Page MenuHomePhabricator
Files F57282808

wpscan20240820_after.txt
stefano.cannillo (Stefano Cannillo)
Actions

Authored By
stefano.cannillo
Aug 20 2024, 3:57 PM
Size
10 KB
Referenced Files
None
Subscribers
None

wpscan20240820_after.txt
View Options

_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.22
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[+] URL: https://www.wikimedia.it/ [51.75.90.142]
[+] Started: Tue Aug 20 17:41:07 2024
Interesting Finding(s):
[+] Headers
| Interesting Entry: Server: Apache/2.4.38 (Debian)
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] robots.txt found: https://www.wikimedia.it/robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] This site has 'Must Use Plugins': https://www.wikimedia.it/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins
[+] The external WP-Cron seems to be enabled: https://www.wikimedia.it/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
Fingerprinting the version - Time: 00:00:20 <================================================================================================================================> (702 / 702) 100.00% Time: 00:00:20
[i] The WordPress version could not be detected.
[+] WordPress theme in use: betheme
| Location: https://www.wikimedia.it/wp-content/themes/betheme/
| Last Updated: 2024-07-31T19:24:02.000Z
| Readme: https://www.wikimedia.it/wp-content/themes/betheme/readme.txt
| [!] The version is out of date, the latest version is 27.5.3
| Style URL: https://www.wikimedia.it/wp-content/themes/betheme/style.css
| Style Name: Betheme
| Style URI: https://themes.muffingroup.com/betheme/
| Description: The biggest WordPress Theme ever...
| Author: Muffin group
| Author URI: https://muffingroup.com/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 27.4.3 (80% confidence)
| Found By: Style (Passive Detection)
| - https://www.wikimedia.it/wp-content/themes/betheme/style.css, Match: 'Version: 27.4.3'
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
[i] Plugin(s) Identified:
[+] addon-elements-for-elementor-page-builder
| Location: https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/
| Latest Version: 1.13.6 (up to date)
| Last Updated: 2024-06-25T05:42:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.13.6 (50% confidence)
| Found By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt
[+] elementor
| Location: https://www.wikimedia.it/wp-content/plugins/elementor/
| Latest Version: 3.23.4 (up to date)
| Last Updated: 2024-08-05T10:50:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.23.4 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.wikimedia.it/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.23.4
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/elementor/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/elementor/readme.txt
[+] essential-addons-for-elementor-lite
| Location: https://www.wikimedia.it/wp-content/plugins/essential-addons-for-elementor-lite/
| Latest Version: 6.0.1 (up to date)
| Last Updated: 2024-08-19T10:56:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 6.0.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt
[+] gdpr-cookie-compliance
| Location: https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/
| Latest Version: 4.15.2 (up to date)
| Last Updated: 2024-07-08T10:22:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.15.2 (90% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.15.2
| Confirmed By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/readme.txt
[+] gravityforms
| Location: https://www.wikimedia.it/wp-content/plugins/gravityforms/
| Last Updated: 2024-08-13T00:00:00.000Z
| [!] The version is out of date, the latest version is 2.8.16
|
| Found By: Urls In 404 Page (Passive Detection)
|
| Version: 2.7.12 (90% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.wikimedia.it/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.7.12
| - https://www.wikimedia.it/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.7.12
| - https://www.wikimedia.it/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.7.12
| Confirmed By: Change Log (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/gravityforms/change_log.txt, Match: '### 2.7.12'
[+] js_composer
| Location: https://www.wikimedia.it/wp-content/plugins/js_composer/
| Last Updated: 2024-07-24T02:32:11.000Z
| [!] The version is out of date, the latest version is 7.8
|
| Found By: Body Tag (Passive Detection)
|
| [!] 3 vulnerabilities identified:
|
| [!] Title: WPBakery Page Builder < 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute
| Fixed in: 7.7
| References:
| - https://wpscan.com/vulnerability/3b067a13-ee58-44c9-80af-ae04af6256c8
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5265
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/35a5114e-5c5f-4003-8bb3-77243ffbac1a
|
| [!] Title: WPBakery < 7.8 - Authenticated (Author+) Stored Cross-Site Scripting
| Fixed in: 7.8
| References:
| - https://wpscan.com/vulnerability/992e5d47-e290-420a-adf8-f552a929e51d
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5708
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/23ff12f0-eb9d-4bb3-8db0-0e794c0f0594
|
| [!] Title: WPBakery < 7.8 - Authenticated (Author+) Local File Inclusion
| Fixed in: 7.8
| References:
| - https://wpscan.com/vulnerability/6e3e1944-67f7-405e-ae4f-f0ab8c6c9acd
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5709
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fad30c8-fd8a-4cf2-a3aa-16a374231b87
|
| Version: 7.6 (60% confidence)
| Found By: Body Tag (Passive Detection)
| - https://www.wikimedia.it/, Match: 'js-comp-ver-7.6'
[+] smart-slider-3
| Location: https://www.wikimedia.it/wp-content/plugins/smart-slider-3/
| Latest Version: 3.5.1.23 (up to date)
| Last Updated: 2024-04-11T14:11:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
|
| Version: 3.5.1.23 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt
[+] w3-total-cache
| Location: https://www.wikimedia.it/wp-content/plugins/w3-total-cache/
| Latest Version: 2.7.5 (up to date)
| Last Updated: 2024-08-07T17:08:00.000Z
|
| Found By: Comment Debug Info (Passive Detection)
|
| Version: 2.7.5 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt
[+] wordpress-seo
| Location: https://www.wikimedia.it/wp-content/plugins/wordpress-seo/
| Latest Version: 23.3 (up to date)
| Last Updated: 2024-08-20T07:39:00.000Z
|
| Found By: Comment (Passive Detection)
|
| Version: 23.3 (100% confidence)
| Found By: Comment (Passive Detection)
| - https://www.wikimedia.it/, Match: 'optimized with the Yoast SEO plugin v23.3 -'
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:09 <==================================================================================================================================> (137 / 137) 100.00% Time: 00:00:09
[i] No Config Backups Found.
[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 10
| Requests Remaining: 4
[+] Finished: Tue Aug 20 17:41:53 2024
[+] Requests Done: 1483
[+] Cached Requests: 8
[+] Data Sent: 473.021 KB
[+] Data Received: 31.929 MB
[+] Memory used: 275.719 MB
[+] Elapsed time: 00:00:45

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18763540
Default Alt Text
wpscan20240820_after.txt (10 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits