and-nonprofits-public.js?ver=1.0.0"></script>
@@ -4760,6 +4764,11 @@
 <script src="http://wp.lab/wp-content/plugins/exit-popup-free/assets/js/script.js?ver=1.0"></script>
 
 
+<!-- expandable-paywall -->
+<link rel="stylesheet" id="expandable-paywall-styles-css" href="http://wp.lab/wp-content/plugins/expandable-paywall/public/css/expandable-paywall-public.css?ver=1.1.2" media="all">
+<script src="http://wp.lab/wp-content/plugins/expandable-paywall/public/js/expandable-paywall-public.js?ver=1.1.2"></script>
+
+
 <!-- explanatory-dictionary -->
 <link rel="stylesheet" id="explanatory_dictionary-plugin-styles-css" href="http://wp.lab/wp-content/plugins/explanatory-dictionary/public/classes/../assets/css/public.css?ver=4.1.5" type="text/css" media="all">
 
@@ -5211,6 +5220,17 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/flow-flow-social-streams/js/require-utils.js?ver=3.0.10"></script>
 
 
+<!-- flower-delivery-by-florist-one -->
+<link rel="stylesheet" id="jquery-slick-nav-css" href="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/css/slicknav.css?ver=1.11.1" media="all">
+<link rel="stylesheet" id="florist-one-flower-delivery-css" href="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/css/florist-one-flower-delivery-public.css?ver=1.11.1" media="all">
+<script src="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/jquery.validate.js?ver=1.11.1"></script>
+<script src="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/jquery.slicknav.min.js?ver=1.11.1"></script>
+<script src="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/jquery.history.js?ver=1.11.1"></script>
+<script src="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/resizeSensor.js?ver=1.11.1"></script>
+<script src="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/elementQueries.js?ver=1.11.1"></script>
+<script src="http://wp.lab/wp-content/plugins/flower-delivery-by-florist-one/public/js/florist-one-flower-delivery-public.js?ver=1.11.1"></script>
+
+
 <!-- fluid-responsive-slideshow -->
 <link rel="stylesheet" id="frs-css-css" href="http://wp.lab/wp-content/plugins/fluid-responsive-slideshow/css/frs.css?ver=2.3.1" type="text/css" media="all">
 <link rel="stylesheet" id="frs-position-css" href="http://wp.lab/wp-content/plugins/fluid-responsive-slideshow/css/frs-position.css?ver=2.3.1" type="text/css" media="all">
@@ -6495,6 +6515,11 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/i-chat/js/jquery.cookie.js?ver=1.0.0"></script>
 
 
+<!-- i-like -->
+<script src="http://wp.lab/wp-content/plugins/i-like/assets/js/i-like-ajax.js?ver=1.0.0"></script>
+<script src="http://wp.lab/wp-content/plugins/i-like/assets/js/main.js?ver=1.0.0"></script>
+
+
 <!-- i-search -->
 <link rel="stylesheet" id="isrc_frontend-css" href="http://wp.lab/wp-content/plugins/i-search/front/css/i-search.min.css?ver=1.2.0" type="text/css" media="all">
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/i-search/front/js/isrc-autocomplete.min.js?ver=1.2.0"></script>
@@ -9973,6 +9998,11 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/photo-gallery-with-responsive/assets/js/catfilter.js?ver=1.1"></script>
 
 
+<!-- photo-roll -->
+<link rel="stylesheet" id="instantgram-public-css" href="http://wp.lab/wp-content/plugins/photo-roll/public/css/instantgram-public.css?ver=1.0.0" media="all">
+<script src="http://wp.lab/wp-content/plugins/photo-roll/public/js/instantgram-public.js?ver=1.0.0"></script>
+
+
 <!-- photo-swipe -->
 <link rel="stylesheet" id="photoswipe-lib-css" href="http://wp.lab/wp-content/plugins/photo-swipe/lib/photoswipe.css?ver=4.1.1.1" type="text/css" media="all">
 <link rel="stylesheet" id="photoswipe-default-skin-css" href="http://wp.lab/wp-content/plugins/photo-swipe/lib/default-skin/default-skin.css?ver=4.1.1.1" type="text/css" media="all">
@@ -13054,6 +13084,11 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/splash-popup-for-woocommerce/js/frontend.js?ver=1.0.9"></script>
 
 
+<!-- spoken-search -->
+<link rel="stylesheet" id="ss2t-css-css" href="http://wp.lab/wp-content/plugins/spoken-search/assets/css/ss2t.min.css?ver=1.0" media="all">
+<script src="http://wp.lab/wp-content/plugins/spoken-search/assets/js/ss2t-bundle.min.js?ver=1.0"></script>
+
+
 <!-- spoken-word -->
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/spoken-word/dist/spoken-word.js?ver=1.0.0"></script>
 
