ethicalhack3r
Forum Replies Created
-
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingThis should be fixed in the latest version, 1.14 π
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingHi,
That’s strange. If you have the
wpscan_scanning_timeandwpscan_scanning_intervaloptions in the database, if you delete them, are you able to schedule a scan then?Yea, a stanging env would be great, thanks.
I think the issue will be resolved by deleting the above options from the database. This will be fixed in the next version.
Thanks,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingHi Erik,
We have fixed the issue in our development environment and will be releasing the fix along with many other small improvements, and new features, in January. Aiming for the week of the 11th January.
For now, you should be able to schedule an automated scan, as long as it is not exactly the same as your previous one. Use a slightly different time for example.
The bug happens when you deactivate the plugin, some values from the database are not cleared, which doesn’t allow WordPress to save news ones, if they are the same.
Thanks,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingHi Erik,
I have been monitoring the automated twice daily scanning in our test environment since Friday and haven’t been able to reproduce the issue yet π
Could you try two things for me, please?
1. Are you able to re-schedule new automated scans?
2. If not, can you deactivate then reactivate the plugin, can you now?
Thanks,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingDoes your summary panel show the next scheduled scan date/time?
If you install the WP Control plugin, does it show a scheduled cron job?
My screenshots:
Forum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Automated scanning not workingHi Erik,
We’ve had another user report this, and they had the twice daily setting too.
I couldn’t reproduce the issue though last time I looked into it.
I’m going to spend some more time looking into it.
Thanks,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] XML-RPC Partly DisabledHi,
Yea, a lot of plugins that claim to disable XML-RPC only disable unauthenticated calls, but still allow authenticated ones.
The best way to disable XML-RPC is by configuring a rule at the web server level to return a 404 code when the xmlrpc.php file is accessed.
An alternative is to just delete the xmlrpc.php file but it may be put back on subsequent WordPress updates.
You can ignore the issue in the “Ignore vulnerabilities” pane on the right of the report page.
I hope that helps.
Thanks,
RyanHi Erik,
I just wanted to check back with you to see if that fixed your issue?
Thanks,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] Ready php 8.0Hi Neo,
We’re not sure yet, we will do some testing and let you know.
Thanks,
RyanHi Erik,
Thank you for the report, and apologies for the inconvenience.
We have just released version 1.13.1, which should fix the fatal error.
We hope to improve error handling in future major releases.
Thanks again,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] WP-CLIHi Marcus,
I’m not sure if you are aware of our CLI WordPress security scanner?
Does that do what you need? It supports JSON output for machine readable output.
You can find the user documentation here – https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
Thanks,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] increase intervalHi Alex,
I’ll open an internal ticket and discuss having more interval options.
Thank you for your suggestion.
Ryan
Hi Panos,
No problem π it was more our dev team, I’m just the middle man π
I believe it would be the same problem with the Smart Image Resize PRO plugin.
Do you know what its slug is? (it’s directory name in /wp-content/plugins/) folder)
Thanks,
RyanForum: Plugins
In reply to: [WPScan - WordPress Security Scanner] increase intervalHi Alex,
You can set the automated scan interval to Daily, Twice Daily or Hourly from the settings page. See the “Automated Scanning” option.
Does that answer your question?
Thanks,
RyanWe found the issue!
It was a problem with our API, lowercasing and caching.
So, some people requested the API for “divi” (lowercase), which does not exist, and returns a 404.
We could cache the result and then serve it for all future requests.
Someone else would request the API for “Divi” (uppercase), we would first downcase it to “divi”, and check if we had it in the cache, which would return the cached version from the first 404 response. So all users requesting “Divi” would get the cached response for “divi”.
This would explain why sometimes it happened and others not. Because it would reset every time the cache was cleared.
It should be fixed in the next couple of hours.
Thank you for the report!