Release/1.2.2

CHANGELOG.md

@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [1.2.2] - 2024-11-20
+### Changed
+- Bump `actions/upload-artifact` from v3 to v4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#104](https://github.com/10up/wpcli-vulnerability-scanner/pull/104)).
+
+### Fixed
+- Ensure the final release contains the `composer.json` file so the plugin can be installed properly via WP-CLI (props [@burhandodhy](https://github.com/burhandodhy), [@iamdharmesh](https://github.com/iamdharmesh), [@felipeelia](https://github.com/felipeelia) via [#105](https://github.com/10up/wpcli-vulnerability-scanner/pull/105)).
+
 ## [1.2.1] - 2024-04-01
 ### Added
 - Introduce new filter, `vuln_skip_vulnerability_check`, that can be used to skip the vulnerability check for a specific vulnerability (props [@burhandodhy](https://github.com/burhandodhy), [@shahzaib10up](https://github.com/shahzaib10up), [@iamdharmesh](https://github.com/iamdharmesh) via [#101](https://github.com/10up/wpcli-vulnerability-scanner/pull/101)).
@@ -55,6 +62,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 ## [0.0.1] - 2016-06-02
 
 [Unreleased]: https://github.com/10up/wpcli-vulnerability-scanner/compare/trunk...develop
+[1.2.2]: https://github.com/10up/wpcli-vulnerability-scanner/compare/1.2.1...1.2.2
 [1.2.1]: https://github.com/10up/wpcli-vulnerability-scanner/compare/1.2.0...1.2.1
 [1.2.0]: https://github.com/10up/wpcli-vulnerability-scanner/compare/1.1.0...1.2.0
 [1.1.0]: https://github.com/10up/wpcli-vulnerability-scanner/compare/1.0.0...1.1.0

CREDITS.md

@@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Kailey Lampert (@trepmal)](https://github.com/trepmal), [Ritesh Patel (@Ritesh-patel)](https://github.com/Ritesh-patel), [Robert Lilly (@rclilly)](https://github.com/rclilly), [Steve Hulet (@hulet)](https://github.com/hulet), [Allan Collins (@allan23)](https://github.com/allan23), [Phil Banks (@phlbnks)](https://github.com/phlbnks), [Eugene Manuilov (@eugene-manuilov)](https://github.com/eugene-manuilov), [Vladimir Knobel (@vladox)](https://github.com/vladox), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Thorsten Ott (@tott)](https://github.com/tott), [Tyler Cherpak (@tylercherpak)](https://github.com/tylercherpak), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Rahul Prajapati (@rahulsprajapati)](https://github.com/rahulsprajapati), [Max Lyuchin (@cadic)](https://github.com/cadic), [Jozsef Kozo (@kojraai)](https://github.com/kojraai), [Chris Wiegman (@ChrisWiegman)](https://github.com/ChrisWiegman), [ssnepenthe (@ssnepenthe)](https://github.com/ssnepenthe), [Evan Tobin (@evantobin)](https://github.com/evantobin), [Victor Dieppa Garriga (@dieppon)](https://github.com/dieppon), [marek (@marekmaurizio)](https://github.com/marekmaurizio), [planetahuevo (@planetahuevo)](https://github.com/planetahuevo), [bo.johnson (@boyeatssteak)](https://github.com/boyeatssteak), [Erik Hausen (@ehausen)](https://github.com/ehausen), [Eduardo Aranda Hernández (@eduardoarandah)](https://github.com/eduardoarandah), [Angelo Rocha (@angelorock)](https://github.com/angelorock), [Frankie Bordone (@frankiebordone)](https://github.com/frankiebordone), [t2d (@t2d)](https://github.com/t2d), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Alexander Dimitrov (@randstring)](https://github.com/randstring), [Andrew Minion (@andrewminion-luminfire)](https://github.com/andrewminion-luminfire), [Russell F (@rfair404)](https://github.com/rfair404), [Sean Dietrich (@sean-e-dietrich)](https://github.com/sean-e-dietrich), [André Durão (@andredurao)](https://github.com/andredurao), [Ben Greeley (@bengreeley)](https://github.com/bengreeley), [Amit Singh (@thecancerus)](https://github.com/thecancerus), [Igor Radovanov (@igorradovanov)](https://github.com/igorradovanov), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Mohammed Razzaq (@MARQAS)](https://github.com/MARQAS), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Charles Sweethill (@wordfence)](https://github.com/wordfence), [Matt Barry (@barmat)](https://github.com/barmat), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Burhan Nasir (@burhandodhy)](https://github.com/burhandodhy), [Shahzaib Mushtaq (@shahzaib10up)](https://github.com/shahzaib10up), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/).
+[Kailey Lampert (@trepmal)](https://github.com/trepmal), [Ritesh Patel (@Ritesh-patel)](https://github.com/Ritesh-patel), [Robert Lilly (@rclilly)](https://github.com/rclilly), [Steve Hulet (@hulet)](https://github.com/hulet), [Allan Collins (@allan23)](https://github.com/allan23), [Phil Banks (@phlbnks)](https://github.com/phlbnks), [Eugene Manuilov (@eugene-manuilov)](https://github.com/eugene-manuilov), [Vladimir Knobel (@vladox)](https://github.com/vladox), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Thorsten Ott (@tott)](https://github.com/tott), [Tyler Cherpak (@tylercherpak)](https://github.com/tylercherpak), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Rahul Prajapati (@rahulsprajapati)](https://github.com/rahulsprajapati), [Max Lyuchin (@cadic)](https://github.com/cadic), [Jozsef Kozo (@kojraai)](https://github.com/kojraai), [Chris Wiegman (@ChrisWiegman)](https://github.com/ChrisWiegman), [ssnepenthe (@ssnepenthe)](https://github.com/ssnepenthe), [Evan Tobin (@evantobin)](https://github.com/evantobin), [Victor Dieppa Garriga (@dieppon)](https://github.com/dieppon), [marek (@marekmaurizio)](https://github.com/marekmaurizio), [planetahuevo (@planetahuevo)](https://github.com/planetahuevo), [bo.johnson (@boyeatssteak)](https://github.com/boyeatssteak), [Erik Hausen (@ehausen)](https://github.com/ehausen), [Eduardo Aranda Hernández (@eduardoarandah)](https://github.com/eduardoarandah), [Angelo Rocha (@angelorock)](https://github.com/angelorock), [Frankie Bordone (@frankiebordone)](https://github.com/frankiebordone), [t2d (@t2d)](https://github.com/t2d), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Alexander Dimitrov (@randstring)](https://github.com/randstring), [Andrew Minion (@andrewminion-luminfire)](https://github.com/andrewminion-luminfire), [Russell F (@rfair404)](https://github.com/rfair404), [Sean Dietrich (@sean-e-dietrich)](https://github.com/sean-e-dietrich), [André Durão (@andredurao)](https://github.com/andredurao), [Ben Greeley (@bengreeley)](https://github.com/bengreeley), [Amit Singh (@thecancerus)](https://github.com/thecancerus), [Igor Radovanov (@igorradovanov)](https://github.com/igorradovanov), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Mohammed Razzaq (@MARQAS)](https://github.com/MARQAS), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Charles Sweethill (@wordfence)](https://github.com/wordfence), [Matt Barry (@barmat)](https://github.com/barmat), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Ben Marshall (@bmarshall511)](https://github.com/bmarshall511), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Burhan Nasir (@burhandodhy)](https://github.com/burhandodhy), [Shahzaib Mushtaq (@shahzaib10up)](https://github.com/shahzaib10up), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Felipe Elia (@felipeelia)](https://github.com/felipeelia).
 
