i can’t seem to get the Vulnerability Extension working correctly using the WPScan DB.
i have created the API key on https://wpscan.com/ and entered it in the extension’s settings.
checking a site returns the message “Checked successfully!” and shows no vulnerabilites, but the check does not seem to be actually working. here is why:
- the tested site definitely has vulnerabilities, which are reported by the WPScan extension installed with the site.
- in the backend at wpscan.com, i do not see any usage of the API in the “API requests in the past 24 hours”.
- checking all (50+) sites in MainWP again results in “Checked successfully!” messages for all of them, but no vulnerabilites are shown (though there are definitely vulnerabilities present). and again these checks do not seem to count towards the daily API request limit of the used token.
do you have any idea, what could be wrong here? is this extension currently broken using WPScan DB? it seems to be working correctly using the MainWP NVD API.
best wishes and many thanks,
here is the system report:
### WordPress Check Required Detected Status ### FileSystem Method = direct direct Pass MultiSite Disabled =true true Pass WordPress Memory Limit >=64M 256M Pass WordPress Version >=3.6 6.1.1 Pass ### PHP Required Detected Status ### cURL Extension Enabled =true true Pass cURL SSL Version >=OpenSSL/1.1.0 OpenSSL/1.1.1f Pass cURL Timeout >=300 seconds 60 Warning cURL Version >=7.29.0 7.68.0 Pass PCRE Backtracking Limit >=10000 1000000 Pass PHP Allow URL fopen N/A YES PHP Disabled Functions N/A opcache_get_status, PHP Exif Support N/A YES ( V8.1.) PHP IPTC Support N/A YES PHP Loaded Extensions N/A Core, PDO, PDO_ODBC, Phar, Reflection, SPL, SimpleXML, Zend OPcache, bcmath, bz2, calendar, cgi-fcgi, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, imagick, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, odbc, openssl, pcre, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, posix, pspell, redis, session, soap, sockets, sodium, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlwriter, xsl, zip, zlib PHP Max Execution Time >=30 seconds 30 Pass PHP Max Input Time >=30 seconds 60 Pass PHP Memory Limit >=128M 256M Pass PHP Post Max Size >=2M 128M Pass PHP Safe Mode Disabled =true true Pass PHP Upload Max Filesize >=2M 128M Pass PHP Version >=7.0 8.1.12 Pass PHP XML Support N/A YES SSL Extension Enabled =true true Pass SSL Warnings = empty Pass ### MySQL Required Detected Status ### MySQL Client Encoding N/A utf8 MySQL Mode N/A ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION MySQL Version >=5.0 10.3.34-MariaDB-0ubuntu0.20.04.1 Pass ### Server Configuration Detected Value ### Accept Content text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Charset Content N/A Architecture 64 bit Gateway Interface CGI/1.1 HTTPS ON Memory Usage 4.02 MB Operating System Linux Request Time 1675848658 Server Protocol HTTP/1.0 Server self connect Not expected HTTP response body: 401 Authorization Required Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Web Server at @[email protected] Server Software Apache User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/18.104.22.168 Safari/537.36 ### MainWP Dashboard Settings Detected Value ### Abandoned plugins/themes tolerance 365 Basic uptime monitoring enabled Yes Cache control enabled No MainWP Dashboard Version Latest: 4.3.1 | Detected: 4.3.1 Pass MainWP legacy backups enabled No Maximum number of pages to return Maximum number of posts to return Maximum simultaneous install and update requests Maximum simultaneous requests 4 Maximum simultaneous requests per ip1 Maximum simultaneous sync requests Minimum delay between requests 200 Minimum delay between requests to the same ip1000 Number of child sites 52 Optimize for shared hosting or big networksNo Plugin advanced automatic updates enabledYes Primary backup system MainWP Legacy Backups REST API enabled No Site health monitoring enabled Yes Theme advanced automatic updates enabledYes Use WP Cron Yes WP Core advanced automatic updates enabledYes ### Extensions Version License Status ### MainWP Vulnerability Checker Extension4.1.2 Actived Pass ### Plugin Version Status ### MainWP Dashboard 4.3.1 Active