wpscan 3.8.24 → 3.8.26

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23e760a18e71e13ba38ca87b045d98e1797681b3825f3478cd0207bd6c0df444
-  data.tar.gz: d0a32dd76141b699942aa8fce40b72f5c53cf43f5760e11edc366b5db7bb3185
+  metadata.gz: f4c0a992941a0d2f853807d26044152e1be735612de635009344aa0d09771fe5
+  data.tar.gz: c6be4010e882cd3a0c2b7413cd4b701ace9aa4815eccabcc2fc1c44cb6868cf0
 SHA512:
-  metadata.gz: afe57fb1ec101b3ac1309812ab3504b0c1d0a27fa807d302689f23678bbdf9980c8d1389a2c9d37dfbdc93386f4448a0f8eb33e4141ec1891b5ffdca3eecdf14
-  data.tar.gz: b79484562638d87bbb3ffd129988f9d7c1cbb062006c24bc918852767b143a1d34a576c1e3275ff599522cbac953eb35aebeb6cd4b447dccf365335966581bff
+  metadata.gz: 1b745c2b437e7ef151ca02f96f2e92033432f210d840e00043162f5e22150069aaa81183bc2c9c0e27851daf7cec5542dc05c15b73a905c8753b133fe533630d
+  data.tar.gz: cd12ea2c6f19a67141c35d3621b08e7ca19c17c681511a08939149442f0581e99f7444b625d0037c0d079f3f3f8c6936ae63a69893c7044eb033a8387b3cf859

data/README.md

@@ -25,8 +25,7 @@
 ## Prerequisites
 
 - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
-- Ruby >= 2.5 - Recommended: latest
-  - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
+- Ruby >= 3.0 - Recommended: latest
 - Curl >= 7.72  - Recommended: latest
   - The 7.29 has a segfault
   - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
@@ -39,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i
 
 ### In macOSX via Homebrew
 
-`brew install wpscanteam/tap/wpscan`
+```shell
+brew install wpscanteam/tap/wpscan
+```
 
 ### From RubyGems
 

data/app/finders/db_exports/known_locations.rb

@@ -7,6 +7,10 @@ module WPScan
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        def valid_response_codes
+          @valid_response_codes ||= [200, 206].freeze
+        end
+
         SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
 
         # @param [ Hash ] opts
@@ -17,7 +21,7 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
             if res.effective_url.end_with?('.zip')
               next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
             else

data/app/models/theme.rb

@@ -92,7 +92,7 @@ module WPScan
           tags: 'Tags',
           text_domain: 'Text Domain'
         }.each do |attribute, tag|
-          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
+          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
         end
       end
 

data/app/models/wp_version.rb

@@ -25,6 +25,10 @@ module WPScan
 
         @all_numbers = []
 
+        DB::Version.metadata.each_key do |ver|
+          @all_numbers << ver
+        end
+
         DB::Fingerprints.wp_fingerprints.each_value do |fp|
           @all_numbers << fp.values
         end

data/lib/wpscan/helper.rb

@@ -16,5 +16,8 @@ def classify_slug(slug)
   classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
   classified = "D_#{classified}" if /\d/.match?(classified[0])
 
+  # Special case for slugs with all non-latin characters.
+  classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
+
   classified.to_sym
 end

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.8.24'
+  VERSION = '3.8.26'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.24
+  version: 3.8.26
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-09 00:00:00.000000000 Z
+date: 2024-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.8
+        version: 0.14.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.8
+        version: 0.14.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.0
+        version: 0.22.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.0
+        version: 0.22.0
 - !ruby/object:Gem::Dependency
   name: simplecov-lcov
   requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.18.1
+        version: 3.19.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.18.1
+        version: 3.19.1
 description: WPScan is a black box WordPress vulnerability scanner.
 email:
 - contact@wpscan.com
@@ -390,14 +390,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
+rubygems_version: 3.2.33
 signing_key: 
 specification_version: 4
 summary: WPScan - WordPress Vulnerability Scanner