hi there!
i can’t seem to get the Vulnerability Extension working correctly using the WPScan DB.
i have created the API key on https://wpscan.com/ and entered it in the extension’s settings.
checking a site returns the message “Checked successfully!” and shows no vulnerabilites, but the check does not seem to be actually working. here is why:
- the tested site definitely has vulnerabilities, which are reported by the WPScan extension installed with the site.
- in the backend at wpscan.com, i do not see any usage of the API in the “API requests in the past 24 hours”.
- checking all (50+) sites in MainWP again results in “Checked successfully!” messages for all of them, but no vulnerabilites are shown (though there are definitely vulnerabilities present). and again these checks do not seem to count towards the daily API request limit of the used token.
do you have any idea, what could be wrong here? is this extension currently broken using WPScan DB? it seems to be working correctly using the MainWP NVD API.
best wishes and many thanks,
gerald.
here is the system report:
### WordPress Check Required Detected Status ###
FileSystem Method = direct direct Pass
MultiSite Disabled =true true Pass
WordPress Memory Limit >=64M 256M Pass
WordPress Version >=3.6 6.1.1 Pass
### PHP Required Detected Status ###
cURL Extension Enabled =true true Pass
cURL SSL Version >=OpenSSL/1.1.0 OpenSSL/1.1.1f Pass
cURL Timeout >=300 seconds 60 Warning
cURL Version >=7.29.0 7.68.0 Pass
PCRE Backtracking Limit >=10000 1000000 Pass
PHP Allow URL fopen N/A YES
PHP Disabled Functions N/A opcache_get_status,
PHP Exif Support N/A YES ( V8.1.)
PHP IPTC Support N/A YES
PHP Loaded Extensions N/A Core, PDO, PDO_ODBC, Phar, Reflection, SPL, SimpleXML, Zend OPcache, bcmath, bz2, calendar, cgi-fcgi, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, imagick, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, odbc, openssl, pcre, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, posix, pspell, redis, session, soap, sockets, sodium, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlwriter, xsl, zip, zlib
PHP Max Execution Time >=30 seconds 30 Pass
PHP Max Input Time >=30 seconds 60 Pass
PHP Memory Limit >=128M 256M Pass
PHP Post Max Size >=2M 128M Pass
PHP Safe Mode Disabled =true true Pass
PHP Upload Max Filesize >=2M 128M Pass
PHP Version >=7.0 8.1.12 Pass
PHP XML Support N/A YES
SSL Extension Enabled =true true Pass
SSL Warnings = empty Pass
### MySQL Required Detected Status ###
MySQL Client Encoding N/A utf8
MySQL Mode N/A ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
MySQL Version >=5.0 10.3.34-MariaDB-0ubuntu0.20.04.1 Pass
### Server Configuration Detected Value ###
Accept Content text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Charset Content N/A
Architecture 64 bit
Gateway Interface CGI/1.1
HTTPS ON
Memory Usage 4.02 MB
Operating System Linux
Request Time 1675848658
Server Protocol HTTP/1.0
Server self connect Not expected HTTP response body: 401 Authorization Required
Authorization Required
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.
Web Server at @domain_name@
Server Software Apache
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
### MainWP Dashboard Settings Detected Value ###
Abandoned plugins/themes tolerance 365
Basic uptime monitoring enabled Yes
Cache control enabled No
MainWP Dashboard Version Latest: 4.3.1 | Detected: 4.3.1 Pass
MainWP legacy backups enabled No
Maximum number of pages to return
Maximum number of posts to return
Maximum simultaneous install and update requests
Maximum simultaneous requests 4
Maximum simultaneous requests per ip1
Maximum simultaneous sync requests
Minimum delay between requests 200
Minimum delay between requests to the same ip1000
Number of child sites 52
Optimize for shared hosting or big networksNo
Plugin advanced automatic updates enabledYes
Primary backup system MainWP Legacy Backups
REST API enabled No
Site health monitoring enabled Yes
Theme advanced automatic updates enabledYes
Use WP Cron Yes
WP Core advanced automatic updates enabledYes
### Extensions Version License Status ###
MainWP Vulnerability Checker Extension4.1.2 Actived Pass
### Plugin Version Status ###
MainWP Dashboard 4.3.1 Active