wpscan 3.8.18 → 3.8.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e7fc9dea6d2aa00fc366bbe8f1cde8af5668597020b0f3762aba9c8bd0f4f720
-  data.tar.gz: 5bd79cbef80eb57065cafab7bbf787f4d71de73052068ac37d6a407ca86b813c
+  metadata.gz: a2b3e70edcacc1f1b15ffab1fa686732b1cfc9b6aa4346bd88e0e517082c7aec
+  data.tar.gz: fb794ab8574c5e1fa66553a7e954eaa5467ed62943ae68407124e6396e9359a4
 SHA512:
-  metadata.gz: d093d424143d40bc594dc8f5ef5e6b577bdb09e8e1aff5289da2f471a1b5b7bccdde600c91700300a940281763b6b74e0b6384a23220d928b9e1edef947dac21
-  data.tar.gz: 4032d8268e1961adc1c767bf6857ba5ff46c929c3534955f56550af65aa6996c59e3a2ec17f2c95f8c1af6efbc992122c5cc4f6ee3c012b978e4a5a5c9446e28
+  metadata.gz: 0b02409d2b49a831960a39aaca578aadb07bf1390f6ced4a91edc8e2be42f05287883213cedf2df279f5b763213d595c26defe1abc0f4f075cfc3e9a7a028e03
+  data.tar.gz: 7857de71dd8d276a150afb3f69a4e184cf9e7cd3d9b4ba61a058af1dad92e98594c154246fe7ded7a21ca84bc4ecba885a1ae3d4fb883b9449fb016ab10195fe

data/app/finders/interesting_findings/multisite.rb

@@ -13,7 +13,7 @@ module WPScan
 
           return unless [200, 302].include?(res.code)
           return if res.code == 302 && location&.include?('wp-login.php?action=register')
-          return unless res.code == 200 || res.code == 302 && location&.include?('wp-signup.php')
+          return unless res.code == 200 || (res.code == 302 && location&.include?('wp-signup.php'))
 
           target.multisite = true
 

data/app/models/timthumb.rb

@@ -30,7 +30,7 @@ module WPScan
       def vulnerabilities
         vulns = []
 
-        vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
+        vulns << rce_webshot_vuln if version == false || (version > '1.35' && version < '2.8.14' && webshot_enabled?)
         vulns << rce_132_vuln if version == false || version < '1.33'
 
         vulns

data/lib/wpscan/db/updater.rb

@@ -24,7 +24,9 @@ module WPScan
 
         FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)
 
-        raise "#{repo_directory} is not writable" unless repo_directory.writable?
+        unless repo_directory.writable?
+          raise "#{repo_directory} is not writable (uid: #{Process.uid}, gid: #{Process.gid})"
+        end
 
         delete_old_files
       end

data/lib/wpscan/errors/enumeration.rb

@@ -5,16 +5,16 @@ module WPScan
     class PluginsThresholdReached < Standard
       def to_s
         "The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
-        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
-        'option to ignore the bad responses.'
+          'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+          'option to ignore the bad responses.'
       end
     end
 
     class ThemesThresholdReached < Standard
       def to_s
         "The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
-        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
-        'option to ignore the bad responses.'
+          'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+          'option to ignore the bad responses.'
       end
     end
   end

data/lib/wpscan/errors/wordpress.rb

@@ -26,7 +26,7 @@ module WPScan
     class WpContentDirNotDetected < Standard
       def to_s
         'Unable to identify the wp-content dir, please supply it with --wp-content-dir,' \
-        ' use the --scope option or make sure the --url value given is the correct one'
+          ' use the --scope option or make sure the --url value given is the correct one'
       end
     end
 

data/lib/wpscan/finders/dynamic_finder/finder.rb

@@ -56,7 +56,9 @@ module WPScan
 
           homepage_result = find(target.homepage_res, opts)
 
-          return homepage_result unless homepage_result.nil? || homepage_result.is_a?(Array) && homepage_result&.empty?
+          unless homepage_result.nil? || (homepage_result.is_a?(Array) && homepage_result&.empty?)
+            return homepage_result
+          end
 
           find(target.error_404_res, opts)
         end

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.8.18'
+  VERSION = '3.8.19'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.18
+  version: 3.8.19
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-08 00:00:00.000000000 Z
+date: 2021-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.5
+        version: 0.13.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.5
+        version: 0.13.6
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.16.0
+        version: 1.21.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.16.0
+        version: 1.21.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement