From 3b78f2903de6de2910273fb44f8a519bdd6b01ce Mon Sep 17 00:00:00 2001
From: Heiko Kiesel <heiko.kiesel@iteratec.com>
Date: Wed, 23 Aug 2023 10:55:15 +0200
Subject: [PATCH 1/3] Update wpscan examples

Signed-off-by: Heiko Kiesel <heiko.kiesel@iteratec.com>
---
 .../wpscan/examples/example.com/findings.yaml | 187 ----
 .../wpscan/examples/example.com/scan.yaml     |   2 +-
 .../wpscan/examples/old-wordpress/README.md   |  21 +-
 .../examples/old-wordpress/findings.json      |   1 +
 .../examples/old-wordpress/findings.yaml      | 112 ---
 .../wpscan/examples/old-wordpress/scan.yaml   |   4 +-
 .../old-wordpress/wpscan-results.json         | 932 +++++++++++++++++-
 .../old-wordpress/wpscan-results.json.license |   3 -
 8 files changed, 920 insertions(+), 342 deletions(-)
 delete mode 100644 scanners/wpscan/examples/example.com/findings.yaml
 create mode 100644 scanners/wpscan/examples/old-wordpress/findings.json
 delete mode 100644 scanners/wpscan/examples/old-wordpress/findings.yaml
 delete mode 100644 scanners/wpscan/examples/old-wordpress/wpscan-results.json.license

diff --git a/scanners/wpscan/examples/example.com/findings.yaml b/scanners/wpscan/examples/example.com/findings.yaml
deleted file mode 100644
index 7f05ef70e7..0000000000
--- a/scanners/wpscan/examples/example.com/findings.yaml
+++ /dev/null
@@ -1,187 +0,0 @@
-# SPDX-FileCopyrightText: the secureCodeBox authors
-#
-# SPDX-License-Identifier: Apache-2.0
-
-{
-  "banner":
-    {
-      "description": "WordPress Security Scanner by the WPScan Team",
-      "version": "3.8.1",
-      "authors": ["@_WPScan_", "@ethicalhack3r", "@erwan_lr", "@firefart"],
-      "sponsor": "Sponsored by Automattic - https://automattic.com/",
-    },
-  "start_time": 1591480247,
-  "start_memory": 41349120,
-  "target_url": "https://www.example.com/",
-  "target_ip": "192.168.200.100",
-  "effective_url": "https://www.example.com/",
-  "interesting_findings":
-    [
-      {
-        "url": "https://www.example.com/",
-        "to_s": "Headers",
-        "type": "headers",
-        "found_by": "Headers (Passive Detection)",
-        "confidence": 100,
-        "confirmed_by": {},
-        "references": {},
-        "interesting_entries": ["Server: Apache/2.4.29 (Ubuntu)"],
-      },
-      {
-        "url": "https://www.example.com/robots.txt",
-        "to_s": "https://www.example.com/robots.txt",
-        "type": "robots_txt",
-        "found_by": "Robots Txt (Aggressive Detection)",
-        "confidence": 100,
-        "confirmed_by": {},
-        "references": {},
-        "interesting_entries": ["/wp-admin/", "/wp-admin/admin-ajax.php"],
-      },
-      {
-        "url": "https://www.example.com/readme.html",
-        "to_s": "https://www.example.com/readme.html",
-        "type": "readme",
-        "found_by": "Direct Access (Aggressive Detection)",
-        "confidence": 100,
-        "confirmed_by": {},
-        "references": {},
-        "interesting_entries": [],
-      },
-      {
-        "url": "https://www.example.com/wp-content/mu-plugins/",
-        "to_s": "This site has 'Must Use Plugins': https://www.example.com/wp-content/mu-plugins/",
-        "type": "mu_plugins",
-        "found_by": "Direct Access (Aggressive Detection)",
-        "confidence": 80,
-        "confirmed_by": {},
-        "references": {"url": ["http://codex.wordpress.org/Must_Use_Plugins"]},
-        "interesting_entries": [],
-      },
-      {
-        "url": "https://www.example.com/wp-cron.php",
-        "to_s": "The external WP-Cron seems to be enabled: https://www.example.com/wp-cron.php",
-        "type": "wp_cron",
-        "found_by": "Direct Access (Aggressive Detection)",
-        "confidence": 60,
-        "confirmed_by": {},
-        "references":
-          {
-            "url":
-              [
-                "https://www.iplocation.net/defend-wordpress-from-ddos",
-                "https://github.com/wpscanteam/wpscan/issues/1299",
-              ],
-          },
-        "interesting_entries": [],
-      },
-    ],
-  "version":
-    {
-      "number": "5.3.3",
-      "release_date": "2020-04-29",
-      "status": "latest",
-      "found_by": "Rss Generator (Passive Detection)",
-      "confidence": 100,
-      "interesting_entries":
-        [
-          "https://www.example.com/feed/, <generator>https://wordpress.org/?v=5.3.3</generator>",
-          "https://www.example.com/comments/feed/, <generator>https://wordpress.org/?v=5.3.3</generator>",
-        ],
-      "confirmed_by": {},
-      "vulnerabilities": [],
-    },
-  "main_theme":
-    {
-      "slug": "twentyseventeen",
-      "location": "https://www.example.com/wp-content/themes/twentyseventeen/",
-      "latest_version": "2.3",
-      "last_updated": "2020-03-31T00:00:00.000Z",
-      "outdated": true,
-      "readme_url": "https://www.example.com/wp-content/themes/twentyseventeen/README.txt",
-      "directory_listing": false,
-      "error_log_url": null,
-      "style_url": "https://www.example.com/wp-content/themes/twentyseventeen/style.css?ver=5.3.3",
-      "style_name": "Twenty Seventeen",
-      "style_uri": "https://wordpress.org/themes/twentyseventeen/",
-      "description": "Twenty Seventeen brings your site to life with header video and immersive featured images. With a focus on business sites, it features multiple sections on the front page as well as widgets, navigation and social menus, a logo, and more. Personalize its asymmetrical grid with a custom color scheme and showcase your multimedia content with post formats. Our default theme for 2017 works great in many languages, for any abilities, and on any device.",
-      "author": "the WordPress team",
-      "author_uri": "https://wordpress.org/",
-      "template": null,
-      "license": "GNU General Public License v2 or later",
-      "license_uri": "http://www.gnu.org/licenses/gpl-2.0.html",
-      "tags": "one-column, two-columns, right-sidebar, flexible-header, accessibility-ready, custom-colors, custom-header, custom-menu, custom-logo, editor-style, featured-images, footer-widgets, post-formats, rtl-language-support, sticky-post, theme-options, threaded-comments, translation-ready",
-      "text_domain": "twentyseventeen",
-      "found_by": "Css Style In Homepage (Passive Detection)",
-      "confidence": 100,
-      "interesting_entries": [],
-      "confirmed_by":
-        {
-          "Css Style In 404 Page (Passive Detection)":
-            {"confidence": 70, "interesting_entries": []},
-        },
-      "vulnerabilities": [],
-      "version":
-        {
-          "number": "2.2",
-          "confidence": 80,
-          "found_by": "Style (Passive Detection)",
-          "interesting_entries":
-            [
-              "https://www.example.com/wp-content/themes/twentyseventeen/style.css?ver=5.3.3, Match: 'Version: 2.2'",
-            ],
-          "confirmed_by": {},
-        },
-      "parents": [],
-    },
-  "plugins":
-    {
-      "akismet":
-        {
-          "slug": "akismet",
-          "location": "https://www.example.com/wp-content/plugins/akismet/",
-          "latest_version": "4.1.6",
-          "last_updated": "2020-06-04T17:21:00.000Z",
-          "outdated": false,
-          "readme_url": false,
-          "directory_listing": false,
-          "error_log_url": null,
-          "found_by": "Known Locations (Aggressive Detection)",
-          "confidence": 80,
-          "interesting_entries":
-            [
-              "https://www.example.com/wp-content/plugins/akismet/, status: 403",
-            ],
-          "confirmed_by": {},
-          "vulnerabilities":
-            [
-              {
-                "title": "Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)",
-                "fixed_in": "3.1.5",
-                "references":
-                  {
-                    "cve": ["2015-9357"],
-                    "url":
-                      [
-                        "http://blog.akismet.com/2015/10/13/akismet-3-1-5-wordpress/",
-                        "https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html",
-                      ],
-                    "wpvulndb": ["8215"],
-                  },
-              },
-            ],
-          "version": null,
-        },
-    },
-  "vuln_api":
-    {"plan": "free", "requests_done_during_scan": 4, "requests_remaining": 18},
-  "stop_time": 1591480342,
-  "elapsed": 94,
-  "requests_done": 2335,
-  "cached_requests": 9,
-  "data_sent": 631774,
-  "data_sent_humanised": "616.967 KB",
-  "data_received": 1093069,
-  "data_received_humanised": "1.042 MB",
-  "used_memory": 272867328,
-  "used_memory_humanised": "260.227 MB",
-}
diff --git a/scanners/wpscan/examples/example.com/scan.yaml b/scanners/wpscan/examples/example.com/scan.yaml
index 6ab0732b10..ef7ae1c951 100644
--- a/scanners/wpscan/examples/example.com/scan.yaml
+++ b/scanners/wpscan/examples/example.com/scan.yaml
@@ -16,4 +16,4 @@ spec:
     - "--plugins-detection"
     - "mixed"
     - "--api-token"
-    - "AAAAABBBBBCCCCCDDDDEEEEEEE"
+    - "TODO"
diff --git a/scanners/wpscan/examples/old-wordpress/README.md b/scanners/wpscan/examples/old-wordpress/README.md
index 28aa3a6ca5..5e2efad496 100644
--- a/scanners/wpscan/examples/old-wordpress/README.md
+++ b/scanners/wpscan/examples/old-wordpress/README.md
@@ -5,7 +5,22 @@ SPDX-License-Identifier: Apache-2.0
 -->
 
