Yet another box where things don't really work anymore as expected / intended.
wpscan doesn't recognize the jobmanager plugin as it seems to have when the box was released, not even with the 30min long deep-scan. This tool has undergone some major changes in "management" afaik in the last 2 years, not sure if that's the cause.
I also built myself a list of all wordpress plugins and ran wfuzz on the plugins dir, like
wfuzz ... /wp-content/plugins/FUZZ/index.php
Akismet was detected but not jobmanager.*
One more problem, wpscan reports 50(!) vulns for this box and prints them all out.
Yes, you can still see jobmanager in the source of the website, but searchsploit doesn't list the CVE.
All of that tripped me over pretty hard so I referred to some writeups, interesting enough some of them don't even show how to find the CVE.
Happy for thoughts and leaving this for the next man from google.
EDIT: * I found why, I built my list from the wordpress plugin registry and this plugin has been deleted a while ago. Anyone has a more complete list of wordpress themes and plugins?