@@ -16937,6 +16972,10 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-license-manager/public/js/wp-license-manager-public.js?ver=0.5.5"></script>
 
 
+<!-- wp-light-heatmap -->
+<link rel="stylesheet" id="wp_light_heatmap-css" href="http://wp.lab/wp-content/plugins/wp-light-heatmap/public/css/wp_light_heatmap-public.css?ver=1.0.0" media="all">
+
+
 <!-- wp-like-box -->
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-like-box/public/assets/jquery.magnific-popup.min.js?ver=1.0"></script>
 

spec/fixtures/dynamic_finders/plugin_version/sync-post-with-other-site/translation_file/languages/sps_text_domain-en_US.po

@@ -0,0 +1,373 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: Sync Post With Other Site v1.0.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: 2020-01-21 06:39:08+0000\n"
+"Last-Translator: admin <info@richard.com>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: CSL v1.x\n"
+"X-Poedit-Language: English\n"
+"X-Poedit-Country: UNITED STATES\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-KeywordsList: __;_e;__ngettext:1,2;_n:1,2;__ngettext_noop:1,2;_n_noop:1,2;_c,_nc:4c,1,2;_x:1,2c;_ex:1,2c;_nx:4c,1,2;_nx_noop:4c,1,2;\n"
+"X-Poedit-Basepath: ../\n"
+"X-Poedit-Bookmarks: \n"
+"X-Poedit-SearchPath-0: .\n"
+"X-Textdomain-Support: yes"
+
+#. translators: plugin header field 'Name'
+#: SyncPostWithOtherSite.php:0
+#@ sps_text_domain
+msgid "Sync Post With Other Site"
+msgstr "Sync Post With Other Site"
+
+#. translators: plugin header field 'PluginURI'
+#. translators: plugin header field 'AuthorURI'
+#: SyncPostWithOtherSite.php:0
+#@ sps_text_domain
+msgid "https://kp4coder.com/"
+msgstr "https://kp4coder.com/"
+
+#. translators: plugin header field 'Description'
+#: SyncPostWithOtherSite.php:0
+#@ sps_text_domain
+msgid "Allows user to sync post with multiple websites."
+msgstr "Allows user to sync post with multiple websites."
+
+#. translators: plugin header field 'Author'
+#: SyncPostWithOtherSite.php:0
+#@ sps_text_domain
+msgid "KP Dev"
+msgstr "KP Dev"
+
+#. translators: plugin header field 'Version'
+#: SyncPostWithOtherSite.php:0
+#@ sps_text_domain
+msgid "1.0.0"
+msgstr "1.0.0"
+
+#: SyncPostWithOtherSite.php:103
+#@ sps_text_domain
+msgid "Setting"
+msgstr "Setting"
+
+#: SyncPostWithOtherSite.php:113
+#@ sps_text_domain
+msgid "Sync Post"
+msgstr "Sync Post"
+
+#: SyncPostWithOtherSite.php:158
+#@ sps_text_domain
+msgid "No matching tax rates found."
+msgstr "No matching tax rates found."
+
+#: SyncPostWithOtherSite.php:230
+#@ sps_text_domain
+msgid "Product Listing will be here"
+msgstr "Product Listing will be here"
+
+#: includes/sps_post_meta.class.php:18
+#@ SPS_txt_domain
+msgid "Select Websites"
+msgstr ""
+
+#: includes/sps_post_meta.class.php:46
+#@ SPS_txt_domain
+msgid "Please add website in <b>Sync Post</b>. So you can select the website for sync post."
+msgstr ""
+
+#: includes/sps_post_meta.class.php:51
+#@ SPS_txt_domain
+msgid "select which website you want to add/edit post with this post."
+msgstr ""
+
+#: includes/sps_settings.view.php:14
+#@ sps_text_domain
+msgid "Dismiss this notice."
+msgstr "Dismiss this notice."
+
+#: includes/sps_settings.view.php:31
+#@ sps_text_domain
+msgid "General options"
+msgstr "General options"
+
+#: includes/sps_settings.view.php:48
+#: includes/sps_settings.view.php:134
+#@ sps_text_domain
+msgid "Host Name of Target"
+msgstr "Host Name of Target"
+
+#: includes/sps_settings.view.php:54
+#: includes/sps_settings.view.php:138
+#@ sps_text_domain
+msgid "https://example.com - This is the URL that your Content will be Pushed to. If WordPress is installed in a subdirectory, include the subdirectory."
+msgstr "https://example.com - This is the URL that your Content will be Pushed to. If WordPress is installed in a subdirectory, include the subdirectory."
+
+#: includes/sps_settings.view.php:58
+#: includes/sps_settings.view.php:61
+#: includes/sps_settings.view.php:142
+#: includes/sps_settings.view.php:145
+#@ sps_text_domain
+msgid "Username"
+msgstr "Username"
+
+#: includes/sps_settings.view.php:65
+#: includes/sps_settings.view.php:68
+#: includes/sps_settings.view.php:149
+#: includes/sps_settings.view.php:152
+#@ sps_text_domain
+msgid "Password"
+msgstr "Password"
+
+#: includes/sps_settings.view.php:72
+#: includes/sps_settings.view.php:156
+#@ sps_text_domain
+msgid "Strict Mode"
+msgstr "Strict Mode"
+
+#: includes/sps_settings.view.php:75
+#: includes/sps_settings.view.php:159
+#@ sps_text_domain
+msgid "On - WordPress and SyncPostWithOtherSite for Content versions must match on Source and Target in order to perform operations."
+msgstr "On - WordPress and SyncPostWithOtherSite for Content versions must match on Source and Target in order to perform operations."
+
+#: includes/sps_settings.view.php:80
+#: includes/sps_settings.view.php:163
+#@ sps_text_domain
+msgid "Off - WordPress and SyncPostWithOtherSite for Content versions do not need to match."
+msgstr "Off - WordPress and SyncPostWithOtherSite for Content versions do not need to match."
+
+#: includes/sps_settings.view.php:84
+#: includes/sps_settings.view.php:167
+#@ sps_text_domain
+msgid "Content Match Mode"
+msgstr "Content Match Mode"
+
+#: includes/sps_settings.view.php:92
+#@ sps_text_domain
+msgid "Post slug - Search for matching Content on Target by Post Slug only."
+msgstr "Post slug - Search for matching Content on Target by Post Slug only."
+
+#: includes/sps_settings.view.php:96
+#: includes/sps_settings.view.php:179
+#@ sps_text_domain
+msgid "Roles Allowed to use"
+msgstr "Roles Allowed to use"
+
+#: includes/sps_settings.view.php:99
+#: includes/sps_settings.view.php:182
+#@ sps_text_domain
+msgid "Contributor"
+msgstr "Contributor"
+
+#: includes/sps_settings.view.php:102
+#: includes/sps_settings.view.php:184
+#@ sps_text_domain
+msgid "Author"
+msgstr "Author"
+
+#: includes/sps_settings.view.php:105
+#: includes/sps_settings.view.php:186
+#@ sps_text_domain
+msgid "Editor"
+msgstr "Editor"
+
+#: includes/sps_settings.view.php:108
+#: includes/sps_settings.view.php:188
+#@ sps_text_domain
+msgid "Administrator"
+msgstr "Administrator"
+
+#: includes/sps_settings.view.php:110
+#: includes/sps_settings.view.php:190
+#@ sps_text_domain
+msgid "Select the Roles you wish to have access to the SyncPostWithOtherSite User Interface. Only these Roles will be allowed to perform Syncing operations."
+msgstr "Select the Roles you wish to have access to the SyncPostWithOtherSite User Interface. Only these Roles will be allowed to perform Syncing operations."
+
+#: includes/sps_settings.view.php:137
+#@ sps_text_domain
+msgid " Remove Site "
+msgstr " Remove Site "
+
+#: includes/sps_settings.view.php:170
+#@ sps_text_domain
+msgid "Post Slug"
+msgstr "Post Slug"
+
+#: includes/sps_settings.view.php:175
+#@ sps_text_domain
+msgid "Post slug - Search for matching Content on Target by Post slug only."
+msgstr "Post slug - Search for matching Content on Target by Post slug only."
+
+#: includes/sps_sync.class.php:255
+#@ sps_text_domain
+msgid "success"
+msgstr "success"
+
+#: includes/sps_sync.class.php:256
+#@ sps_text_domain
+msgid "data proccessed successfully"
+msgstr "data proccessed successfully"
+
+#: includes/sps_sync.class.php:261
+#: includes/sps_sync.class.php:265
+#@ sps_text_domain
+msgid "failed"
+msgstr "failed"
+
+#: includes/sps_sync.class.php:262
+#@ sps_text_domain
+msgid "Authenitcate failed."
+msgstr "Authenitcate failed."
+
+#: includes/sps_sync.class.php:266
+#@ sps_text_domain
+msgid "Username or Password is null."
+msgstr "Username or Password is null."
+
+#: includes/sps_wp_list_table.class.php:151
+#@ default
+msgid "List View"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:152
+#@ default
+msgid "Excerpt View"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:312
+#@ default
+msgid "No items found."
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:434
+#@ default
+msgid "Select bulk action"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:436
+#@ default
+msgid "Bulk Actions"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:446
+#@ default
+msgid "Apply"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:494
+#: includes/sps_wp_list_table.class.php:1272
+#@ default
+msgid "Show more details"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:556
+#@ default
+msgid "Filter by date"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:558
+#@ default
+msgid "All dates"
+msgstr ""
+
+#. translators: 1: month name, 2: 4-digit year
+#: includes/sps_wp_list_table.class.php:571
+#, php-format
+#@ default
+msgid "%1$s %2$d"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:621
+#, php-format
+#@ default
+msgid "%s comment"
+msgid_plural "%s comments"
+msgstr[0] ""
+msgstr[1] ""
+
+#: includes/sps_wp_list_table.class.php:622
+#, php-format
+#@ default
+msgid "%s approved comment"
+msgid_plural "%s approved comments"
+msgstr[0] ""
+msgstr[1] ""
+
+#: includes/sps_wp_list_table.class.php:623
+#, php-format
+#@ default
+msgid "%s pending comment"
+msgid_plural "%s pending comments"
+msgstr[0] ""
+msgstr[1] ""
+
+#: includes/sps_wp_list_table.class.php:628
+#: includes/sps_wp_list_table.class.php:640
+#: includes/sps_wp_list_table.class.php:653
+#@ default
+msgid "No comments"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:640
+#@ default
+msgid "No approved comments"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:653
+#@ default
+msgid "No pending comments"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:727
+#: includes/sps_wp_list_table.class.php:1296
+#, php-format
+#@ default
+msgid "%s item"
+msgid_plural "%s items"
+msgstr[0] ""
+msgstr[1] ""
+
+#: includes/sps_wp_list_table.class.php:763
+#@ default
+msgid "First page"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:773
+#@ default
+msgid "Previous page"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:780
+#: includes/sps_wp_list_table.class.php:783
+#@ default
+msgid "Current Page"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:789
+#, php-format
+#@ default
+msgctxt "paging"
+msgid "%1$s of %2$s"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:796
+#@ default
+msgid "Next page"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:806
+#@ default
+msgid "Last page"
+msgstr ""
+
+#: includes/sps_wp_list_table.class.php:1026
+#@ default
+msgid "Select All"
+msgstr ""
+