 :::note
-This example scan uses a demo wordpress 4.0 instance.
-You can deploy it as a demo target into you cluster. The scan assumes that it is installed in the `demo-targets` namespace.
-See the [installation guide](/docs/getting-started/installation#install-some-demo-targets).
+For this example to work, you must add a valid API Token to the scan.yaml!
 :::
+
+In this example we execute an wpscan scan against an old wordpress 4.0 instance [old-wordpress](https://github.com/secureCodeBox/secureCodeBox/tree/main/demo-targets/old-wordpress)
+
+#### Initialize old-wordpress in cluster
+
+Before executing the scan, make sure to setup old-wordpress
+
+```bash
+helm upgrade --install old-wordpress secureCodeBox/old-wordpress --wait
+```
+
+Then, add an API Key in scan.yaml by replacing the `TODO` after the --api-token flag.
+
+After that you can execute the scan in this directory:
+```bash
+kubectl apply -f scan.yaml
+```
\ No newline at end of file
diff --git a/scanners/wpscan/examples/old-wordpress/findings.json b/scanners/wpscan/examples/old-wordpress/findings.json
new file mode 100644
index 0000000000..89a291cc35
--- /dev/null
+++ b/scanners/wpscan/examples/old-wordpress/findings.json
@@ -0,0 +1 @@
+[{"name":"WordPress Service","description":"WordPress Service Information","identified_at":"2023-08-23T08:42:17.000Z","category":"WordPress Service","location":"http://old-wordpress/","osi_layer":"APPLICATION","severity":"INFORMATIONAL","references":null,"confidence":100,"attributes":{"hostname":"http://old-wordpress/","ip_addresses":["10.96.184.93"],"wpscan_version":"3.8.22","wpscan_requests":8767,"wp_version":"4.9.8","wp_release_date":"2018-08-02","wp_release_status":"insecure","wp_interesting_entries":["http://old-wordpress/, Match: 'wp-includes\\/js\\/wp-emoji-release.min.js?ver=4.9.8'"],"wp_found_by":"Emoji Settings (Passive Detection)","wp_confirmed_by":{"Meta Generator (Passive Detection)":{"confidence":60,"interesting_entries":["http://old-wordpress/, Match: 'WordPress 4.9.8'"]}},"wp_vulnerabilities":[{"title":"WordPress <= 5.0 - Authenticated File Delete","fixed_in":"4.9.9","references":{"cve":["2018-20147"],"url":["https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"],"wpvulndb":["e3ef8976-11cb-4854-837f-786f43cbdf44"]}},{"title":"WordPress <= 5.0 - Authenticated Post Type Bypass","fixed_in":"4.9.9","references":{"cve":["2018-20152"],"url":["https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/","https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/"],"wpvulndb":["999dba5a-82fb-4717-89c3-6ed723cc7e45"]}},{"title":"WordPress <= 5.0 - PHP Object Injection via Meta Data","fixed_in":"4.9.9","references":{"cve":["2018-20148"],"url":["https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"],"wpvulndb":["046ff6a0-90b2-4251-98fc-b7fba93f8334"]}},{"title":"WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)","fixed_in":"4.9.9","references":{"cve":["2018-20153"],"url":["https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"],"wpvulndb":["3182002e-d831-4412-a27d-a5e39bb44314"]}},{"title":"WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins","fixed_in":"4.9.9","references":{"cve":["2018-20150"],"url":["https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/","https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460"],"wpvulndb":["7f7a0795-4dd7-417d-804e-54f12595d1e4"]}},{"title":"WordPress <= 5.0 - User Activation Screen Search Engine Indexing","fixed_in":"4.9.9","references":{"cve":["2018-20151"],"url":["https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"],"wpvulndb":["65f1aec4-6d28-4396-88d7-66702b21c7a2"]}},{"title":"WordPress <= 5.0 - File Upload to XSS on Apache Web Servers","fixed_in":"4.9.9","references":{"cve":["2018-20149"],"url":["https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/","https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"],"wpvulndb":["d741f5ae-52ca-417d-a2ca-acdfb7ca5808"]}},{"title":"WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution","fixed_in":"4.9.9","references":{"cve":["2019-8942","2019-8943"],"url":["https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/","https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"],"wpvulndb":["1a693e57-f99c-4df6-93dd-0cdc92fd0526"]}},{"title":"WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)","fixed_in":"4.9.10","references":{"cve":["2019-9787"],"url":["https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b","https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/","https://blog.ripstech.com/2019/wordpress-csrf-to-rce/"],"wpvulndb":["d150f43f-6030-4191-98b8-20ae05585936"]}},{"title":"WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation","fixed_in":"4.9.11","references":{"cve":["2019-16222"],"url":["https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/","https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68","https://hackerone.com/reports/339483"],"wpvulndb":["4494a903-5a73-4cad-8c14-1e7b4da2be61"]}},{"title":"WordPress <= 5.2.3 - Stored XSS in Customizer","fixed_in":"4.9.12","references":{"cve":["2019-17674"],"url":["https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/","https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"],"wpvulndb":["d39a7b84-28b9-4916-a2fc-6192ceb6fa56"]}},{"title":"WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts","fixed_in":"4.9.12","references":{"cve":["2019-17671"],"url":["https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/","https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html","https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308","https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/"],"wpvulndb":["3413b879-785f-4c9f-aa8a-5a4a1d5e0ba2"]}},{"title":"WordPress <= 5.2.3 - Stored XSS in Style Tags","fixed_in":"4.9.12","references":{"cve":["2019-17672"],"url":["https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/","https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"],"wpvulndb":["d005b1f8-749d-438a-8818-21fba45c6465"]}},{"title":"WordPress <= 5.2.3 - JSON Request Cache Poisoning","fixed_in":"4.9.12","references":{"cve":["2019-17673"],"url":["https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/","https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de","https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"],"wpvulndb":["7804d8ed-457a-407e-83a7-345d3bbe07b2"]}},{"title":"WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation ","fixed_in":"4.9.12","references":{"cve":["2019-17669","2019-17670"],"url":["https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/","https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2","https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"],"wpvulndb":["26a26de2-d598-405d-b00c-61f71cfacff6"]}},{"title":"WordPress <= 5.2.3 - Admin Referrer Validation","fixed_in":"4.9.12","references":{"cve":["2019-17675"],"url":["https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/","https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0","https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"],"wpvulndb":["715c00e3-5302-44ad-b914-131c162c3f71"]}},{"title":"WordPress <= 5.3 - Authenticated Improper Access Controls in REST API","fixed_in":"4.9.13","references":{"cve":["2019-20043","2019-16788"],"url":["https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw"],"wpvulndb":["4a6de154-5fbd-4c80-acd3-8902ee431bd8"]}},{"title":"WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links","fixed_in":"4.9.13","references":{"cve":["2019-20042"],"url":["https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/","https://hackerone.com/reports/509930","https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7"],"wpvulndb":["23553517-34e3-40a9-a406-f3ffbe9dd265"]}},{"title":"WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content","fixed_in":"4.9.13","references":{"cve":["2019-16781","2019-16780"],"url":["https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v"],"wpvulndb":["be794159-4486-4ae1-a5cc-5c190e5ddf5f"]}},{"title":"WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass","fixed_in":"4.9.13","references":{"cve":["2019-20041"],"url":["https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/","https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53"],"wpvulndb":["8fac612b-95d2-477a-a7d6-e5ec0bb9ca52"]}},{"title":"WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated","fixed_in":"4.9.14","references":{"cve":["2020-11027"],"url":["https://wordpress.org/news/2020/04/wordpress-5-4-1/","https://core.trac.wordpress.org/changeset/47634/","https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw"],"wpvulndb":["7db191c0-d112-4f08-a419-a1cd81928c4e"]}},{"title":"WordPress < 5.4.1 - Unauthenticated Users View Private