# WPScan Changelog

Version 1.1 - Released 25.11.2011

Added a few plugin vulns to the database
Fix for issue 54
CREDITS file update
Fix for Issue 51.
Moved the uniq! method in generate_plugin_list
SVN output redirected to /dev/null
Added 2 new plugin vulns
Added Clickdesk Live Chat Support XSS vuln
Improved non responsive server method
Improved update class to hide STDERR when there is no outbound conn
Added adminimize plugin XSS.
Fix for Issue 57, slight amendment.
Fix for Issue 57
Fix for Issue 50 (redirect)
Added advanced-text-widget XSS vuln
Added XSS vuln in all versions of WP-Cumulus
Typo in bruter
Couple of output changes + removal of flash gallery plugin duplicate
Implemented version scrapping from RSS feed
Issue 50
Issue 50 fix
404 checking on plugin detection implemented
Full Path Disclosure (FPD) check added.
timthumb.txt file uniqued by michee08
Added Miche08 to credits
Added new SQLI vulnerability in adrotate plugin
Fixed bug where theme name needed URL encoding before being used in the timthumb method.
Fix for issue 48. Not tested.
Added new Zingiri Web Shop RCE vulnerability
Fix for issue 48. Not tested.
Cleaned up plugin enum output a little
Output improvements, method name improvements
GPL code changed for future YARD documentayion
improved user input handling
Improved error_log file detection
Improved the timthumb method slightly
Amended contribution from tripmonster
Added contribution from tripmonster
Moved update code under the banner so that it shows during an update
Moved update code to run before anything
Fixed a bug in wordpress detection
Added timthumb reference, not everyone will know what timthumb is...
small typo
better timthumb discovery
timthumb enumeration checks added
Fix for issue 44 and updates to auto-update
Commented update class
Forgot to add class file
Auto updating implemented
Fix for issue 43
Added 4 new SQLI and 1 RCE from ExploitDB
Issue 39 tested and working
Some work on issue 39
Exploitation refactoring
Fix for issue 31
Fix for issue 34
Bug with when session is 1
Meterpreter interaction working
Further work on metasploit intergration
Some functionality of exploitation through MSFRPC implemented. NOT FINISHED
type, uri and postdata XML tags added to all RFI vulns
Output tweaking
MSFRPC + WPSCAN XMLRPC CLIENT WORKING WITH ADDITIONAL METHODS
XMLRPC Client in a working state
Added WordPress AdRotate plugin <= 3.6.5 SQL Injection Vulnerability to vuln library
MSF XMLRPC CLIENT PoC (NOT WORKING YET)
Some slight output tidying up
Added 3.1.2 Clickjacking Vulnerability
Added a ton of new plugin vulns discovered by Ben Schmidt (@_supernothing)
Addedd 2 new plugin vulns: Count per Day <= 2.17 and Filedownload 0.1
Added Gianluca to CREDITS file
Issue 25: patched plugin_vulns.xml
removed WP 3.0.4 common_post_ID Blind SQLi false positive
added 1-flash-gallery plugin vuln
version update
discover.advanced_version_fingerprinting method imeplemented
Issue 23: Patch for /trunk/data/plugin_vulns.xml
some small amendments
wp versions file initial commit with only scores of 1
updated published plugin vulns
progress indicators