False Negative

[MartinDeBeer]

Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.

Subject of the issue

I just tried to scan a website for a bug bounty, but it keeps telling me that the site is not written in WordPress even though I can see that it is by going into the source code.

Your environment

• Version of WPScan: Current Version: 3.8.25
• Version of Ruby: ruby 3.1.2p20
• Operating System (OS): kali OS

Steps to reproduce

1. command: wpscan --url website
2. command: wpscan --url website --force -e vp,vt,cb,dbe it with --wp-content-dir, use the --scope option or make sure the --url
3. command: wpscan --url website --force -e vp,vt,cb,dbe --wp-content-dir website/wp-content

Expected behavior

There are at least 2 of the plugins that I checked on the wpscan website if they are vulnerable and the website said they are

Actual behavior

1. returns Scan Aborted: The remote website is up, but does not seem to be running WordPress.
2. returns Scan Aborted: Unable to identify the wp-content dir, please supply value given is the correct one
3. returns Could not detect version, no plugins found, no themes found, no config backups found and no DB exports found

What have you already tried

Tell us what you have already tried to do to fix the issue you are having.

Things you have tried (where relevant):

• Update WPScan to the latest version [x ]
• Update Ruby to the latest version [x ]
• Ensure you can reach the target site using cURL [x ]
• Proxied WPScan through a HTTP proxy to view the raw traffic [ ]
• Ensure you are using a supported Operating System (Linux and macOS) [x ]