{"uuid": "a3a08a05-a0fe-4caf-b080-c5e1185ce942", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-8943", "type": "seen", "source": "https://gist.github.com/tu-trinh-scale/3a2d0268d6f05f5966594b395155d0cc", "content": "diff --git a/contrib/wordpress/fixtures/dev/wp-staging.toml b/contrib/wordpress/fixtures/dev/wp-staging.toml\nindex 59d0b4b..9f7917a 100644\n--- a/contrib/wordpress/fixtures/dev/wp-staging.toml\n+++ b/contrib/wordpress/fixtures/dev/wp-staging.toml\n@@ -1,7 +1,7 @@\n [servers.wp-staging]\n host = \"10.0.1.50\"\n scanModules = [\"wordpress\"]\n-ignoreCves = []\n+ignoreCves = [\"CVE-2019-8943\"]\n \n [servers.wp-staging.wordpress]\n osUser = \"www-data\"\ndiff --git a/detector/wordpress.go b/detector/wordpress.go\nindex 0aabcdb..90bb50b 100644\n--- a/detector/wordpress.go\n+++ b/detector/wordpress.go\n@@ -6,6 +6,7 @@ import (\n \t\"fmt\"\n \t\"io/ioutil\"\n \t\"net/http\"\n+\t\"net/http/httputil\"\n \t\"strings\"\n \t\"time\"\n \n@@ -55,16 +56,23 @@ func detectWordPressCves(r *models.ScanResult, cnf *c.WpScanConf) (int, error) {\n \t\treturn 0, nil\n \t}\n \t// Core\n-\tver := strings.Replace(r.WordPressPackages.CoreVersion(), \".\", \"\", -1)\n-\tif ver == \"\" {\n+\tcoreVer := r.WordPressPackages.CoreVersion()\n+\tapiVer := strings.Replace(coreVer, \".\", \"\", -1)\n+\tif apiVer == \"\" {\n \t\treturn 0, errof.New(errof.ErrFailedToAccessWpScan,\n \t\t\tfmt.Sprintf(\"Failed to get WordPress core version.\"))\n \t}\n-\turl := fmt.Sprintf(\"https://wpscan.com/api/v3/wordpresses/%s\", ver)\n-\twpVinfos, err := wpscan(url, ver, cnf.Token)\n+\turl := fmt.Sprintf(\"https://wpscan.com/api/v3/wordpresses/%s\", apiVer)\n+\tcoreCandidates, err := wpscan(url, models.WPCore, cnf.Token)\n \tif err != nil {\n \t\treturn 0, err\n \t}\n+\tcorePkg := models.WpPackage{\n+\t\tName:    models.WPCore,\n+\t\tVersion: coreVer,\n+\t\tType:    models.WPCore,\n+\t}\n+\twpVinfos := detect(corePkg, coreCandidates)\n \n \t// Themes\n \tthemes := r.WordPressPackages.Themes()\n@@ -233,6 +241,12 @@ func httpRequest(url, token string) (string, error) {\n \t}\n \tresp, err := client.Do(req)\n \tif err != nil {\n+\t\tdump, dumpErr := httputil.DumpRequestOut(req, true)\n+\t\tif dumpErr != nil {\n+\t\t\tlogging.Log.Warnf(\"Failed to dump request: %s\", dumpErr)\n+\t\t} else {\n+\t\t\tlogging.Log.Warnf(\"Request dump:\\n%s\", string(dump))\n+\t\t}\n \t\treturn \"\", errof.New(errof.ErrFailedToAccessWpScan,\n \t\t\tfmt.Sprintf(\"Failed to access to wpscan.com. err: %s\", err))\n \t}\n@@ -248,8 +262,23 @@ func httpRequest(url, token string) (string, error) {\n \t\t// This package is not in wpscan\n \t\treturn \"\", nil\n \t} else if resp.StatusCode == 429 {\n+\t\tdump, dumpErr := httputil.DumpRequestOut(req, true)\n+\t\tif dumpErr != nil {\n+\t\t\tlogging.Log.Warnf(\"Failed to dump request: %s\", dumpErr)\n+\t\t} else {\n+\t\t\tlogging.Log.Warnf(\"Request dump:\\n%s\", string(dump))\n+\t\t}\n \t\treturn \"\", errof.New(errof.ErrWpScanAPILimitExceeded,\n \t\t\tfmt.Sprintf(\"wpscan.com API limit exceeded: %+v\", resp.Status))\n+\t} else if resp.StatusCode == 401 {\n+\t\tdump, dumpErr := httputil.DumpRequestOut(req, true)\n+\t\tif dumpErr != nil {\n+\t\t\tlogging.Log.Warnf(\"Failed to dump request: %s\", dumpErr)\n+\t\t} else {\n+\t\t\tlogging.Log.Warnf(\"Request dump:\\n%s\", string(dump))\n+\t\t}\n+\t\treturn \"\", errof.New(errof.ErrFailedToAccessWpScan,\n+\t\t\tfmt.Sprintf(\"wpscan.com authentication failed: %+v\", resp.Status))\n \t} else {\n \t\tlogging.Log.Warnf(\"wpscan.com unknown status code: %+v\", resp.Status)\n \t\treturn \"\", nil\ndiff --git a/models/vulninfos.go b/models/vulninfos.go\nindex 8ea0567..530c6aa 100644\n--- a/models/vulninfos.go\n+++ b/models/vulninfos.go\n@@ -3,10 +3,12 @@ package models\n import (\n \t\"bytes\"\n \t\"fmt\"\n+\t\"regexp\"\n \t\"sort\"\n \t\"strings\"\n \t\"time\"\n \n+\t\"github.com/future-architect/vuls/logging\"\n \texploitmodels \"github.com/vulsio/go-exploitdb/models\"\n )\n \n@@ -25,6 +27,82 @@ func (v VulnInfos) Find(f func(VulnInfo) bool) VulnInfos {\n \treturn filtered\n }\n \n+// FilterByCvssOver returns VulnInfos that have CVSS score &gt;= over\n+func (v VulnInfos) FilterByCvssOver(over float64) VulnInfos {\n+\treturn v.Find(func(vv VulnInfo) bool {\n+\t\treturn over &lt;= vv.MaxCvssScore().Value.Score\n+\t})\n+}\n+\n+// FilterIgnoreCves returns VulnInfos excluding the given CVE IDs\n+func (v VulnInfos) FilterIgnoreCves(ignoreCveIDs []string) VulnInfos {\n+\treturn v.Find(func(vv VulnInfo) bool {\n+\t\tfor _, c := range ignoreCveIDs {\n+\t\t\tif vv.CveID == c {\n+\t\t\t\treturn false\n+\t\t\t}\n+\t\t}\n+\t\treturn true\n+\t})\n+}\n+\n+// FilterUnfixed returns VulnInfos, if ignoreUnfixed is true, it excludes\n+// CVEs where all affected packages are not fixed yet.\n+// CVEs detected by CPE are always included since fix status is unknown.\n+func (v VulnInfos) FilterUnfixed(ignoreUnfixed bool) VulnInfos {\n+\tif !ignoreUnfixed {\n+\t\treturn v\n+\t}\n+\treturn v.Find(func(vv VulnInfo) bool {\n+\t\t// Report cves detected by CPE because Vuls can't know 'fixed' or 'unfixed'\n+\t\tif len(vv.CpeURIs) != 0 {\n+\t\t\treturn true\n+\t\t}\n+\t\tNotFixedAll := true\n+\t\tfor _, p := range vv.AffectedPackages {\n+\t\t\tNotFixedAll = NotFixedAll &amp;&amp; p.NotFixedYet\n+\t\t}\n+\t\treturn !NotFixedAll\n+\t})\n+}\n+\n+// FilterIgnorePkgs returns VulnInfos excluding CVEs where all affected\n+// packages match any of the provided regexps.\n+// Invalid regexps are logged as warnings and skipped.\n+func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) VulnInfos {\n+\tregexps := []*regexp.Regexp{}\n+\tfor _, pkgRegexp := range ignorePkgsRegexps {\n+\t\tre, err := regexp.Compile(pkgRegexp)\n+\t\tif err != nil {\n+\t\t\tlogging.Log.Warnf(\"Failed to parse %s. err: %+v\", pkgRegexp, err)\n+\t\t\tcontinue\n+\t\t} else {\n+\t\t\tregexps = append(regexps, re)\n+\t\t}\n+\t}\n+\tif len(regexps) == 0 {\n+\t\treturn v\n+\t}\n+\n+\treturn v.Find(func(vv VulnInfo) bool {\n+\t\tif len(vv.AffectedPackages) == 0 {\n+\t\t\treturn true\n+\t\t}\n+\t\tfor _, p := range vv.AffectedPackages {\n+\t\t\tmatch := false\n+\t\t\tfor _, re := range regexps {\n+\t\t\t\tif re.MatchString(p.Name) {\n+\t\t\t\t\tmatch = true\n+\t\t\t\t}\n+\t\t\t}\n+\t\t\tif !match {\n+\t\t\t\treturn true\n+\t\t\t}\n+\t\t}\n+\t\treturn false\n+\t})\n+}\n+\n // FindScoredVulns return scored vulnerabilities\n func (v VulnInfos) FindScoredVulns() VulnInfos {\n \treturn v.Find(func(vv VulnInfo) bool {\n", "creation_timestamp": "2026-06-29T23:41:49.877559Z"}