Posts","fixed_in":"4.9.14","references":{"cve":["2020-11028"],"url":["https://wordpress.org/news/2020/04/wordpress-5-4-1/","https://core.trac.wordpress.org/changeset/47635/","https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"],"wpvulndb":["d1e1ba25-98c9-4ae7-8027-9632fb825a56"]}},{"title":"WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer","fixed_in":"4.9.14","references":{"cve":["2020-11025"],"url":["https://wordpress.org/news/2020/04/wordpress-5-4-1/","https://core.trac.wordpress.org/changeset/47633/","https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c"],"wpvulndb":["4eee26bd-a27e-4509-a3a5-8019dd48e429"]}},{"title":"WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache","fixed_in":"4.9.14","references":{"cve":["2020-11029"],"url":["https://wordpress.org/news/2020/04/wordpress-5-4-1/","https://core.trac.wordpress.org/changeset/47637/","https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c"],"wpvulndb":["e721d8b9-a38f-44ac-8520-b4a9ed6a5157"]}},{"title":"WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads","fixed_in":"4.9.14","references":{"cve":["2020-11026"],"url":["https://wordpress.org/news/2020/04/wordpress-5-4-1/","https://core.trac.wordpress.org/changeset/47638/","https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2","https://hackerone.com/reports/179695"],"wpvulndb":["55438b63-5fc9-4812-afc4-2f1eff800d5f"]}},{"title":"WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure","fixed_in":"4.9.17","references":{"cve":["2021-29450"],"url":["https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/","https://blog.wpscan.com/2021/04/15/wordpress-571-security-vulnerability-release.html","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq","https://core.trac.wordpress.org/changeset/50717/"],"youtube":["https://www.youtube.com/watch?v=J2GXmxAdNWs"],"wpvulndb":["6a3ec618-c79e-4b9c-9020-86b157458ac5"]}},{"title":"WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer","fixed_in":"4.9.18","references":{"cve":["2020-36326","2018-19296"],"url":["https://github.com/WordPress/WordPress/commit/267061c9595fedd321582d14c21ec9e7da2dcf62","https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/","https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9","https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/"],"youtube":["https://www.youtube.com/watch?v=HaW15aMzBUM"],"wpvulndb":["4cd46653-4470-40ff-8aac-318bee2f998d"]}},{"title":"WordPress < 5.8 - Plugin Confusion","fixed_in":"5.8","references":{"cve":["2021-44223"],"url":["https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/"],"wpvulndb":["95e01006-84e4-4e95-b5d7-68ea7b5aa1a8"]}},{"title":"WordPress < 5.8.3 - SQL Injection via WP_Query","fixed_in":"4.9.19","references":{"cve":["2022-21661"],"url":["https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84","https://hackerone.com/reports/1378209"],"wpvulndb":["7f768bcf-ed33-4b22-b432-d1e7f95c1317"]}},{"title":"WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs","fixed_in":"4.9.19","references":{"cve":["2022-21662"],"url":["https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w","https://hackerone.com/reports/425342","https://blog.sonarsource.com/wordpress-stored-xss-vulnerability"],"wpvulndb":["dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8"]}},{"title":"WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query","fixed_in":"4.9.19","references":{"cve":["2022-21664"],"url":["https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86"],"wpvulndb":["24462ac4-7959-4575-97aa-a6dcceeae722"]}},{"title":"WordPress < 5.8.3 - Super Admin Object Injection in Multisites","fixed_in":"4.9.19","references":{"cve":["2022-21663"],"url":["https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h","https://hackerone.com/reports/541469"],"wpvulndb":["008c21ab-3d7e-4d97-b6c3-db9d83f390a7"]}},{"title":"WordPress < 5.9.2 - Prototype Pollution in jQuery","fixed_in":"4.9.20","references":{"url":["https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/"],"wpvulndb":["1ac912c1-5e29-41ac-8f76-a062de254c09"]}},{"title":"WP < 6.0.2 - Reflected Cross-Site Scripting","fixed_in":"4.9.21","references":{"url":["https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"],"wpvulndb":["622893b0-c2c4-4ee7-9fa1-4cecef6e36be"]}},{"title":"WP < 6.0.2 - Authenticated Stored Cross-Site Scripting","fixed_in":"4.9.21","references":{"url":["https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"],"wpvulndb":["3b1573d4-06b4-442b-bad5-872753118ee0"]}},{"title":"WP < 6.0.2 - SQLi via Link API","fixed_in":"4.9.21","references":{"url":["https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"],"wpvulndb":["601b0bf9-fed2-4675-aec7-fed3156a022f"]}},{"title":"WP < 6.0.3 - Stored XSS via wp-mail.php","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/abf236fdaf94455e7bc6e30980cf70401003e283"],"wpvulndb":["713bdc8b-ab7c-46d7-9847-305344a579c4"]}},{"title":"WP < 6.0.3 - Open Redirect via wp_nonce_ays","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/506eee125953deb658307bb3005417cb83f32095"],"wpvulndb":["926cd097-b36f-4d26-9c51-0dfab11c301b"]}},{"title":"WP < 6.0.3 - Email Address Disclosure via wp-mail.php","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/5fcdee1b4d72f1150b7b762ef5fb39ab288c8d44"],"wpvulndb":["c5675b59-4b1d-4f64-9876-068e05145431"]}},{"title":"WP < 6.0.3 - Reflected XSS via SQLi in Media Library","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/8836d4682264e8030067e07f2f953a0f66cb76cc"],"wpvulndb":["cfd8b50d-16aa-4319-9c2d-b227365c2156"]}},{"title":"WP < 6.0.3 - CSRF in wp-trackback.php","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/a4f9ca17fae0b7d97ff807a3c234cf219810fae0"],"wpvulndb":["b60a6557-ae78-465c-95bc-a78cf74a6dd0"]}},{"title":"WP < 6.0.3 - Stored XSS via the Customizer","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/2ca28e49fc489a9bb3c9c9c0d8907a033fe056ef"],"wpvulndb":["2787684c-aaef-4171-95b4-ee5048c74218"]}},{"title":"WP < 6.0.3 - Stored XSS via Comment Editing","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/89c8f7919460c31c0f259453b4ffb63fde9fa955"],"wpvulndb":["02d76d8e-9558-41a5-bdb6-3957dc31563b"]}},{"title":"WP < 6.0.3 - Content from Multipart Emails Leaked","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/3765886b4903b319764490d4ad5905bc5c310ef8"],"wpvulndb":["3f707e05-25f0-4566-88ed-d8d0aff3a872"]}},{"title":"WP < 6.0.3 - SQLi in WP_Date_Query","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/d815d2e8b2a7c2be6694b49276ba3eee5166c21f"],"wpvulndb":["1da03338-557f-4cb6-9a65-3379df4cce47"]}},{"title":"WP < 6.0.3 - Stored XSS via RSS Widget","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/929cf3cb9580636f1ae3fe944b8faf8cca420492"],"wpvulndb":["58d131f5-f376-4679-b604-2b888de71c5b"]}},{"title":"WP < 6.0.3 - Data Exposure via REST Terms/Tags Endpoint","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/wordpress-develop/commit/ebaac57a9ac0174485c65de3d32ea56de2330d8e"],"wpvulndb":["b27a8711-a0c0-4996-bd6a-01734702913e"]}},{"title":"WP < 6.0.3 - Multiple Stored XSS via Gutenberg","fixed_in":"4.9.22","references":{"url":["https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/","https://github.com/WordPress/gutenberg/pull/45045/files"],"wpvulndb":["f513c8f6-2e1c-45ae-8a58-36b6518e2aa9"]}},{"title":"WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding","fixed_in":null,"references":{"cve":["2022-3590"],"url":["https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/"],"wpvulndb":["c8814e6e-78b3-4f63-a1d3-6906a84c1f11"]}},{"title":"WP < 6.2.1 - Directory Traversal via Translation Files","fixed_in":"4.9.23","references":{"cve":["2023-2745"],"url":["https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"],"wpvulndb":["2999613a-b8c8-4ec0-9164-5dfe63adf6e6"]}},{"title":"WP < 6.2.1 - Thumbnail Image Update via CSRF","fixed_in":"4.9.23","references":{"url":["https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"],"wpvulndb":["a03d744a-9839-4167-a356-3e7da0f1d532"]}},{"title":"WP < 6.2.2 - Shortcode Execution in User Generated Data","fixed_in":"4.9.23","references":{"url":["https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/","https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/"],"wpvulndb":["ef289d46-ea83-4fa5-b003-0352c690fd89"]}},{"title":"WP < 6.2.1 - Contributor+ Stored XSS via Open Embed Auto Discovery","fixed_in":"4.9.23","references":{"url":["https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"],"wpvulndb":["3b574451-2852-4789-bc19-d5cc39948db5"]}},{"title":"WP < 6.2.1 - Contributor+ Content Injection","fixed_in":"4.9.23","references":{"url":["https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"],"wpvulndb":["1527ebdb-18bc-4f9d-9c20-8d729a628670"]}}]},"id":"3b7e3560-af34-4744-9994-df02946d19be","parsed_at":"2023-08-23T08:42:25.722Z"},{"name":"WordPress finding 'headers'","description":"Headers","category":"WordPress headers","location":"http://old-wordpress/","osi_layer":"APPLICATION","severity":"INFORMATIONAL","confidence":100,"references":null,"attributes":{"hostname":"http://old-wordpress/","wp_interesting_entries":["Server: Apache/2.4.25 (Debian)","X-Powered-By: PHP/7.2.12"],"wp_found_by":"Headers (Passive Detection)","wp_confirmed_by":{}},"id":"72888c78-0553-48b6-9b4f-5329902764bf","parsed_at":"2023-08-23T08:42:25.722Z"},{"name":"WordPress