spec/fixtures/dynamic_finders/plugin_version/wp-notice-blocker/composer_file/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "wp-notice-blocker",
+  "version": "1.0",
+  "description": "A notice blocker for WordPress",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/hasinur1997/wp-notice-blocker.git"
+  },
+  "keywords": [
+    "WordPress",
+    "admin",
+    "notice",
+    "blocker"
+  ],
+  "author": "Hasinur Rahman",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/hasinur1997/wp-notice-blocker/issues"
+  },
+  "homepage": "https://github.com/hasinur1997/wp-notice-blocker#readme"
+}

spec/fixtures/dynamic_finders/wp_version/script_etag/wp-admin/load-scripts.php

@@ -0,0 +1,8 @@
+{
+  "Date": "Tue, 03 Mar 2020 15:51:52 GMT",
+  "Server": "Apache",
+  "Etag": "3.8.1",
+  "Expires": "Wed, 03 Mar 2021 15:51:52 GMT",
+  "Cache-Control": "public, max-age=31536000",
+  "Content-Type": "application/javascript; charset=UTF-8"
+}

spec/fixtures/dynamic_finders/wp_version/style_etag/wp-admin/load-styles.php

@@ -0,0 +1,8 @@
+{
+  "Date": "Tue, 03 Mar 2020 15:51:52 GMT",
+  "Server": "Apache",
+  "Etag": "3.8.1",
+  "Expires": "Wed, 03 Mar 2021 15:51:52 GMT",
+  "Cache-Control": "public, max-age=31536000",
+  "Content-Type": "text/css; charset=UTF-8"
+}

wpscan.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.executables           = ['wpscan']
   s.require_paths         = ['lib']
 
-  s.add_dependency 'cms_scanner', '~> 0.8.3'
+  s.add_dependency 'cms_scanner', '~> 0.8.5'
 
   s.add_development_dependency 'bundler',             '>= 1.6'
   s.add_development_dependency 'memory_profiler',     '~> 0.9.13'