Released: 2018-06-15
- Updated dependencies and required ruby version
- Improved CLI output
- Only show readme.html output when wp <= 4.8 #1127
- Cleanup README.md
- Fix bug "undefined method 'identifier' for nil:NilClass" #1149
- Since WP 4.7 readme.html only shows major version #1152
- Add checks for humans.txt and security.text (Thank you @g0tmi1k!)
- Add offline database update support (Thank you @g0tmi1k!)
- Check for API access and /wp-json/'s users output (Thank you @g0tmi1k!)
- Add RSS author information (Thank you @g0tmi1k!)
- Check HTTP status of each value in /robots.txt (Thank you @g0tmi1k!)
- Follow any redirections (e.g. http -> https) (Thank you @g0tmi1k!)
- Lots of other enhancements by @g0tmi1k & WPScan Team
- Database export file enumeration.
WPScan Database Statistics:
- Total tracked wordpresses: 319
- Total tracked plugins: 74896
- Total tracked themes: 16666
- Total vulnerable wordpresses: 305
- Total vulnerable plugins: 1645
- Total vulnerable themes: 286
- Total wordpress vulnerabilities: 8327
- Total plugin vulnerabilities: 2603
- Total theme vulnerabilities: 352