Wpscan Versions Save

Minor:

• Be more informative in CLI output with InterestingFindings - Ref #1510
• Better CLI error messages for Path validators

• Minor:
  • Fixed Theme author incorrectly detected - Ref #1520
  • Password Attack: Fixed disabled XMLRPC method not being correctly detected in blog with a language other than English - Ref #1522

• Minor
  • Fixes a potential InvalidProgressBar error with the xmlrpc_multicall pwd attack
  • Long option/s now displayed when a required one is missing - Ref https://github.com/wpscanteam/wpscan/issues/1500
  • Fixes Crash when URL does not contain a TLD, such as dc-2
  • Password Attack: When an error occurs, the response body is only displayed when --verbose is used
  • When using an output format other than the CLI (such as -f json), the progress bar log will only contain unique errors (before duplicate could occur, leading to an increase of Memory usage)
  • Check for wp-login.php availability before doing password attack on it - Ref #1519
  • Uses an enumerator to read the wordlist (rather than the whole file at once) during password attacks, reducing the memory usage - Ref #1518

• Minor
  • Fixes a potential InvalidProgressBar error with the xmlrpc_multicall pwd attack
  • Long option/s now displayed when a required one is missing - Ref https://github.com/wpscanteam/wpscan/issues/1500
  • Fixes Crash when URL does not contain a TLD, such as dc-2

• Added Youtube references from the API in output
• Added CVSS score and vector output. This will only be displayed for users with an enterprise token

Major:

• Support for Ruby 2.4 removed as EOL reached.

Minor:

• Icon displayed when valid credentials found during password attack changed from notice [i] to warning [!]
• Help messages for --plugins-detection and --plugins-version-detection updated - Ref #1472

• Fixes incorrect detection of error responses when performing Password Attack via XMLRPC in some cases.
• Fixes non detection of users via the WP JSON method when blog uses Basic Auth or a proxy is given.
• Fixes reference error when debug log is identified
• Fixes wrong number of argument error with old versions of activesupport (< 5.2) from opt_parse_validator.

• Message added to error raised when there is a checksum mismatch during update, asking the user to try again in a few minute.
• Fixes non detection of plugins/themes when the main 404 is a redirection and the plugins/themes checked return empty 200 responses
• API Token can now be loaded from the ENV variable WPSCAN_API_TOKEN if present.

• Avoid sending irrelevant request params (such as cookies and headers) when updating and checking VulnAPI - Ref #1451
• Target IP address added to output - Ref #1088
• Time to detect non WP sites greatly reduced when there are a lot of links in the homepage.
• Passive scanning time reduced when there are a lot of links in the homepage.

• Fixed Issue with CF-Connecting-IP header provided in CLI which was also sent to VulnAPI - #1451