finding 'xmlrpc'","description":"XML-RPC seems to be enabled: http://old-wordpress/xmlrpc.php","category":"WordPress xmlrpc","location":"http://old-wordpress/xmlrpc.php","osi_layer":"APPLICATION","severity":"INFORMATIONAL","confidence":100,"references":[{"type":"URL","value":"http://codex.wordpress.org/XML-RPC_Pingback_API"},{"type":"METASPLOIT","value":"auxiliary/scanner/http/wordpress_ghost_scanner"},{"type":"METASPLOIT","value":"auxiliary/dos/http/wordpress_xmlrpc_dos"},{"type":"METASPLOIT","value":"auxiliary/scanner/http/wordpress_xmlrpc_login"},{"type":"METASPLOIT","value":"auxiliary/scanner/http/wordpress_pingback_access"}],"attributes":{"hostname":"http://old-wordpress/","wp_interesting_entries":[],"wp_found_by":"Direct Access (Aggressive Detection)","wp_confirmed_by":{}},"id":"e67cf802-e421-4241-bb32-d63f4053f2e7","parsed_at":"2023-08-23T08:42:25.722Z"},{"name":"WordPress finding 'readme'","description":"WordPress readme found: http://old-wordpress/readme.html","category":"WordPress readme","location":"http://old-wordpress/readme.html","osi_layer":"APPLICATION","severity":"INFORMATIONAL","confidence":100,"references":null,"attributes":{"hostname":"http://old-wordpress/","wp_interesting_entries":[],"wp_found_by":"Direct Access (Aggressive Detection)","wp_confirmed_by":{}},"id":"58202443-9534-4b42-9df1-195d5d3cf846","parsed_at":"2023-08-23T08:42:25.722Z"},{"name":"WordPress finding 'wp_cron'","description":"The external WP-Cron seems to be enabled: http://old-wordpress/wp-cron.php","category":"WordPress wp_cron","location":"http://old-wordpress/wp-cron.php","osi_layer":"APPLICATION","severity":"INFORMATIONAL","confidence":60,"references":[{"type":"URL","value":"https://www.iplocation.net/defend-wordpress-from-ddos"},{"type":"URL","value":"https://github.com/wpscanteam/wpscan/issues/1299"}],"attributes":{"hostname":"http://old-wordpress/","wp_interesting_entries":[],"wp_found_by":"Direct Access (Aggressive Detection)","wp_confirmed_by":{}},"id":"83d2b5ca-ba73-47e8-be9e-e1f5b8748ebf","parsed_at":"2023-08-23T08:42:25.722Z"},{"name":"WordPress finding: vulnerability in 'akismet'","description":"Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)","category":"WordPress Plugin","location":"http://old-wordpress/wp-content/plugins/akismet/","osi_layer":"APPLICATION","severity":"HIGH","references":[{"type":"CVE","value":"2015-9357"},{"type":"URL","value":"http://blog.akismet.com/2015/10/13/akismet-3-1-5-wordpress/"},{"type":"URL","value":"https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html"},{"type":"WPVULNDB","value":"1a2f3094-5970-4251-9ed0-ec595a0cd26c"}],"attributes":{"hostname":"http://old-wordpress/","confidence":80,"wp_interesting_entries":["http://old-wordpress/wp-content/plugins/akismet/, status: 403"],"wp_found_by":"Known Locations (Aggressive Detection)","wp_confirmed_by":{}},"id":"c27da769-495e-4872-9571-ba56a4a1d340","parsed_at":"2023-08-23T08:42:25.722Z"}]
\ No newline at end of file
diff --git a/scanners/wpscan/examples/old-wordpress/findings.yaml b/scanners/wpscan/examples/old-wordpress/findings.yaml
deleted file mode 100644
index d991b38a20..0000000000
--- a/scanners/wpscan/examples/old-wordpress/findings.yaml
+++ /dev/null
@@ -1,112 +0,0 @@
-# SPDX-FileCopyrightText: the secureCodeBox authors
-#
-# SPDX-License-Identifier: Apache-2.0
-
-[
-  {
-    "name": "WordPress Service",
-    "description": "WordPress Service Information",
-    "category": "WordPress Service",
-    "location": "http://old-wordpress.demo-targets.svc.cluster.local/",
-    "osi_layer": "APPLICATION",
-    "severity": "INFORMATIONAL",
-    "reference": {},
-    "confidence": 100,
-    "attributes":
-      {
-        "ip_address": "10.99.82.140",
-        "wpscan_version": "3.8.7",
-        "wpscan_requests": 4777,
-        "wp_version": "4.0.31",
-        "wp_release_date": "2020-06-10",
-        "wp_release_status": "latest",
-        "wp_interesting_entries":
-          [
-            "http://old-wordpress.demo-targets.svc.cluster.local/, Match: 'WordPress 4.0.31'",
-          ],
-        "wp_found_by": "Meta Generator (Passive Detection)",
-        "wp_confirmed_by":
-          {
-            "Atom Generator (Aggressive Detection)":
-              {
-                "confidence": 80,
-                "interesting_entries":
-                  [
-                    'http://old-wordpress.demo-targets.svc.cluster.local/?feed=atom, <generator uri="https://wordpress.org/" version="4.0.31">WordPress</generator>',
-                  ],
-              },
-          },
-        "wp_vulnerabilities": [],
-      },
-    "id": "35e61c23-d525-4509-a024-d1aef37a1623",
-  },
-  {
-    "name": "WordPress finding 'headers'",
-    "description": "Headers",
-    "category": "WordPress headers",
-    "location": "http://old-wordpress.demo-targets.svc.cluster.local/",
-    "osi_layer": "APPLICATION",
-    "severity": "INFORMATIONAL",
-    "confidence": 100,
-    "reference": {},
-    "attributes":
-      {
-        "wp_interesting_entries":
-          ["Server: nginx/1.7.7", "X-Powered-By: PHP/5.4.34-0+deb7u1"],
-        "wp_found_by": "Headers (Passive Detection)",
-        "wp_confirmed_by": {},
-      },
-    "id": "ca074030-2e55-4a10-bf8f-039c1b8978d9",
-  },
-  {
-    "name": "WordPress finding 'xmlrpc'",
-    "description": "XML-RPC seems to be enabled: http://old-wordpress.demo-targets.svc.cluster.local/xmlrpc.php",
-    "category": "WordPress xmlrpc",
-    "location": "http://old-wordpress.demo-targets.svc.cluster.local/xmlrpc.php",
-    "osi_layer": "APPLICATION",
-    "severity": "INFORMATIONAL",
-    "confidence": 100,
-    "reference": {},
-    "attributes":
-      {
-        "wp_interesting_entries": [],
-        "wp_found_by": "Direct Access (Aggressive Detection)",
-        "wp_confirmed_by": {},
-      },
-    "id": "9b521d88-4018-4069-971d-7a020eebab51",
-  },
-  {
-    "name": "WordPress finding 'readme'",
-    "description": "WordPress readme found: http://old-wordpress.demo-targets.svc.cluster.local/readme.html",
-    "category": "WordPress readme",
-    "location": "http://old-wordpress.demo-targets.svc.cluster.local/readme.html",
-    "osi_layer": "APPLICATION",
-    "severity": "INFORMATIONAL",
-    "confidence": 100,
-    "reference": {},
-    "attributes":
-      {
-        "wp_interesting_entries": [],
-        "wp_found_by": "Direct Access (Aggressive Detection)",
-        "wp_confirmed_by": {},
-      },
-    "id": "7160e807-b6bb-4994-9477-22cac8e2f549",
-  },
-  {
-    "name": "WordPress finding 'wp_cron'",
-    "description": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-targets.svc.cluster.local/wp-cron.php",
-    "category": "WordPress wp_cron",
-    "location": "http://old-wordpress.demo-targets.svc.cluster.local/wp-cron.php",
-    "osi_layer": "APPLICATION",
-    "severity": "INFORMATIONAL",
-    "confidence": 60,
-    "reference": {},
-    "attributes":
-      {
-        "wp_interesting_entries": [],
-        "wp_found_by": "Direct Access (Aggressive Detection)",
-        "wp_confirmed_by": {},
-      },
-    "id": "828bf907-da73-4076-994b-a46652b1f972",
-  },
-]
diff --git a/scanners/wpscan/examples/old-wordpress/scan.yaml b/scanners/wpscan/examples/old-wordpress/scan.yaml
index 92771867ec..99b42f4dc5 100644
--- a/scanners/wpscan/examples/old-wordpress/scan.yaml
+++ b/scanners/wpscan/examples/old-wordpress/scan.yaml
@@ -10,8 +10,10 @@ spec:
   scanType: "wpscan"
   parameters:
     - "--url"
-    - old-wordpress.demo-targets.svc.cluster.local
+    - old-wordpress
     - "-e"
     - "vp"
     - "--plugins-detection"
     - "mixed"
+    - "--api-token"
+    - "TODO"
diff --git a/scanners/wpscan/examples/old-wordpress/wpscan-results.json b/scanners/wpscan/examples/old-wordpress/wpscan-results.json
index 49c5427c23..e626ab91b3 100644
--- a/scanners/wpscan/examples/old-wordpress/wpscan-results.json
+++ b/scanners/wpscan/examples/old-wordpress/wpscan-results.json
@@ -1,7 +1,7 @@
 {
   "banner": {
     "description": "WordPress Security Scanner by the WPScan Team",
-    "version": "3.8.7",
+    "version": "3.8.22",
     "authors": [
       "@_WPScan_",
       "@ethicalhack3r",
@@ -10,14 +10,14 @@
     ],
     "sponsor": "Sponsored by Automattic - https://automattic.com/"
   },
-  "start_time": 1600682567,
-  "start_memory": 42774528,
-  "target_url": "http://old-wordpress.demo-targets.svc.cluster.local/",
-  "target_ip": "10.99.82.140",
-  "effective_url": "http://old-wordpress.demo-targets.svc.cluster.local/",
+  "start_time": 1692780022,
+  "start_memory": 45826048,
+  "target_url": "http://old-wordpress/",
+  "target_ip": "10.96.184.93",
+  "effective_url": "http://old-wordpress/",
   "interesting_findings": [
     {
-      "url": "http://old-wordpress.demo-targets.svc.cluster.local/",
+      "url": "http://old-wordpress/",
       "to_s": "Headers",
       "type": "headers",
       "found_by": "Headers (Passive Detection)",
@@ -29,13 +29,13 @@
 
