v3.4.5

• Adds detection of wp-cron.php - #1299
• Handles uncaught exceptions when --password-attack was used but the XML-RPC was not detected - #1307
• Improves Debug Log and XML-RPC detections (via CMSSCanner 0.0.41.4)

v3.4.4

• Display enumeration methods (passive/aggressive) in output. (#1284)
• Improves WordPress detection when no clues are present in the homepage (#1277)
• Check for multi page results when gathering users via the WP JSON API (#1285 - Thanks to @melalj)

v3.4.3

• Updates dependencies and specs

v3.4.1

Fixes #1264

v3.4.0

Fixes #1246
Fixes #1245
Fixes #1242
Fixes #1244
Fixes #1241

v3.3.3

Fixes #1228
Fixes #1232
Fixes #1236
Fixes #1237

v3.3.2

• Adds a --hh cli option to display the full help. -h now displays a simplified help.

• Displays the release date of the WP version detected.

v3.3.1

Fixes #1215

3.3.0

v3.x is a brand new codebase with many new features and enhancements.

2.9.4

Released: 2018-06-15

• Updated dependencies and required ruby version
• Improved CLI output
• Only show readme.html output when wp <= 4.8 #1127
• Cleanup README.md
• Fix bug "undefined method 'identifier' for nil:NilClass" #1149
• Since WP 4.7 readme.html only shows major version #1152
• Add checks for humans.txt and security.text (Thank you @g0tmi1k!)
• Add offline database update support (Thank you @g0tmi1k!)
• Check for API access and /wp-json/'s users output (Thank you @g0tmi1k!)
• Add RSS author information (Thank you @g0tmi1k!)
• Check HTTP status of each value in /robots.txt (Thank you @g0tmi1k!)
• Follow any redirections (e.g. http -> https) (Thank you @g0tmi1k!)
• Lots of other enhancements by @g0tmi1k & WPScan Team
• Database export file enumeration.

WPScan Database Statistics:

• Total tracked wordpresses: 319
• Total tracked plugins: 74896
• Total tracked themes: 16666
• Total vulnerable wordpresses: 305
• Total vulnerable plugins: 1645
• Total vulnerable themes: 286
• Total wordpress vulnerabilities: 8327
• Total plugin vulnerabilities: 2603
• Total theme vulnerabilities: 352