wp_item.rb in wpscan-3.6.0

- old
+ new

@@ -7,10 +7,11 @@
       include Vulnerable
       include Finders::Finding
       include CMSScanner::Target::Platform::PHP
       include CMSScanner::Target::Server::Generic
 
+      # Most common readme filenames, based on checking all public plugins and themes.
       READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
 
       attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
 
       delegate :homepage_res, :xpath_pattern_from_page, :in_scope_uris, :head_or_get_params, to: :blog
@@ -115,16 +116,20 @@
       def readme_url
         return if detection_opts[:mode] == :passive
 
         return @readme_url unless @readme_url.nil?
 
-        READMES.each do |path|
+        potential_readme_filenames.each do |path|
           t_url = url(path)
 
           return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
         end
 
         @readme_url = false
+      end
+
+      def potential_readme_filenames
+        @potential_readme_filenames ||= READMES
       end
 
       # @param [ String ] path
       # @param [ Hash ] params The request params
       #