       },
       "interesting_entries": [
-        "Server: nginx/1.7.7",
-        "X-Powered-By: PHP/5.4.34-0+deb7u1"
+        "Server: Apache/2.4.25 (Debian)",
+        "X-Powered-By: PHP/7.2.12"
       ]
     },
     {
-      "url": "http://old-wordpress.demo-targets.svc.cluster.local/xmlrpc.php",
-      "to_s": "XML-RPC seems to be enabled: http://old-wordpress.demo-targets.svc.cluster.local/xmlrpc.php",
+      "url": "http://old-wordpress/xmlrpc.php",
+      "to_s": "XML-RPC seems to be enabled: http://old-wordpress/xmlrpc.php",
       "type": "xmlrpc",
       "found_by": "Direct Access (Aggressive Detection)",
       "confidence": 100,
@@ -58,8 +58,8 @@
       ]
     },
     {
-      "url": "http://old-wordpress.demo-targets.svc.cluster.local/readme.html",
-      "to_s": "WordPress readme found: http://old-wordpress.demo-targets.svc.cluster.local/readme.html",
+      "url": "http://old-wordpress/readme.html",
+      "to_s": "WordPress readme found: http://old-wordpress/readme.html",
       "type": "readme",
       "found_by": "Direct Access (Aggressive Detection)",
       "confidence": 100,
@@ -74,8 +74,8 @@
       ]
     },
     {
-      "url": "http://old-wordpress.demo-targets.svc.cluster.local/wp-cron.php",
-      "to_s": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-targets.svc.cluster.local/wp-cron.php",
+      "url": "http://old-wordpress/wp-cron.php",
+      "to_s": "The external WP-Cron seems to be enabled: http://old-wordpress/wp-cron.php",
       "type": "wp_cron",
       "found_by": "Direct Access (Aggressive Detection)",
       "confidence": 60,
@@ -94,41 +94,903 @@
     }
   ],
   "version": {
-    "number": "4.0.31",
-    "release_date": "2020-06-10",
-    "status": "latest",
-    "found_by": "Meta Generator (Passive Detection)",
+    "number": "4.9.8",
+    "release_date": "2018-08-02",
+    "status": "insecure",
+    "found_by": "Emoji Settings (Passive Detection)",
     "confidence": 100,
     "interesting_entries": [
-      "http://old-wordpress.demo-targets.svc.cluster.local/, Match: 'WordPress 4.0.31'"
+      "http://old-wordpress/, Match: 'wp-includes\\/js\\/wp-emoji-release.min.js?ver=4.9.8'"
     ],
     "confirmed_by": {
-      "Atom Generator (Aggressive Detection)": {
-        "confidence": 80,
+      "Meta Generator (Passive Detection)": {
+        "confidence": 60,
         "interesting_entries": [
-          "http://old-wordpress.demo-targets.svc.cluster.local/?feed=atom, <generator uri=\"https://wordpress.org/\" version=\"4.0.31\">WordPress</generator>"
+          "http://old-wordpress/, Match: 'WordPress 4.9.8'"
         ]
       }
     },
     "vulnerabilities": [
-
+      {
+        "title": "WordPress <= 5.0 - Authenticated File Delete",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2018-20147"
+          ],
+          "url": [
+            "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
+          ],
+          "wpvulndb": [
+            "e3ef8976-11cb-4854-837f-786f43cbdf44"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.0 - Authenticated Post Type Bypass",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2018-20152"
+          ],
+          "url": [
+            "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
+            "https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/"
+          ],
+          "wpvulndb": [
+            "999dba5a-82fb-4717-89c3-6ed723cc7e45"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.0 - PHP Object Injection via Meta Data",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2018-20148"
+          ],
+          "url": [
+            "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
+          ],
+          "wpvulndb": [
+            "046ff6a0-90b2-4251-98fc-b7fba93f8334"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2018-20153"
+          ],
+          "url": [
+            "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
+          ],
+          "wpvulndb": [
+            "3182002e-d831-4412-a27d-a5e39bb44314"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2018-20150"
+          ],
+          "url": [
+            "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
+            "https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460"
+          ],
+          "wpvulndb": [
+            "7f7a0795-4dd7-417d-804e-54f12595d1e4"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.0 - User Activation Screen Search Engine Indexing",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2018-20151"
+          ],
+          "url": [
+            "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
+          ],
+          "wpvulndb": [
+            "65f1aec4-6d28-4396-88d7-66702b21c7a2"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.0 - File Upload to XSS on Apache Web Servers",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2018-20149"
+          ],
+          "url": [
+            "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
+            "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"
+          ],
+          "wpvulndb": [
+            "d741f5ae-52ca-417d-a2ca-acdfb7ca5808"
+          ]
+        }
+      },
+      {
+        "title": "WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution",
+        "fixed_in": "4.9.9",
+        "references": {
+          "cve": [
+            "2019-8942",
+            "2019-8943"
+          ],
+          "url": [
+            "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/",
+            "https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"
+          ],
+          "wpvulndb": [
+            "1a693e57-f99c-4df6-93dd-0cdc92fd0526"
+          ]
+        }
+      },
+      {
+        "title": "WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)",
+        "fixed_in": "4.9.10",
+        "references": {
+          "cve": [
+            "2019-9787"
+          ],
+          "url": [
+            "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b",
+            "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/",
+            "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/"
+          ],
+          "wpvulndb": [
+            "d150f43f-6030-4191-98b8-20ae05585936"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation",
+        "fixed_in": "4.9.11",
+        "references": {
+          "cve": [
+            "2019-16222"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/",
+            "https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68",
+            "https://hackerone.com/reports/339483"
+          ],
+          "wpvulndb": [
+            "4494a903-5a73-4cad-8c14-1e7b4da2be61"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.2.3 - Stored XSS in Customizer",
+        "fixed_in": "4.9.12",
+        "references": {
+          "cve": [
+            "2019-17674"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/",
+            "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"
+          ],
+          "wpvulndb": [
+            "d39a7b84-28b9-4916-a2fc-6192ceb6fa56"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts",
+        "fixed_in": "4.9.12",
+        "references": {
+          "cve": [
+            "2019-17671"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/",
+            "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html",
+            "https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308",
+            "https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/"
+          ],
+          "wpvulndb": [
+            "3413b879-785f-4c9f-aa8a-5a4a1d5e0ba2"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.2.3 - Stored XSS in Style Tags",
+        "fixed_in": "4.9.12",
+        "references": {
+          "cve": [
+            "2019-17672"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/",
+            "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"
+          ],
+          "wpvulndb": [
+            "d005b1f8-749d-438a-8818-21fba45c6465"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.2.3 - JSON Request Cache Poisoning",
+        "fixed_in": "4.9.12",
+        "references": {
+          "cve": [
+            "2019-17673"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/",
+            "https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de",
+            "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"
+          ],
+          "wpvulndb": [
+            "7804d8ed-457a-407e-83a7-345d3bbe07b2"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation ",
+        "fixed_in": "4.9.12",
+        "references": {
+          "cve": [
+            "2019-17669",
+            "2019-17670"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/",
+            "https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2",
+            "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"
+          ],
+          "wpvulndb": [
+            "26a26de2-d598-405d-b00c-61f71cfacff6"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.2.3 - Admin Referrer Validation",
+        "fixed_in": "4.9.12",
+        "references": {
+          "cve": [
+            "2019-17675"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/",
+            "https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0",
+            "https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html"
+          ],
+          "wpvulndb": [
+            "715c00e3-5302-44ad-b914-131c162c3f71"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.3 - Authenticated Improper Access Controls in REST API",
+        "fixed_in": "4.9.13",
+        "references": {
+          "cve": [
+            "2019-20043",
+            "2019-16788"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw"
+          ],
+          "wpvulndb": [
+            "4a6de154-5fbd-4c80-acd3-8902ee431bd8"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links",
+        "fixed_in": "4.9.13",
+        "references": {
+          "cve": [
+            "2019-20042"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/",
+            "https://hackerone.com/reports/509930",
+            "https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7"
+          ],
+          "wpvulndb": [
+            "23553517-34e3-40a9-a406-f3ffbe9dd265"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content",
+        "fixed_in": "4.9.13",
+        "references": {
+          "cve": [
+            "2019-16781",
+            "2019-16780"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v"
+          ],
+          "wpvulndb": [
+            "be794159-4486-4ae1-a5cc-5c190e5ddf5f"
+          ]
+        }
+      },
+      {
+        "title": "WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass",
+        "fixed_in": "4.9.13",
+        "references": {
+          "cve": [
+            "2019-20041"
+          ],
+          "url": [
+            "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53"
+          ],
+          "wpvulndb": [
+            "8fac612b-95d2-477a-a7d6-e5ec0bb9ca52"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated",
+        "fixed_in": "4.9.14",
+        "references": {
+          "cve": [
+            "2020-11027"
+          ],
+          "url": [
+            "https://wordpress.org/news/2020/04/wordpress-5-4-1/",
+            "https://core.trac.wordpress.org/changeset/47634/",
+            "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw"
+          ],
+          "wpvulndb": [
+            "7db191c0-d112-4f08-a419-a1cd81928c4e"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.4.1 - Unauthenticated Users View Private Posts",
+        "fixed_in": "4.9.14",
+        "references": {
+          "cve": [
+            "2020-11028"
+          ],
+          "url": [
+            "https://wordpress.org/news/2020/04/wordpress-5-4-1/",
+            "https://core.trac.wordpress.org/changeset/47635/",
+            "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"
+          ],
+          "wpvulndb": [
+            "d1e1ba25-98c9-4ae7-8027-9632fb825a56"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer",
+        "fixed_in": "4.9.14",
+        "references": {
+          "cve": [
+            "2020-11025"
