feat: add WordPress HTTP fingerprinter

[kanbru]

Summary

• Add WordPress CMS fingerprinter to Nerva's HTTP fingerprinting pipeline
• Multi-signal detection: Link header (api.w.org), body markers (wp-content/, wp-includes/), REST API probe (/wp-json/wp/v2/)
• Version extraction from <meta name="generator"> tag with regex validation against CPE injection
• Plugin/theme slug detection from wp-content/plugins/ and wp-content/themes/ paths stored in metadata
• CPE: cpe:2.3:a:wordpress:wordpress:{version}:*:*:*:*:*:*:*

Motivation

WordPress CMS is widespread in the Allegion estate (39+ hosts across brand domains) but invisible to Nerva. Plugin-level CVEs (like Bricks Builder CVE-2024-2473) can't CPE-match without technology detection.

Test plan

• 18 unit tests (Name, ProbeEndpoint, Match, Fingerprint_Valid, Fingerprint_Invalid, BuildCPE, Integration)
• CPE injection prevention validated (four-component version rejected by regex)
• Live validation against WordPress 6.9.4 Docker instance — version, theme, and CPE correctly extracted
• Full fingerprinters test suite regression check passes
• go build, go vet clean

🤖 Generated with Claude Code

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.