 ## Libraries
 

features/vuln-wordfence.feature

@@ -19,8 +19,11 @@ Feature: Test WP-CLI Features with Wordfence API.
     When I run `wp vuln plugin-check wppizza wordpress-seo`
     Then STDOUT should end with a table containing rows:
       | name          | installed version | status                                                      | fixed in                | severity |
-      | wppizza       | 0                 | WPPizza <= 3.17.1 - Reflected Cross-Site Scripting | 3.17.2 | Medium 6.1/10 |
+      | wppizza       | 0                 | WPPizza – A Restaurant Plugin <= 3.18.13 - Reflected Cross-Site Scripting | 3.18.14 | Medium 6.1/10 |
+      | | 0                 | WPPizza <= 3.17.1 - Reflected Cross-Site Scripting | 3.17.2 | Medium 6.1/10 |
       | | 0                 | PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting | 2.11.8.18 | Medium 6.1/10 |
+      | | 0                 | WPPizza <= 3.18.2 - Reflected Cross-Site Scripting | 3.18.3 | Medium 6.1/10 |
+      | | 0                 | WPPizza <= 3.18.10 - Missing Authorization | 3.18.11 | Medium 4.3/10 |
       | wordpress-seo | 0                 | Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting | 3.4.1 | Medium 5.4/10 |
 
 
@@ -99,7 +102,7 @@ Feature: Test WP-CLI Features with Wordfence API.
 
     When I run `wp vuln theme-status --no-color`
     Then STDOUT should end with a table containing rows:
-      | name          | installed version | status                                                        | introduced in | fixed in  | severity | 
+      | name          | installed version | status                                                        | introduced in | fixed in  | severity |
       | twentyfifteen | 1.2               | No vulnerabilities reported for this version of twentyfifteen | n/a           | n/a  | n/a      |
 
     When I run `wp vuln theme-status --porcelain`

wpcli-vulnerability-scanner.php

@@ -3,7 +3,7 @@
  * Plugin Name:       10up WP-CLI Vulnerability Scanner
  * Plugin URI:        https://github.com/10up/wpcli-vulnerability-scanner
  * Description:       WP-CLI command only. Check WordPress code, installed plugins and themes for vulnerabilities.
- * Version:           1.2.1
+ * Version:           1.2.2
  * Requires at least: 5.7
  * Requires PHP:      7.0
  * Tested up to:      6.1