+          ],
+          "url": [
+            "https://wordpress.org/news/2020/04/wordpress-5-4-1/",
+            "https://core.trac.wordpress.org/changeset/47633/",
+            "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c"
+          ],
+          "wpvulndb": [
+            "4eee26bd-a27e-4509-a3a5-8019dd48e429"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache",
+        "fixed_in": "4.9.14",
+        "references": {
+          "cve": [
+            "2020-11029"
+          ],
+          "url": [
+            "https://wordpress.org/news/2020/04/wordpress-5-4-1/",
+            "https://core.trac.wordpress.org/changeset/47637/",
+            "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c"
+          ],
+          "wpvulndb": [
+            "e721d8b9-a38f-44ac-8520-b4a9ed6a5157"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads",
+        "fixed_in": "4.9.14",
+        "references": {
+          "cve": [
+            "2020-11026"
+          ],
+          "url": [
+            "https://wordpress.org/news/2020/04/wordpress-5-4-1/",
+            "https://core.trac.wordpress.org/changeset/47638/",
+            "https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2",
+            "https://hackerone.com/reports/179695"
+          ],
+          "wpvulndb": [
+            "55438b63-5fc9-4812-afc4-2f1eff800d5f"
+          ]
+        }
+      },
+      {
+        "title": "WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure",
+        "fixed_in": "4.9.17",
+        "references": {
+          "cve": [
+            "2021-29450"
+          ],
+          "url": [
+            "https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/",
+            "https://blog.wpscan.com/2021/04/15/wordpress-571-security-vulnerability-release.html",
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq",
+            "https://core.trac.wordpress.org/changeset/50717/"
+          ],
+          "youtube": [
+            "https://www.youtube.com/watch?v=J2GXmxAdNWs"
+          ],
+          "wpvulndb": [
+            "6a3ec618-c79e-4b9c-9020-86b157458ac5"
+          ]
+        }
+      },
+      {
+        "title": "WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer",
+        "fixed_in": "4.9.18",
+        "references": {
+          "cve": [
+            "2020-36326",
+            "2018-19296"
+          ],
+          "url": [
+            "https://github.com/WordPress/WordPress/commit/267061c9595fedd321582d14c21ec9e7da2dcf62",
+            "https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/",
+            "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
+            "https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/"
+          ],
+          "youtube": [
+            "https://www.youtube.com/watch?v=HaW15aMzBUM"
+          ],
+          "wpvulndb": [
+            "4cd46653-4470-40ff-8aac-318bee2f998d"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.8 - Plugin Confusion",
+        "fixed_in": "5.8",
+        "references": {
+          "cve": [
+            "2021-44223"
+          ],
+          "url": [
+            "https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/"
+          ],
+          "wpvulndb": [
+            "95e01006-84e4-4e95-b5d7-68ea7b5aa1a8"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.8.3 - SQL Injection via WP_Query",
+        "fixed_in": "4.9.19",
+        "references": {
+          "cve": [
+            "2022-21661"
+          ],
+          "url": [
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84",
+            "https://hackerone.com/reports/1378209"
+          ],
+          "wpvulndb": [
+            "7f768bcf-ed33-4b22-b432-d1e7f95c1317"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs",
+        "fixed_in": "4.9.19",
+        "references": {
+          "cve": [
+            "2022-21662"
+          ],
+          "url": [
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w",
+            "https://hackerone.com/reports/425342",
+            "https://blog.sonarsource.com/wordpress-stored-xss-vulnerability"
+          ],
+          "wpvulndb": [
+            "dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8"
+          ]
+        }
+      },
+      {
+        "title": "WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query",
+        "fixed_in": "4.9.19",
+        "references": {
+          "cve": [
+            "2022-21664"
+          ],
+          "url": [
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86"
+          ],
+          "wpvulndb": [
+            "24462ac4-7959-4575-97aa-a6dcceeae722"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.8.3 - Super Admin Object Injection in Multisites",
+        "fixed_in": "4.9.19",
+        "references": {
+          "cve": [
+            "2022-21663"
+          ],
+          "url": [
+            "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h",
+            "https://hackerone.com/reports/541469"
+          ],
+          "wpvulndb": [
+            "008c21ab-3d7e-4d97-b6c3-db9d83f390a7"
+          ]
+        }
+      },
+      {
+        "title": "WordPress < 5.9.2 - Prototype Pollution in jQuery",
+        "fixed_in": "4.9.20",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/"
+          ],
+          "wpvulndb": [
+            "1ac912c1-5e29-41ac-8f76-a062de254c09"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.2 - Reflected Cross-Site Scripting",
+        "fixed_in": "4.9.21",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"
+          ],
+          "wpvulndb": [
+            "622893b0-c2c4-4ee7-9fa1-4cecef6e36be"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.2 - Authenticated Stored Cross-Site Scripting",
+        "fixed_in": "4.9.21",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"
+          ],
+          "wpvulndb": [
+            "3b1573d4-06b4-442b-bad5-872753118ee0"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.2 - SQLi via Link API",
+        "fixed_in": "4.9.21",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/"
+          ],
+          "wpvulndb": [
+            "601b0bf9-fed2-4675-aec7-fed3156a022f"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Stored XSS via wp-mail.php",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/abf236fdaf94455e7bc6e30980cf70401003e283"
+          ],
+          "wpvulndb": [
+            "713bdc8b-ab7c-46d7-9847-305344a579c4"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Open Redirect via wp_nonce_ays",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/506eee125953deb658307bb3005417cb83f32095"
+          ],
+          "wpvulndb": [
+            "926cd097-b36f-4d26-9c51-0dfab11c301b"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Email Address Disclosure via wp-mail.php",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/5fcdee1b4d72f1150b7b762ef5fb39ab288c8d44"
+          ],
+          "wpvulndb": [
+            "c5675b59-4b1d-4f64-9876-068e05145431"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Reflected XSS via SQLi in Media Library",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/8836d4682264e8030067e07f2f953a0f66cb76cc"
+          ],
+          "wpvulndb": [
+            "cfd8b50d-16aa-4319-9c2d-b227365c2156"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - CSRF in wp-trackback.php",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/a4f9ca17fae0b7d97ff807a3c234cf219810fae0"
+          ],
+          "wpvulndb": [
+            "b60a6557-ae78-465c-95bc-a78cf74a6dd0"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Stored XSS via the Customizer",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/2ca28e49fc489a9bb3c9c9c0d8907a033fe056ef"
+          ],
+          "wpvulndb": [
+            "2787684c-aaef-4171-95b4-ee5048c74218"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Stored XSS via Comment Editing",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/89c8f7919460c31c0f259453b4ffb63fde9fa955"
+          ],
+          "wpvulndb": [
+            "02d76d8e-9558-41a5-bdb6-3957dc31563b"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Content from Multipart Emails Leaked",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/3765886b4903b319764490d4ad5905bc5c310ef8"
+          ],
+          "wpvulndb": [
+            "3f707e05-25f0-4566-88ed-d8d0aff3a872"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - SQLi in WP_Date_Query",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/d815d2e8b2a7c2be6694b49276ba3eee5166c21f"
+          ],
+          "wpvulndb": [
+            "1da03338-557f-4cb6-9a65-3379df4cce47"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Stored XSS via RSS Widget",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/929cf3cb9580636f1ae3fe944b8faf8cca420492"
+          ],
+          "wpvulndb": [
+            "58d131f5-f376-4679-b604-2b888de71c5b"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Data Exposure via REST Terms/Tags Endpoint",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/wordpress-develop/commit/ebaac57a9ac0174485c65de3d32ea56de2330d8e"
+          ],
+          "wpvulndb": [
+            "b27a8711-a0c0-4996-bd6a-01734702913e"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.0.3 - Multiple Stored XSS via Gutenberg",
+        "fixed_in": "4.9.22",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
+            "https://github.com/WordPress/gutenberg/pull/45045/files"
+          ],
+          "wpvulndb": [
+            "f513c8f6-2e1c-45ae-8a58-36b6518e2aa9"
+          ]
+        }
+      },
+      {
+        "title": "WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding",
+        "fixed_in": null,
+        "references": {
+          "cve": [
+            "2022-3590"
+          ],
+          "url": [
+            "https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/"
+          ],
+          "wpvulndb": [
+            "c8814e6e-78b3-4f63-a1d3-6906a84c1f11"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.2.1 - Directory Traversal via Translation Files",
+        "fixed_in": "4.9.23",
+        "references": {
+          "cve": [
+            "2023-2745"
+          ],
+          "url": [
+            "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
+          ],
+          "wpvulndb": [
+            "2999613a-b8c8-4ec0-9164-5dfe63adf6e6"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.2.1 - Thumbnail Image Update via CSRF",
+        "fixed_in": "4.9.23",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
+          ],
+          "wpvulndb": [
+            "a03d744a-9839-4167-a356-3e7da0f1d532"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.2.2 - Shortcode Execution in User Generated Data",
+        "fixed_in": "4.9.23",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/",
+            "https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/"
+          ],
+          "wpvulndb": [
+            "ef289d46-ea83-4fa5-b003-0352c690fd89"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.2.1 - Contributor+ Stored XSS via Open Embed Auto Discovery",
+        "fixed_in": "4.9.23",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
+          ],
+          "wpvulndb": [
+            "3b574451-2852-4789-bc19-d5cc39948db5"
+          ]
+        }
+      },
+      {
+        "title": "WP < 6.2.1 - Contributor+ Content Injection",
+        "fixed_in": "4.9.23",
+        "references": {
+          "url": [
+            "https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/"
+          ],
+          "wpvulndb": [
+            "1527ebdb-18bc-4f9d-9c20-8d729a628670"
+          ]
+        }
+      }
     ]
   },
   "main_theme": null,
   "plugins": {
+    "akismet": {
+      "slug": "akismet",
+      "location": "http://old-wordpress/wp-content/plugins/akismet/",
+      "latest_version": "5.2",
+      "last_updated": "2023-08-07T02:56:00.000Z",
+      "outdated": false,
+      "readme_url": false,
+      "directory_listing": false,
+      "error_log_url": null,
+      "found_by": "Known Locations (Aggressive Detection)",
+      "confidence": 80,
+      "interesting_entries": [
+        "http://old-wordpress/wp-content/plugins/akismet/, status: 403"
+      ],
+      "confirmed_by": {
 
