#!/bin/bash
HOSTING=~/www/hosting
LOG=~/scan_reports/vuln_check_$(date +%Y%m%d).txt
EXCLUDE="audreymaurel|AVEVE|imprimerieblachon|OSTEOBBOUDIN|ssl|non-wp"

> "$LOG"

for site in "$HOSTING"/*/; do
    name=$(basename "$site")
    [[ "$name" =~ ^($EXCLUDE)$ ]] && continue
    [ -f "$site/wp-config.php" ] || continue

    plugins=$(~/bin/wp plugin list --path="$site" --field=name --status=active 2>/dev/null)
    [ -z "$plugins" ] && continue

    while IFS= read -r slug; do
        [ -z "$slug" ] && continue
        version=$(~/bin/wp plugin get "$slug" --path="$site" --field=version 2>/dev/null)
        [ -z "$version" ] && continue

        resp=$(curl -s "https://www.wpvulnerability.net/plugin/$slug/")
        max_versions=$(echo "$resp" | grep -oP '"max_version":"[^"]*"' | sed 's/"max_version":"//;s/"//')

        for mv in $max_versions; do
            [ -z "$mv" ] && continue
            if [ "$(printf '%s\n%s' "$version" "$mv" | sort -V | head -1)" = "$version" ]; then
                echo "[$name] $slug v$version <= $mv VULNERABLE — https://www.wpvulnerability.net/plugin/$slug/" >> "$LOG"
            fi
        done
        sleep 1
    done <<< "$plugins"
done

cat "$LOG"
