top of page
Search

Fixing WPScan's "uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger" Error

  • Writer: Christopher Essien
    Christopher Essien
  • Mar 16
  • 2 min read

WPScan is a powerful WordPress security scanner used by ethical hackers and security professionals to identify vulnerabilities in WordPress sites. However, like many tools dependent on Ruby gems, it sometimes runs into compatibility issues. One such issue that I recently faced was the following error:

ugh :(
ugh :(
uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger (NameError)

This error prevented WPScan from running, and after some troubleshooting, I discovered that the issue was related to the concurrent-ruby gem version.

Understanding the Issue

WPScan relies on multiple dependencies, including activesupport and concurrent-ruby. The error occurs because WPScan (or its dependencies) is expecting a particular version of concurrent-ruby, but a newer version introduces changes that break compatibility.

The Problematic Version:

  • The error started appearing after installing or updating concurrent-ruby to version 1.3.5.

  • WPScan, or one of its dependencies, does not work well with this version.

The solution is to downgrade to an earlier, stable version.


How to Fix the Error

Follow these steps to resolve the issue:

1. Install a Stable Version of concurrent-ruby

installing a slightly outdated stable version
installing a slightly outdated stable version

gem install concurrent-ruby -v 1.3.4

This ensures that WPScan uses a version that works properly with its dependencies.

2. Uninstall the Problematic Version

uninstalling the current but peoblematic version
uninstalling the current but peoblematic version

gem uninstall concurrent-ruby -v 1.3.5

This removes the conflicting version and prevents WPScan from mistakenly using it.

3. Verify the Fix

Try running WPScan again:

YaaaaY!!! I can enumerate those WordPress CTFs on TryHackMe now :)
YaaaaY!!! I can enumerate those WordPress CTFs on TryHackMe now :)
wpscan -h

If everything is set up correctly, WPScan should now work without throwing the error.


Key Takeaways

  • Dependency management is crucial: Always be mindful of the versions of gems used in security tools.

  • Latest isn't always the best: While updates bring new features and security patches, they can sometimes break compatibility.

  • Troubleshooting is a skill: Debugging errors like this helps in understanding how tools and their dependencies interact.


Conclusion

This was an interesting challenge that reminded me of the importance of managing dependencies properly. I hope this guide helps anyone facing the same issue with WPScan.


 
 
 

Commenti

  • Discord
  • LinkedIn
  • Instagram
  • X

© 2023 Tofa Security

Subscribe for Tofa Security Updates!

Thanks for submitting!

bottom of page