+      },
+      "vulnerabilities": [
+        {
+          "title": "Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)",
+          "fixed_in": "3.1.5",
+          "references": {
+            "cve": [
+              "2015-9357"
+            ],
+            "url": [
+              "http://blog.akismet.com/2015/10/13/akismet-3-1-5-wordpress/",
+              "https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html"
+            ],
+            "wpvulndb": [
+              "1a2f3094-5970-4251-9ed0-ec595a0cd26c"
+            ]
+          }
+        }
+      ],
+      "version": null
+    }
   },
   "vuln_api": {
-    "error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"
+    "plan": "free",
+    "requests_done_during_scan": 2,
+    "requests_remaining": 23
   },
-  "stop_time": 1600682792,
-  "elapsed": 225,
-  "requests_done": 4777,
-  "cached_requests": 4,
-  "data_sent": 1459447,
-  "data_sent_humanised": "1.392 MB",
-  "data_received": 18563423,
-  "data_received_humanised": "17.703 MB",
-  "used_memory": 299765760,
-  "used_memory_humanised": "285.879 MB"
+  "stop_time": 1692780137,
+  "elapsed": 114,
+  "requests_done": 8767,
+  "cached_requests": 6,
+  "data_sent": 2423327,
+  "data_sent_humanised": "2.311 MB",
+  "data_received": 234869763,
+  "data_received_humanised": "223.989 MB",
+  "used_memory": 419950592,
+  "used_memory_humanised": "400.496 MB"
 }
diff --git a/scanners/wpscan/examples/old-wordpress/wpscan-results.json.license b/scanners/wpscan/examples/old-wordpress/wpscan-results.json.license
deleted file mode 100644
index c95bc37185..0000000000
--- a/scanners/wpscan/examples/old-wordpress/wpscan-results.json.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: the secureCodeBox authors
-
-SPDX-License-Identifier: Apache-2.0

