wpscan 3.8.22 → 3.8.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c510fa42904154d92ab0517e7d80861d55230eccd33f1fcd05bac579f59e0ff4
-  data.tar.gz: bb32077f76c587b13f9050dc148a8214072c08c71cba0a5220841c371c8ac5a1
+  metadata.gz: 23e760a18e71e13ba38ca87b045d98e1797681b3825f3478cd0207bd6c0df444
+  data.tar.gz: d0a32dd76141b699942aa8fce40b72f5c53cf43f5760e11edc366b5db7bb3185
 SHA512:
-  metadata.gz: 8b46eca5d03d59cdb0cc5a2ca18420564b6d9ba4dede5246da955206f24570001f5045280dfa7283f47d202c444a6f128e2dde5c618e97d68183d9f72ac4a9c0
-  data.tar.gz: 1b9c59b135c53555e18cf4bd6d97f17b8cac2d688253c770578b5c23c589384d66dfd4ebdee26964223344977e6bef936f42693af26f981da3333377d88d4c1b
+  metadata.gz: afe57fb1ec101b3ac1309812ab3504b0c1d0a27fa807d302689f23678bbdf9980c8d1389a2c9d37dfbdc93386f4448a0f8eb33e4141ec1891b5ffdca3eecdf14
+  data.tar.gz: b79484562638d87bbb3ffd129988f9d7c1cbb062006c24bc918852767b143a1d34a576c1e3275ff599522cbac953eb35aebeb6cd4b447dccf365335966581bff

data/README.md

@@ -90,15 +90,12 @@ The DB is located at ~/.wpscan/db
 
 The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
 
-Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
-
-#### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
+Up to **25** API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data.
 
 ### How many API requests do you need?
 
 - Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
 - On average, a WordPress website has 22 installed plugins.
-- The Free plan should cover around 50% of all WordPress websites.
 
 ## Load CLI options from file/s
 
@@ -137,7 +134,7 @@ The feature mentioned above is useful to keep the API Token in a config file and
 
 ```yml
 cli_options:
-  api_token: YOUR_API_TOKEN
+  api_token: 'YOUR_API_TOKEN'
 ```
 
 ## Load API Token From ENV (since v3.7.10)

data/app/controllers/password_attack.rb

@@ -17,7 +17,8 @@ module WPScan
                           'Maximum number of passwords to send by request with XMLRPC multicall'],
                          default: 500),
           OptChoice.new(['--password-attack ATTACK',
-                         'Force the supplied attack to be used rather than automatically determining one.'],
+                         'Force the supplied attack to be used rather than automatically determining one.',
+                         'Multicall will only work against WP < 4.4'],
                         choices: %w[wp-login xmlrpc xmlrpc-multicall],
                         normalize: %i[downcase underscore to_sym]),
           OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])

data/lib/wpscan/db/updater.rb

@@ -73,7 +73,7 @@ module WPScan
       # @return [ Hash ] The params for Typhoeus::Request
       # @note Those params can't be overriden by CLI options
       def request_params
-        @request_params ||= Browser.instance.default_connect_request_params.merge(
+        @request_params ||= Browser.instance.default_request_params.merge(
           timeout: 600,
           connecttimeout: 300,
           accept_encoding: 'gzip, deflate',

data/lib/wpscan/db/vuln_api.rb

@@ -70,7 +70,7 @@ module WPScan
       # @return [ Hash ]
       # @note Those params can not be overriden by CLI options
       def self.default_request_params
-        @default_request_params ||= Browser.instance.default_connect_request_params.merge(
+        @default_request_params ||= Browser.instance.default_request_params.merge(
           headers: {
             'User-Agent' => Browser.instance.default_user_agent,
             'Authorization' => "Token token=#{token}"

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.8.22'
+  VERSION = '3.8.24'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.22
+  version: 3.8.24
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-04 00:00:00.000000000 Z
+date: 2023-06-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.0
+        version: 3.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.0
+        version: 3.12.0
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.14.0
+        version: 3.18.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.14.0
+        version: 3.18.1
 description: WPScan is a black box WordPress vulnerability scanner.
 email:
 - contact@wpscan.com