-1

When I scan WordPress site with wpscan I see in the results that I have version 2.10.3 in WP Rocket

Title: WP Rocket <= 2.10.3 - Local File Inclusion (LFI)
 |     Fixed in: 2.10.4

But I when I check the website I see the version is higher (3.1.3.2). Is this correct?

Note: I am using standard Kali Linux wpscan. Before I scanned the website I updated wpscan. ‘wpscan --url blabla.com’

Is there a better way to scan WordPress?

sadtank
  • 259
  • 1
  • 8
Ahron Moshe
  • 1
  • Was this entry accompanied by a `The version could not be determined.` flag at the end by any chance? – EdOverflow Dec 23 '18 at 13:33
  • Yes, the flag exists but why the wpscan can't find the version? – Ahron Moshe Dec 23 '18 at 17:56
  • 1
    I cannot say for sure why `wpscan` cannot find the exact version of your plugin in your case, but it most probably means it is not leaked anywhere in the places it tries to retrieve plugin version numbers from passively (https://github.com/wpscanteam/wpscan/blob/master/app/finders/plugin_version/readme.rb). You could try playing around with various `wpscan` flags to see if you get better results. Run `wpscan --hh` to see the full list of options. – EdOverflow Dec 23 '18 at 18:13

1 Answers1

0

Please fist update your wpscan by executing wpscan --update in terminal. After that execute wpscan --url yoursite.tld --random-agent to scan the site.
If you wish to find the installed plugins you may run wpscan --url yoursite.tld --enumerate p.

Hasan
  • 101
  • 3