From 1636201a070bf54b25d46e068fb48ab23e1ce5c2 Mon Sep 17 00:00:00 2001
From: Heiko Kiesel <heiko.kiesel@iteratec.com>
Date: Wed, 23 Aug 2023 10:57:09 +0200
Subject: [PATCH 2/3] Update wpscan README

Signed-off-by: Heiko Kiesel <heiko.kiesel@iteratec.com>
---
 scanners/wpscan/.helm-docs.gotmpl | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scanners/wpscan/.helm-docs.gotmpl b/scanners/wpscan/.helm-docs.gotmpl
index 8cc5b0e8d8..4172e91cec 100644
--- a/scanners/wpscan/.helm-docs.gotmpl
+++ b/scanners/wpscan/.helm-docs.gotmpl
@@ -29,9 +29,9 @@ usecase: "Wordpress Vulnerability Scanner"
 
 WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.
 
-> NOTE: You need to provide WPSan with an API Token so that it can look up vulnerabilities infos with [https://wpvulndb.com](https://wpvulndb.com). Without the token WPScan will only identify WordPress Core / Plugin / Theme versions but not if they are actually vulnerable. You can get a free API Token at by registering for an account at [https://wpvulndb.com](https://wpvulndb.com). Using the secureCodeBox WPScans you can specify the token via the `WPVULNDB_API_TOKEN` target attribute, see the example below.
+> NOTE: You need to provide WPSan with an API Token so that it can look up vulnerabilities infos with [https://wpscan.com](https://wpscan.com). Without the token WPScan will only identify WordPress Core / Plugin / Theme versions but not if they are actually vulnerable. You can get a free API Token at by registering for an account at [https://wpscan.com](https://wpscan.com). Using the secureCodeBox WPScans you can specify the token via the `WPVULNDB_API_TOKEN` target attribute, see the example below.
 
-To learn more about the WPScan scanner itself visit [wpscan.org] or [wpscan.io].
+To learn more about the WPScan scanner itself visit [wpscan.org].
 {{- end }}
 
 {{- define "extra.scannerConfigurationSection" -}}
@@ -82,7 +82,6 @@ Incompatible choices (only one of each group/s can be used):
 {{- end }}
 
 {{- define "extra.scannerLinksSection" -}}
-[wpscan.io]: https://wpscan.io/
 [wpscan.org]: https://wpscan.org/
 [WPScan Documentation]: https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
 {{- end }}

From 68934d10c58b133b8aad51c10d6dd7faa73a694a Mon Sep 17 00:00:00 2001
From: Heiko Kiesel <heiko.kiesel@iteratec.com>
Date: Fri, 25 Aug 2023 11:07:21 +0200
Subject: [PATCH 3/3] Add license file

Signed-off-by: Heiko Kiesel <heiko.kiesel@iteratec.com>
---
 .../wpscan/examples/old-wordpress/wpscan-results.json.license  | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 scanners/wpscan/examples/old-wordpress/wpscan-results.json.license

diff --git a/scanners/wpscan/examples/old-wordpress/wpscan-results.json.license b/scanners/wpscan/examples/old-wordpress/wpscan-results.json.license
new file mode 100644
index 0000000000..c95bc37185
--- /dev/null
+++ b/scanners/wpscan/examples/old-wordpress/wpscan-results.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0