ethicalhack3r
Forum Replies Created
-
Hi,
I’ve had a look and don’t know why you’re experiencing this issue. I suspect the issue might only affect sites hosted on SiteGround.
I’ve asked on our Twitter account if anyone else is experiencing issues with our plugin and SiteGround.
Hopefully we’ll get some answers, which will be able to rule in, or out, the issue being with SiteGround.
Thanks,
RyanForum: Reviews
In reply to: [WPScan - WordPress Security Scanner] Do not use!That’s very harsh.
The free account on WPscan and it’s 50 request cap can not cover a single website
We give 50 API requests away free of charge for anyone, which many thousands of our users use perfectly fine. Whether 50 is enough, will obviously depend on how many plugins and themes you have installed.
and if you wait 24h it will check the whole site again not prioritising plugins that haven’t being check yet.
You could have requested this as a feature request. We never heard from you before.
But wait, if you think paying for the 250 request is going solve the issue, you are wrong!
Why didn’t this solve your issue? How many plugins/themes do you have installed? It sounds like an abnormally high amount. Maybe you’re using multisite and have many websites on the same WordPress install?
This plugin has gone from mush have to must delete!
Everyone must delete it because you can’t see the value?
You can contact us at team-at-wpscan.org if your needs exceed 250 API calls per day, due to having many websites, or plugins/themes installed on the same website.
Sure, I might not be able to check right away, but should be able to check later tonight, or tomorrow.
You can email the details to team@wpscan.org
This just affects this particular site, right? And it only affects the site hosted on Siteground?
Hi,
I just installed it on a vanilla install of the latest version of WordPress and it was working as expected.
I assume that you are adding an API token in the WPScan Settings?
The Summary box only shows after adding a valid API token.
Thanks,
RyanWe could try disabling other plugins one by one to see if disabling one of them fixes the issue with the WPScan plugin? Then re-enable them after the test.
Thanks, got it!
The HTML for the summary box is missing altogether.
There could be some kind of conflict with another plugin.
Do you have access to the web server’s error logs? If so, is there anything in there that might give some clues?
Hi,
Can you right-click, View Page Source, and send the HTML of that page to team@wpscan.org, please?
This might help us identify if the HTML has been modified by another plugin.
Thanks,
RyanRyan here from wpvulndb.com.
We have confirmed that the the vulnerability is only exploitable by administrative users and also requires a valid CSRF nonce. Details that were not given by the original researcher.
Therefore there is no inherent risk. We have deleted the issue from our database.
Hi,
Ryan here from wpvulndb, can you confirm the version the vulnerability was fixed in, please? We can then add this information to wpvulndb.
Thanks!
We have not seen this error before.
Can you confirm the version of WordPress and PHP in use, please?
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Hourly scanning intervalHi,
Thank you for your feedback.
Hourly may be a little overkill when taking into account the frequency of vulnerabilities added to our database, and the bandwidth requirements for hourly checks.
But, I think that we could possibly do a twice daily scan option.
I have opened a ticket on our internal system and we will give it some further thought, and if we think it would be a good idea, we’ll implement it into a future version.
Thanks again,
RyanForum: Reviews
In reply to: [Ni Cost of Goods for WooCommerce] Possible false positiveThe example code you posted is definitely not vulnerable to anything as the only variable used is
dirname(__FILE__)which is not user controllable.Unless you have given incorrect information in your post, then this is a False Positive.
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] WPVulnDB API TokenSorry, I was assuming we were talking about notifications.
So, if you schedule daily notifications, the cron task will run from 24 hours from when you set it.
The same applies if you have no notifications set. The cron job to update the report within the plugin runs from 24 hours from the time you enter a valid API key into the settings page.
- This reply was modified 7 years, 3 months ago by ethicalhack3r. Reason: spelling
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] WPVulnDB API TokenThe cron job is started relative to the time the schedule is set.
So, for example, if you schedule a daily scan, it will scan every 24 hours since you set it. So, yea, it would be recommended to stagger the scheduling for each site.
Although, 12 sites may be under the 100 requests within 30 seconds limit, but this will depend on how many plugins on each site. To be sure, I’d stagger the scheduling. Perhaps in the future, we can add functionality to configure the cron time.
Forum: Plugins
In reply to: [Vulnerability Alerts] Multiple Emails for Alerts (Code Within)This fix looks to have been implemented in the vulnerability-alerts plugin. This fix has been carried over to the new plugin available at https://wordpress.org/plugins/wpscan/